Created
August 4, 2021 06:13
-
-
Save ankitdevnalkar/c7df2a438c4870532ad31fc1241f320e to your computer and use it in GitHub Desktop.
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "cloud-audit-aws-2021.07" : { | |
| "mappings" : { | |
| "_meta" : { | |
| "beat" : "filebeat", | |
| "version" : "7.9.1" | |
| }, | |
| "dynamic_templates" : [ | |
| { | |
| "labels" : { | |
| "path_match" : "labels.*", | |
| "match_mapping_type" : "string", | |
| "mapping" : { | |
| "type" : "keyword" | |
| } | |
| } | |
| }, | |
| { | |
| "container.labels" : { | |
| "path_match" : "container.labels.*", | |
| "match_mapping_type" : "string", | |
| "mapping" : { | |
| "type" : "keyword" | |
| } | |
| } | |
| }, | |
| { | |
| "dns.answers" : { | |
| "path_match" : "dns.answers.*", | |
| "match_mapping_type" : "string", | |
| "mapping" : { | |
| "type" : "keyword" | |
| } | |
| } | |
| }, | |
| { | |
| "log.syslog" : { | |
| "path_match" : "log.syslog.*", | |
| "match_mapping_type" : "string", | |
| "mapping" : { | |
| "type" : "keyword" | |
| } | |
| } | |
| }, | |
| { | |
| "network.inner" : { | |
| "path_match" : "network.inner.*", | |
| "match_mapping_type" : "string", | |
| "mapping" : { | |
| "type" : "keyword" | |
| } | |
| } | |
| }, | |
| { | |
| "observer.egress" : { | |
| "path_match" : "observer.egress.*", | |
| "match_mapping_type" : "string", | |
| "mapping" : { | |
| "type" : "keyword" | |
| } | |
| } | |
| }, | |
| { | |
| "observer.ingress" : { | |
| "path_match" : "observer.ingress.*", | |
| "match_mapping_type" : "string", | |
| "mapping" : { | |
| "type" : "keyword" | |
| } | |
| } | |
| }, | |
| { | |
| "fields" : { | |
| "path_match" : "fields.*", | |
| "match_mapping_type" : "string", | |
| "mapping" : { | |
| "type" : "keyword" | |
| } | |
| } | |
| }, | |
| { | |
| "docker.container.labels" : { | |
| "path_match" : "docker.container.labels.*", | |
| "match_mapping_type" : "string", | |
| "mapping" : { | |
| "type" : "keyword" | |
| } | |
| } | |
| }, | |
| { | |
| "kubernetes.labels.*" : { | |
| "path_match" : "kubernetes.labels.*", | |
| "mapping" : { | |
| "type" : "keyword" | |
| } | |
| } | |
| }, | |
| { | |
| "kubernetes.annotations.*" : { | |
| "path_match" : "kubernetes.annotations.*", | |
| "mapping" : { | |
| "type" : "keyword" | |
| } | |
| } | |
| }, | |
| { | |
| "docker.attrs" : { | |
| "path_match" : "docker.attrs.*", | |
| "match_mapping_type" : "string", | |
| "mapping" : { | |
| "type" : "keyword" | |
| } | |
| } | |
| }, | |
| { | |
| "azure.activitylogs.identity.claims.*" : { | |
| "path_match" : "azure.activitylogs.identity.claims.*", | |
| "mapping" : { | |
| "type" : "keyword" | |
| } | |
| } | |
| }, | |
| { | |
| "kibana.log.meta" : { | |
| "path_match" : "kibana.log.meta.*", | |
| "match_mapping_type" : "string", | |
| "mapping" : { | |
| "type" : "keyword" | |
| } | |
| } | |
| }, | |
| { | |
| "strings_as_keyword" : { | |
| "match_mapping_type" : "string", | |
| "mapping" : { | |
| "ignore_above" : 1024, | |
| "type" : "keyword" | |
| } | |
| } | |
| } | |
| ], | |
| "date_detection" : false, | |
| "properties" : { | |
| "@timestamp" : { | |
| "type" : "date" | |
| }, | |
| "@version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Priority" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Signal" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "activemq" : { | |
| "properties" : { | |
| "audit" : { | |
| "type" : "object" | |
| }, | |
| "caller" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "log" : { | |
| "properties" : { | |
| "stack_trace" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "thread" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "user" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "addendum" : { | |
| "properties" : { | |
| "reason" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "additionalEventData" : { | |
| "properties" : { | |
| "AuthenticationMethod" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "CipherSuite" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "LoginTo" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "MFAUsed" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "MobileVersion" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Note" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "SamlProviderArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "SignatureVersion" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "bytesTransferredIn" : { | |
| "type" : "long" | |
| }, | |
| "bytesTransferredOut" : { | |
| "type" : "long" | |
| }, | |
| "grantId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "service" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "x-amz-id-2" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "agent" : { | |
| "properties" : { | |
| "ephemeral_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "hostname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "apache" : { | |
| "properties" : { | |
| "access" : { | |
| "properties" : { | |
| "ssl" : { | |
| "properties" : { | |
| "cipher" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "protocol" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "error" : { | |
| "properties" : { | |
| "module" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "apache2" : { | |
| "properties" : { | |
| "access" : { | |
| "properties" : { | |
| "geoip" : { | |
| "type" : "object" | |
| }, | |
| "user_agent" : { | |
| "type" : "object" | |
| } | |
| } | |
| }, | |
| "error" : { | |
| "type" : "object" | |
| } | |
| } | |
| }, | |
| "apiVersion" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "as" : { | |
| "properties" : { | |
| "number" : { | |
| "type" : "long" | |
| }, | |
| "organization" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "auditd" : { | |
| "properties" : { | |
| "log" : { | |
| "properties" : { | |
| "a0" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "addr" : { | |
| "type" : "ip" | |
| }, | |
| "geoip" : { | |
| "type" : "object" | |
| }, | |
| "item" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "items" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "laddr" : { | |
| "type" : "ip" | |
| }, | |
| "lport" : { | |
| "type" : "long" | |
| }, | |
| "new_auid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "new_ses" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "old_auid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "old_ses" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rport" : { | |
| "type" : "long" | |
| }, | |
| "sequence" : { | |
| "type" : "long" | |
| }, | |
| "tty" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "aws" : { | |
| "properties" : { | |
| "cloudtrail" : { | |
| "properties" : { | |
| "additional_eventdata" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "api_version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "console_login" : { | |
| "properties" : { | |
| "additional_eventdata" : { | |
| "properties" : { | |
| "login_to" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mfa_used" : { | |
| "type" : "boolean" | |
| }, | |
| "mobile_version" : { | |
| "type" : "boolean" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "error_code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "error_message" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "event_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "event_version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "flattened" : { | |
| "properties" : { | |
| "additional_eventdata" : { | |
| "type" : "flattened" | |
| }, | |
| "request_parameters" : { | |
| "type" : "flattened" | |
| }, | |
| "response_elements" : { | |
| "type" : "flattened" | |
| }, | |
| "service_event_details" : { | |
| "type" : "flattened" | |
| } | |
| } | |
| }, | |
| "management_event" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "read_only" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "recipient_account_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "request_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "request_parameters" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "resources" : { | |
| "properties" : { | |
| "account_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "arn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "response_elements" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "service_event_details" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "shared_event_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "user_identity" : { | |
| "properties" : { | |
| "access_key_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "arn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "invoked_by" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "session_context" : { | |
| "properties" : { | |
| "creation_date" : { | |
| "type" : "date" | |
| }, | |
| "mfa_authenticated" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "session_issuer" : { | |
| "properties" : { | |
| "account_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "arn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "principal_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "vpc_endpoint_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "cloudwatch" : { | |
| "properties" : { | |
| "message" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "ec2" : { | |
| "properties" : { | |
| "ip_address" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "elb" : { | |
| "properties" : { | |
| "action_executed" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "backend" : { | |
| "properties" : { | |
| "http" : { | |
| "properties" : { | |
| "response" : { | |
| "properties" : { | |
| "status_code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "ip" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "port" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "backend_processing_time" : { | |
| "properties" : { | |
| "sec" : { | |
| "type" : "float" | |
| } | |
| } | |
| }, | |
| "chosen_cert" : { | |
| "properties" : { | |
| "arn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "serial" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "connection_time" : { | |
| "properties" : { | |
| "ms" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "error" : { | |
| "properties" : { | |
| "reason" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "incoming_tls_alert" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "listener" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "matched_rule_priority" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "protocol" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "redirect_url" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "request_processing_time" : { | |
| "properties" : { | |
| "sec" : { | |
| "type" : "float" | |
| } | |
| } | |
| }, | |
| "response_processing_time" : { | |
| "properties" : { | |
| "sec" : { | |
| "type" : "float" | |
| } | |
| } | |
| }, | |
| "ssl_cipher" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ssl_protocol" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "target_group" : { | |
| "properties" : { | |
| "arn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "tls_handshake_time" : { | |
| "properties" : { | |
| "ms" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "tls_named_group" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "trace_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "s3" : { | |
| "properties" : { | |
| "bucket" : { | |
| "properties" : { | |
| "arn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "object" : { | |
| "properties" : { | |
| "key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "s3access" : { | |
| "properties" : { | |
| "authentication_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "bucket" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "bucket_owner" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "bytes_sent" : { | |
| "type" : "long" | |
| }, | |
| "cipher_suite" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "error_code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "host_header" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "host_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "http_status" : { | |
| "type" : "long" | |
| }, | |
| "key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "object_size" : { | |
| "type" : "long" | |
| }, | |
| "operation" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "referrer" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "remote_ip" : { | |
| "type" : "ip" | |
| }, | |
| "request_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "request_uri" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "requester" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "signature_version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tls_version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "total_time" : { | |
| "type" : "long" | |
| }, | |
| "turn_around_time" : { | |
| "type" : "long" | |
| }, | |
| "user_agent" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "version_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "vpcflow" : { | |
| "properties" : { | |
| "account_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "action" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "instance_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "interface_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "log_status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "pkt_dstaddr" : { | |
| "type" : "ip" | |
| }, | |
| "pkt_srcaddr" : { | |
| "type" : "ip" | |
| }, | |
| "subnet_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tcp_flags" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vpc_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "awsRegion" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "awscloudwatch" : { | |
| "properties" : { | |
| "ingestion_time" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "log_group" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "log_stream" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "azure" : { | |
| "properties" : { | |
| "activitylogs" : { | |
| "properties" : { | |
| "category" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "event_category" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "identity" : { | |
| "properties" : { | |
| "authorization" : { | |
| "properties" : { | |
| "action" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "evidence" : { | |
| "properties" : { | |
| "principal_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "principal_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "role" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "role_assignment_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "role_assignment_scope" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "role_definition_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "scope" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "claims" : { | |
| "properties" : { | |
| "*" : { | |
| "type" : "object" | |
| } | |
| } | |
| }, | |
| "claims_initiated_by_user" : { | |
| "properties" : { | |
| "fullname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "givenname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "schema" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "surname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "operation_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "properties" : { | |
| "properties" : { | |
| "service_request_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "status_code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "result_signature" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "result_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "auditlogs" : { | |
| "properties" : { | |
| "category" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "identity" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "operation_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "operation_version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "properties" : { | |
| "properties" : { | |
| "activity_datetime" : { | |
| "type" : "date" | |
| }, | |
| "activity_display_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "category" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "correlation_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "initiated_by" : { | |
| "properties" : { | |
| "app" : { | |
| "properties" : { | |
| "appId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "displayName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "servicePrincipalId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "servicePrincipalName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "user" : { | |
| "properties" : { | |
| "displayName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ipAddress" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "userPrincipalName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "logged_by_service" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "operation_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "result" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "result_reason" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "target_resources" : { | |
| "properties" : { | |
| "*" : { | |
| "properties" : { | |
| "display_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ip_address" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "modified_properties" : { | |
| "properties" : { | |
| "*" : { | |
| "properties" : { | |
| "display_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "new_value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "old_value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "user_principal_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "result_signature" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tenant_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "consumer_group" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "correlation_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "enqueued_time" : { | |
| "type" : "date" | |
| }, | |
| "eventhub" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "offset" : { | |
| "type" : "long" | |
| }, | |
| "partition_id" : { | |
| "type" : "long" | |
| }, | |
| "resource" : { | |
| "properties" : { | |
| "authorization_rule" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "group" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "namespace" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "provider" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "sequence_number" : { | |
| "type" : "long" | |
| }, | |
| "signinlogs" : { | |
| "properties" : { | |
| "category" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "identity" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "operation_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "operation_version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "properties" : { | |
| "properties" : { | |
| "app_display_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "app_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "client_app_used" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "conditional_access_status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "correlation_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "created_at" : { | |
| "type" : "date" | |
| }, | |
| "device_detail" : { | |
| "properties" : { | |
| "browser" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "device_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "display_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "operating_system" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "trust_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ip_address" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "is_interactive" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "original_request_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "processing_time_ms" : { | |
| "type" : "float" | |
| }, | |
| "resource_display_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "risk_detail" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "risk_level_aggregated" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "risk_level_during_signin" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "risk_state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "service_principal_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "status" : { | |
| "properties" : { | |
| "error_code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "token_issuer_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "token_issuer_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "user_display_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "user_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "user_principal_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "result_description" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "result_signature" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "result_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tenant_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "subscription_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tenant_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "bucket_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "category" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cef" : { | |
| "properties" : { | |
| "device" : { | |
| "properties" : { | |
| "event_class_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "product" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vendor" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "extensions" : { | |
| "properties" : { | |
| "Reason" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "agentAddress" : { | |
| "type" : "ip" | |
| }, | |
| "agentDnsDomain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "agentHostName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "agentId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "agentMacAddress" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "agentNtDomain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "agentReceiptTime" : { | |
| "type" : "date" | |
| }, | |
| "agentTimeZone" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "agentTranslatedAddress" : { | |
| "type" : "ip" | |
| }, | |
| "agentTranslatedZoneExternalID" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "agentTranslatedZoneURI" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "agentType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "agentVersion" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "agentZoneExternalID" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "agentZoneURI" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "applicationProtocol" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "baseEventCount" : { | |
| "type" : "long" | |
| }, | |
| "bytesIn" : { | |
| "type" : "long" | |
| }, | |
| "bytesOut" : { | |
| "type" : "long" | |
| }, | |
| "categoryBehavior" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "categoryDeviceGroup" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "categoryDeviceType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "categoryObject" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "categoryOutcome" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "categorySignificance" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "categoryTechnique" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cp_app_risk" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cp_severity" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "customerExternalID" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "customerURI" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "destinationAddress" : { | |
| "type" : "ip" | |
| }, | |
| "destinationDnsDomain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "destinationGeoLatitude" : { | |
| "type" : "double" | |
| }, | |
| "destinationGeoLongitude" : { | |
| "type" : "double" | |
| }, | |
| "destinationHostName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "destinationMacAddress" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "destinationNtDomain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "destinationPort" : { | |
| "type" : "long" | |
| }, | |
| "destinationProcessId" : { | |
| "type" : "long" | |
| }, | |
| "destinationProcessName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "destinationServiceName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "destinationTranslatedAddress" : { | |
| "type" : "ip" | |
| }, | |
| "destinationTranslatedPort" : { | |
| "type" : "long" | |
| }, | |
| "destinationTranslatedZoneExternalID" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "destinationTranslatedZoneURI" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "destinationUserId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "destinationUserName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "destinationUserPrivileges" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "destinationZoneExternalID" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "destinationZoneURI" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceAction" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceAddress" : { | |
| "type" : "ip" | |
| }, | |
| "deviceCustomDate1" : { | |
| "type" : "date" | |
| }, | |
| "deviceCustomDate1Label" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceCustomDate2" : { | |
| "type" : "date" | |
| }, | |
| "deviceCustomDate2Label" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceCustomFloatingPoint1" : { | |
| "type" : "double" | |
| }, | |
| "deviceCustomFloatingPoint1Label" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceCustomFloatingPoint2" : { | |
| "type" : "double" | |
| }, | |
| "deviceCustomFloatingPoint2Label" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceCustomFloatingPoint3" : { | |
| "type" : "double" | |
| }, | |
| "deviceCustomFloatingPoint3Label" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceCustomFloatingPoint4" : { | |
| "type" : "double" | |
| }, | |
| "deviceCustomFloatingPoint4Label" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceCustomIPv6Address1" : { | |
| "type" : "ip" | |
| }, | |
| "deviceCustomIPv6Address1Label" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceCustomIPv6Address2" : { | |
| "type" : "ip" | |
| }, | |
| "deviceCustomIPv6Address2Label" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceCustomIPv6Address3" : { | |
| "type" : "ip" | |
| }, | |
| "deviceCustomIPv6Address3Label" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceCustomIPv6Address4" : { | |
| "type" : "ip" | |
| }, | |
| "deviceCustomIPv6Address4Label" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceCustomNumber1" : { | |
| "type" : "long" | |
| }, | |
| "deviceCustomNumber1Label" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceCustomNumber2" : { | |
| "type" : "long" | |
| }, | |
| "deviceCustomNumber2Label" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceCustomNumber3" : { | |
| "type" : "long" | |
| }, | |
| "deviceCustomNumber3Label" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceCustomString1" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceCustomString1Label" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceCustomString2" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceCustomString2Label" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceCustomString3" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceCustomString3Label" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceCustomString4" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceCustomString4Label" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceCustomString5" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceCustomString5Label" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceCustomString6" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceCustomString6Label" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceDirection" : { | |
| "type" : "long" | |
| }, | |
| "deviceDnsDomain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceEventCategory" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceExternalId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceFacility" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceFlexNumber1" : { | |
| "type" : "long" | |
| }, | |
| "deviceFlexNumber1Label" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceFlexNumber2" : { | |
| "type" : "long" | |
| }, | |
| "deviceFlexNumber2Label" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceHostName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceInboundInterface" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceMacAddress" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceNtDomain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceOutboundInterface" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "devicePayloadId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceProcessId" : { | |
| "type" : "long" | |
| }, | |
| "deviceProcessName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceReceiptTime" : { | |
| "type" : "date" | |
| }, | |
| "deviceTimeZone" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceTranslatedAddress" : { | |
| "type" : "ip" | |
| }, | |
| "deviceTranslatedZoneExternalID" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceTranslatedZoneURI" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceZoneExternalID" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceZoneURI" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "endTime" : { | |
| "type" : "date" | |
| }, | |
| "eventId" : { | |
| "type" : "long" | |
| }, | |
| "eventOutcome" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "externalId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "fileCreateTime" : { | |
| "type" : "date" | |
| }, | |
| "fileHash" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "fileId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "fileModificationTime" : { | |
| "type" : "date" | |
| }, | |
| "filePath" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "filePermission" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "fileSize" : { | |
| "type" : "long" | |
| }, | |
| "fileType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "filename" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "flexDate1" : { | |
| "type" : "date" | |
| }, | |
| "flexDate1Label" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "flexString1" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "flexString1Label" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "flexString2" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "flexString2Label" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ifname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "inzone" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "layer_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "layer_uuid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "logid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "loguid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "managerReceiptTime" : { | |
| "type" : "date" | |
| }, | |
| "match_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "message" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "nat_addtnl_rulenum" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "nat_rulenum" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "oldFileCreateTime" : { | |
| "type" : "date" | |
| }, | |
| "oldFileHash" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "oldFileId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "oldFileModificationTime" : { | |
| "type" : "date" | |
| }, | |
| "oldFileName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "oldFilePath" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "oldFilePermission" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "oldFileSize" : { | |
| "type" : "long" | |
| }, | |
| "oldFileType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "origin" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "originsicname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "outzone" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "parent_rule" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "product" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rawEvent" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "requestClientApplication" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "requestContext" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "requestCookies" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "requestMethod" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "requestUrl" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rule_action" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rule_uid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sequencenum" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "service_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sourceAddress" : { | |
| "type" : "ip" | |
| }, | |
| "sourceDnsDomain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sourceGeoLatitude" : { | |
| "type" : "double" | |
| }, | |
| "sourceGeoLongitude" : { | |
| "type" : "double" | |
| }, | |
| "sourceHostName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sourceMacAddress" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sourceNtDomain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sourcePort" : { | |
| "type" : "long" | |
| }, | |
| "sourceProcessId" : { | |
| "type" : "long" | |
| }, | |
| "sourceProcessName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sourceServiceName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sourceTranslatedAddress" : { | |
| "type" : "ip" | |
| }, | |
| "sourceTranslatedPort" : { | |
| "type" : "long" | |
| }, | |
| "sourceTranslatedZoneExternalID" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sourceTranslatedZoneURI" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sourceUserId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sourceUserName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sourceUserPrivileges" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sourceZoneExternalID" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sourceZoneURI" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "startTime" : { | |
| "type" : "date" | |
| }, | |
| "transportProtocol" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "type" : { | |
| "type" : "long" | |
| }, | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "severity" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "checkpoint" : { | |
| "properties" : { | |
| "action_reason" : { | |
| "type" : "long" | |
| }, | |
| "additional_info" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "additional_ip" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "additional_rdata" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "alert" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "allocated_ports" : { | |
| "type" : "long" | |
| }, | |
| "analyzed_on" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "answer_rdata" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "anti_virus_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "app_desc" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "app_id" : { | |
| "type" : "long" | |
| }, | |
| "app_package" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "app_properties" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "app_repackaged" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "app_risk" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "app_severity" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "app_sid_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "app_sig_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "app_version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "appi_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "arrival_time" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "attachments_num" : { | |
| "type" : "long" | |
| }, | |
| "attack_status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "audit_status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "auth_method" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "authority_rdata" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "authorization" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "bcc" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "blade_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "broker_publisher" : { | |
| "type" : "ip" | |
| }, | |
| "browse_time" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "c_bytes" : { | |
| "type" : "long" | |
| }, | |
| "calc_desc" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "capacity" : { | |
| "type" : "long" | |
| }, | |
| "capture_uuid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "category" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cc" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "certificate_resource" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "certificate_validation" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cgnet" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "chunk_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "client_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "client_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "client_type_os" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "client_version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cluster_info" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "community" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "confidence_level" : { | |
| "type" : "long" | |
| }, | |
| "connection_uid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "connectivity_level" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "connectivity_state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "conns_amount" : { | |
| "type" : "long" | |
| }, | |
| "content_disposition" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "content_length" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "content_risk" : { | |
| "type" : "long" | |
| }, | |
| "content_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "context_num" : { | |
| "type" : "long" | |
| }, | |
| "cookie" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cookieI" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cookieR" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cp_message" : { | |
| "type" : "long" | |
| }, | |
| "cvpn_category" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cvpn_resource" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "data_type_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dce-rpc_interface_uuid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "delivery_time" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "desc" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "description" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "destination_object" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "detected_on" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "developer_certificate_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "diameter_app_ID" : { | |
| "type" : "long" | |
| }, | |
| "diameter_cmd_code" : { | |
| "type" : "long" | |
| }, | |
| "diameter_msg_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dlp_action_reason" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dlp_additional_action" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dlp_categories" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dlp_data_type_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dlp_data_type_uid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dlp_fingerprint_files_number" : { | |
| "type" : "long" | |
| }, | |
| "dlp_fingerprint_long_status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dlp_fingerprint_short_status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dlp_incident_uid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dlp_recipients" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dlp_related_incident_uid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dlp_relevant_data_types" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dlp_repository_directories_number" : { | |
| "type" : "long" | |
| }, | |
| "dlp_repository_files_number" : { | |
| "type" : "long" | |
| }, | |
| "dlp_repository_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dlp_repository_not_scanned_directories_percentage" : { | |
| "type" : "long" | |
| }, | |
| "dlp_repository_reached_directories_number" : { | |
| "type" : "long" | |
| }, | |
| "dlp_repository_root_path" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dlp_repository_scan_progress" : { | |
| "type" : "long" | |
| }, | |
| "dlp_repository_scanned_directories_number" : { | |
| "type" : "long" | |
| }, | |
| "dlp_repository_scanned_files_number" : { | |
| "type" : "long" | |
| }, | |
| "dlp_repository_scanned_total_size" : { | |
| "type" : "long" | |
| }, | |
| "dlp_repository_skipped_files_number" : { | |
| "type" : "long" | |
| }, | |
| "dlp_repository_total_size" : { | |
| "type" : "long" | |
| }, | |
| "dlp_repository_unreachable_directories_number" : { | |
| "type" : "long" | |
| }, | |
| "dlp_rule_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dlp_subject" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dlp_template_score" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dlp_transint" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dlp_violation_description" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dlp_watermark_profile" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dlp_word_list" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dns_query" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "drop_reason" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dropped_file_hash" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dropped_file_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dropped_file_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dropped_file_verdict" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dropped_incoming" : { | |
| "type" : "long" | |
| }, | |
| "dropped_outgoing" : { | |
| "type" : "long" | |
| }, | |
| "dropped_total" : { | |
| "type" : "long" | |
| }, | |
| "drops_amount" : { | |
| "type" : "long" | |
| }, | |
| "dst_country" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dst_phone_number" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dst_user_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dstkeyid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "duplicate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "duration" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "elapsed" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "email_content" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "email_control" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "email_control_analysis" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "email_headers" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "email_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "email_message_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "email_queue_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "email_queue_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "email_recipients_num" : { | |
| "type" : "long" | |
| }, | |
| "email_session_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "email_spam_category" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "email_spool_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "email_status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "email_subject" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "emulated_on" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "encryption_failure" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "end_time" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "end_user_firewall_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "esod_access_status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "esod_associated_policies" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "esod_noncompliance_reason" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "esod_rule_action" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "esod_rule_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "esod_rule_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "esod_scan_status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "event_count" : { | |
| "type" : "long" | |
| }, | |
| "expire_time" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "extension_version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "extracted_file_hash" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "extracted_file_names" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "extracted_file_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "extracted_file_uid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "extracted_file_verdict" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "failure_impact" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "failure_reason" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "file_direction" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "file_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "files_names" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "first_hit_time" : { | |
| "type" : "long" | |
| }, | |
| "frequency" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "fs-proto" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ftp_user" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "fw_message" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "fw_subproduct" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "hide_ip" : { | |
| "type" : "ip" | |
| }, | |
| "hit" : { | |
| "type" : "long" | |
| }, | |
| "host_time" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "http_host" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "http_location" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "http_server" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "https_inspection_action" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "https_inspection_rule_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "https_inspection_rule_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "https_validation" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "icap_more_info" : { | |
| "type" : "long" | |
| }, | |
| "icap_server_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "icap_server_service" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "icap_service_id" : { | |
| "type" : "long" | |
| }, | |
| "icmp" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "icmp_code" : { | |
| "type" : "long" | |
| }, | |
| "icmp_type" : { | |
| "type" : "long" | |
| }, | |
| "id" : { | |
| "type" : "long" | |
| }, | |
| "identity_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ike" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ike_ids" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "impacted_files" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "incident_extension" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "indicator_description" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "indicator_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "indicator_reference" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "indicator_uuid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "info" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "information" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "inspection_category" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "inspection_item" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "inspection_profile" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "inspection_settings_log" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "installed_products" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "int_end" : { | |
| "type" : "long" | |
| }, | |
| "int_start" : { | |
| "type" : "long" | |
| }, | |
| "integrity_av_invoke_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "interface_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "internal_error" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "invalid_file_size" : { | |
| "type" : "long" | |
| }, | |
| "ip_option" : { | |
| "type" : "long" | |
| }, | |
| "isp_link" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "last_hit_time" : { | |
| "type" : "long" | |
| }, | |
| "last_rematch_time" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "layer_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "layer_uuid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "limit_applied" : { | |
| "type" : "long" | |
| }, | |
| "limit_requested" : { | |
| "type" : "long" | |
| }, | |
| "link_probing_status_update" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "links_num" : { | |
| "type" : "long" | |
| }, | |
| "log_delay" : { | |
| "type" : "long" | |
| }, | |
| "log_id" : { | |
| "type" : "long" | |
| }, | |
| "logid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "long_desc" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "machine" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "malware_family" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "match_fk" : { | |
| "type" : "long" | |
| }, | |
| "match_id" : { | |
| "type" : "long" | |
| }, | |
| "matched_file" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "matched_file_percentage" : { | |
| "type" : "long" | |
| }, | |
| "matched_file_text_segments" : { | |
| "type" : "long" | |
| }, | |
| "media_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "message" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "message_info" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "message_size" : { | |
| "type" : "long" | |
| }, | |
| "method" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "methods" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mime_from" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mime_to" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mirror_and_decrypt_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mitre_collection" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mitre_command_and_control" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mitre_credential_access" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mitre_defense_evasion" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mitre_discovery" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mitre_execution" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mitre_exfiltration" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mitre_impact" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mitre_initial_access" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mitre_lateral_movement" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mitre_persistence" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mitre_privilege_escalation" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "monitor_reason" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "msgid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "nat46" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "nat_addtnl_rulenum" : { | |
| "type" : "long" | |
| }, | |
| "nat_exhausted_pool" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "nat_rulenum" : { | |
| "type" : "long" | |
| }, | |
| "needs_browse_time" : { | |
| "type" : "long" | |
| }, | |
| "next_hop_ip" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "next_scheduled_scan_date" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "number_of_errors" : { | |
| "type" : "long" | |
| }, | |
| "objecttable" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "objecttype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "observable_comment" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "observable_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "observable_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "operation" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "operation_number" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "origin_sic_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "original_queue_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "outgoing_url" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "packet_amount" : { | |
| "type" : "long" | |
| }, | |
| "packet_capture_unique_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "parent_file_hash" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "parent_file_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "parent_file_uid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "parent_process_username" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "parent_rule" : { | |
| "type" : "long" | |
| }, | |
| "peer_gateway" : { | |
| "type" : "ip" | |
| }, | |
| "peer_ip" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "peer_ip_probing_status_update" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "performance_impact" : { | |
| "type" : "long" | |
| }, | |
| "policy_mgmt" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "policy_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ports_usage" : { | |
| "type" : "long" | |
| }, | |
| "ppp" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "precise_error" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "process_username" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "properties" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "protection_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "protection_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "protection_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "protocol" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "proxy_machine_name" : { | |
| "type" : "long" | |
| }, | |
| "proxy_src_ip" : { | |
| "type" : "ip" | |
| }, | |
| "proxy_user_dn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "proxy_user_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "query" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "question_rdata" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "referrer" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "referrer_parent_uid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "referrer_self_uid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "registered_ip-phones" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "reject_category" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "reject_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rematch_info" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "remediated_files" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "reply_status" : { | |
| "type" : "long" | |
| }, | |
| "risk" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rpc_prog" : { | |
| "type" : "long" | |
| }, | |
| "rule" : { | |
| "type" : "long" | |
| }, | |
| "rule_action" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rulebase_id" : { | |
| "type" : "long" | |
| }, | |
| "scan_direction" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "scan_hosts_day" : { | |
| "type" : "long" | |
| }, | |
| "scan_hosts_hour" : { | |
| "type" : "long" | |
| }, | |
| "scan_hosts_week" : { | |
| "type" : "long" | |
| }, | |
| "scan_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "scan_mail" : { | |
| "type" : "long" | |
| }, | |
| "scan_result" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "scan_results" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "scheme" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "scope" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "scrub_activity" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "scrub_download_time" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "scrub_time" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "scrub_total_time" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "scrubbed_content" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sctp_association_state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sctp_error" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "scv_message_info" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "scv_user" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "securexl_message" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sensor_mode" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "session_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "session_uid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "severity" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "short_desc" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sig_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "similar_communication" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "similar_hashes" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "similar_strings" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "similiar_iocs" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sip_reason" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "site_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "source_interface" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "source_object" : { | |
| "type" : "long" | |
| }, | |
| "source_os" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "special_properties" : { | |
| "type" : "long" | |
| }, | |
| "specific_data_type_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "speed" : { | |
| "type" : "long" | |
| }, | |
| "spyware_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "spyware_status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "spyware_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "src_country" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "src_phone_number" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "src_user_dn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "src_user_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "srckeyid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "status_update" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sub_policy_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sub_policy_uid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subs_exp" : { | |
| "type" : "date" | |
| }, | |
| "subscriber" : { | |
| "type" : "ip" | |
| }, | |
| "summary" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "suppressed_logs" : { | |
| "type" : "long" | |
| }, | |
| "sync" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sys_message" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tcp_end_reason" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tcp_flags" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tcp_packet_out_of_state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tcp_state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "te_verdict_determined_by" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "termination_reason" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ticket_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tls_server_host_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "top_archive_file_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "total_attachments" : { | |
| "type" : "long" | |
| }, | |
| "triggered_by" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "trusted_domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "unique_detected_day" : { | |
| "type" : "long" | |
| }, | |
| "unique_detected_hour" : { | |
| "type" : "long" | |
| }, | |
| "unique_detected_week" : { | |
| "type" : "long" | |
| }, | |
| "update_status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "url" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "user" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "user_agent" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "user_status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "uuid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vendor_list" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "verdict" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "via" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "virus_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "voip_attach_action_info" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "voip_attach_sz" : { | |
| "type" : "long" | |
| }, | |
| "voip_call_dir" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "voip_call_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "voip_call_state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "voip_call_term_time" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "voip_config" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "voip_duration" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "voip_est_codec" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "voip_exp" : { | |
| "type" : "long" | |
| }, | |
| "voip_from_user_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "voip_log_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "voip_media_codec" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "voip_media_ipp" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "voip_media_port" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "voip_method" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "voip_reason_info" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "voip_reg_int" : { | |
| "type" : "long" | |
| }, | |
| "voip_reg_ipp" : { | |
| "type" : "long" | |
| }, | |
| "voip_reg_period" : { | |
| "type" : "long" | |
| }, | |
| "voip_reg_server" : { | |
| "type" : "ip" | |
| }, | |
| "voip_reg_user_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "voip_reject_reason" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "voip_to_user_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vpn_feature_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "watermark" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "web_server_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "word_list" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "cisco" : { | |
| "properties" : { | |
| "asa" : { | |
| "properties" : { | |
| "assigned_ip" : { | |
| "type" : "ip" | |
| }, | |
| "burst" : { | |
| "properties" : { | |
| "avg_rate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "configured_avg_rate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "configured_rate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cumulative_count" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "current_rate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "object" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "command_line_arguments" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "connection_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "connection_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dap_records" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "destination_interface" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "destination_username" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "icmp_code" : { | |
| "type" : "short" | |
| }, | |
| "icmp_type" : { | |
| "type" : "short" | |
| }, | |
| "mapped_destination_host" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mapped_destination_ip" : { | |
| "type" : "ip" | |
| }, | |
| "mapped_destination_port" : { | |
| "type" : "long" | |
| }, | |
| "mapped_source_host" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mapped_source_ip" : { | |
| "type" : "ip" | |
| }, | |
| "mapped_source_port" : { | |
| "type" : "long" | |
| }, | |
| "message_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "privilege" : { | |
| "properties" : { | |
| "new" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "old" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "rule_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "source_interface" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "source_username" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "suffix" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "threat_category" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "threat_level" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "ftd" : { | |
| "properties" : { | |
| "connection_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "connection_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dap_records" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "destination_interface" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "destination_username" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "icmp_code" : { | |
| "type" : "short" | |
| }, | |
| "icmp_type" : { | |
| "type" : "short" | |
| }, | |
| "mapped_destination_host" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mapped_destination_ip" : { | |
| "type" : "ip" | |
| }, | |
| "mapped_destination_port" : { | |
| "type" : "long" | |
| }, | |
| "mapped_source_host" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mapped_source_ip" : { | |
| "type" : "ip" | |
| }, | |
| "mapped_source_port" : { | |
| "type" : "long" | |
| }, | |
| "message_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rule_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "security" : { | |
| "type" : "object" | |
| }, | |
| "source_interface" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "source_username" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "suffix" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "threat_category" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "threat_level" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "ios" : { | |
| "properties" : { | |
| "access_list" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "facility" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "client" : { | |
| "properties" : { | |
| "address" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "as" : { | |
| "properties" : { | |
| "number" : { | |
| "type" : "long" | |
| }, | |
| "organization" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "bytes" : { | |
| "type" : "long" | |
| }, | |
| "domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "geo" : { | |
| "properties" : { | |
| "city_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "continent_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "country_iso_code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "country_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "location" : { | |
| "type" : "geo_point" | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "region_iso_code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "region_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "ip" : { | |
| "type" : "ip" | |
| }, | |
| "mac" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "nat" : { | |
| "properties" : { | |
| "ip" : { | |
| "type" : "ip" | |
| }, | |
| "port" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "packets" : { | |
| "type" : "long" | |
| }, | |
| "port" : { | |
| "type" : "long" | |
| }, | |
| "registered_domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "top_level_domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "user" : { | |
| "properties" : { | |
| "domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "email" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "full_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "group" : { | |
| "properties" : { | |
| "domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "hash" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "cloud" : { | |
| "properties" : { | |
| "account" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "availability_zone" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "image" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "instance" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "machine" : { | |
| "properties" : { | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "project" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "provider" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "region" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "code_signature" : { | |
| "properties" : { | |
| "exists" : { | |
| "type" : "boolean" | |
| }, | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subject_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "trusted" : { | |
| "type" : "boolean" | |
| }, | |
| "valid" : { | |
| "type" : "boolean" | |
| } | |
| } | |
| }, | |
| "container" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "image" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tag" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "labels" : { | |
| "type" : "object" | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "runtime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "coredns" : { | |
| "properties" : { | |
| "dnssec_ok" : { | |
| "type" : "boolean" | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "query" : { | |
| "properties" : { | |
| "class" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "size" : { | |
| "type" : "long" | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "response" : { | |
| "properties" : { | |
| "code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "flags" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "size" : { | |
| "type" : "long" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "crowdstrike" : { | |
| "properties" : { | |
| "event" : { | |
| "properties" : { | |
| "AuditKeyValues" : { | |
| "type" : "nested" | |
| }, | |
| "CommandLine" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Commands" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ComputerName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ConnectionDirection" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "CustomerId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "DetectDescription" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "DetectId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "DetectName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "DeviceId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "EndTimestamp" : { | |
| "type" : "date" | |
| }, | |
| "EventType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ExecutablesWritten" : { | |
| "type" : "nested" | |
| }, | |
| "FalconHostLink" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "FileName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "FilePath" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "FineScore" : { | |
| "type" : "float" | |
| }, | |
| "Flags" : { | |
| "properties" : { | |
| "Audit" : { | |
| "type" : "boolean" | |
| }, | |
| "Log" : { | |
| "type" : "boolean" | |
| }, | |
| "Monitor" : { | |
| "type" : "boolean" | |
| } | |
| } | |
| }, | |
| "GrandparentCommandLine" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "GrandparentImageFileName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "HostName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "HostnameField" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ICMPCode" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ICMPType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "IOCType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "IOCValue" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ImageFileName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "IncidentEndTime" : { | |
| "type" : "date" | |
| }, | |
| "IncidentStartTime" : { | |
| "type" : "date" | |
| }, | |
| "Ipv" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "LateralMovement" : { | |
| "type" : "long" | |
| }, | |
| "LocalAddress" : { | |
| "type" : "ip" | |
| }, | |
| "LocalIP" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "LocalPort" : { | |
| "type" : "long" | |
| }, | |
| "MACAddress" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "MD5String" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "MachineDomain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "MatchCount" : { | |
| "type" : "long" | |
| }, | |
| "MatchCountSinceLastReport" : { | |
| "type" : "long" | |
| }, | |
| "NetworkProfile" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Objective" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "OperationName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "PID" : { | |
| "type" : "long" | |
| }, | |
| "ParentCommandLine" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ParentImageFileName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ParentProcessId" : { | |
| "type" : "long" | |
| }, | |
| "PatternDispositionDescription" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "PatternDispositionFlags" : { | |
| "type" : "object" | |
| }, | |
| "PatternDispositionValue" : { | |
| "type" : "long" | |
| }, | |
| "PolicyID" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "PolicyName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ProcessEndTime" : { | |
| "type" : "date" | |
| }, | |
| "ProcessId" : { | |
| "type" : "long" | |
| }, | |
| "ProcessStartTime" : { | |
| "type" : "date" | |
| }, | |
| "Protocol" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "RemoteAddress" : { | |
| "type" : "ip" | |
| }, | |
| "RemotePort" : { | |
| "type" : "long" | |
| }, | |
| "RuleAction" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "RuleDescription" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "RuleFamilyID" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "RuleGroupName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "RuleId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "RuleName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "SHA1String" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "SHA256String" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "SensorId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ServiceName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "SessionId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Severity" : { | |
| "type" : "long" | |
| }, | |
| "SeverityName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "StartTimestamp" : { | |
| "type" : "date" | |
| }, | |
| "State" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Success" : { | |
| "type" : "boolean" | |
| }, | |
| "Tactic" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Technique" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Timestamp" : { | |
| "type" : "date" | |
| }, | |
| "TreeID" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "UTCTimestamp" : { | |
| "type" : "date" | |
| }, | |
| "UserId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "UserIp" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "UserName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "metadata" : { | |
| "properties" : { | |
| "customerIDString" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "eventCreationTime" : { | |
| "type" : "date" | |
| }, | |
| "eventType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "offset" : { | |
| "type" : "long" | |
| }, | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "destination" : { | |
| "properties" : { | |
| "address" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "as" : { | |
| "properties" : { | |
| "number" : { | |
| "type" : "long" | |
| }, | |
| "organization" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "bytes" : { | |
| "type" : "long" | |
| }, | |
| "domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "geo" : { | |
| "properties" : { | |
| "city_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "continent_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "country_iso_code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "country_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "location" : { | |
| "type" : "geo_point" | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "region_iso_code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "region_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "ip" : { | |
| "type" : "ip" | |
| }, | |
| "mac" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "nat" : { | |
| "properties" : { | |
| "ip" : { | |
| "type" : "ip" | |
| }, | |
| "port" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "packets" : { | |
| "type" : "long" | |
| }, | |
| "port" : { | |
| "type" : "long" | |
| }, | |
| "registered_domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "service" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "top_level_domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "user" : { | |
| "properties" : { | |
| "domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "email" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "full_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "group" : { | |
| "properties" : { | |
| "domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "hash" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "dll" : { | |
| "properties" : { | |
| "code_signature" : { | |
| "properties" : { | |
| "exists" : { | |
| "type" : "boolean" | |
| }, | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subject_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "trusted" : { | |
| "type" : "boolean" | |
| }, | |
| "valid" : { | |
| "type" : "boolean" | |
| } | |
| } | |
| }, | |
| "hash" : { | |
| "properties" : { | |
| "md5" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sha1" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sha256" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sha512" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "path" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "pe" : { | |
| "properties" : { | |
| "company" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "description" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "file_version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "original_file_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "product" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "dns" : { | |
| "properties" : { | |
| "answers" : { | |
| "properties" : { | |
| "class" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "data" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ttl" : { | |
| "type" : "long" | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "header_flags" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "op_code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "question" : { | |
| "properties" : { | |
| "class" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "registered_domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subdomain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "top_level_domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "resolved_ip" : { | |
| "type" : "ip" | |
| }, | |
| "response_code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "docker" : { | |
| "properties" : { | |
| "attrs" : { | |
| "type" : "object" | |
| }, | |
| "container" : { | |
| "properties" : { | |
| "labels" : { | |
| "type" : "object" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "ecs" : { | |
| "properties" : { | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "elasticsearch" : { | |
| "properties" : { | |
| "audit" : { | |
| "properties" : { | |
| "action" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "event_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "indices" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "layer" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "message" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "origin" : { | |
| "properties" : { | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "realm" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "request" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "url" : { | |
| "properties" : { | |
| "params" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "user" : { | |
| "properties" : { | |
| "realm" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "roles" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "cluster" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "uuid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "component" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deprecation" : { | |
| "type" : "object" | |
| }, | |
| "gc" : { | |
| "properties" : { | |
| "heap" : { | |
| "properties" : { | |
| "size_kb" : { | |
| "type" : "long" | |
| }, | |
| "used_kb" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "jvm_runtime_sec" : { | |
| "type" : "float" | |
| }, | |
| "old_gen" : { | |
| "properties" : { | |
| "size_kb" : { | |
| "type" : "long" | |
| }, | |
| "used_kb" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "phase" : { | |
| "properties" : { | |
| "class_unload_time_sec" : { | |
| "type" : "float" | |
| }, | |
| "cpu_time" : { | |
| "properties" : { | |
| "real_sec" : { | |
| "type" : "float" | |
| }, | |
| "sys_sec" : { | |
| "type" : "float" | |
| }, | |
| "user_sec" : { | |
| "type" : "float" | |
| } | |
| } | |
| }, | |
| "duration_sec" : { | |
| "type" : "float" | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "parallel_rescan_time_sec" : { | |
| "type" : "float" | |
| }, | |
| "scrub_string_table_time_sec" : { | |
| "type" : "float" | |
| }, | |
| "scrub_symbol_table_time_sec" : { | |
| "type" : "float" | |
| }, | |
| "weak_refs_processing_time_sec" : { | |
| "type" : "float" | |
| } | |
| } | |
| }, | |
| "stopping_threads_time_sec" : { | |
| "type" : "float" | |
| }, | |
| "tags" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "threads_total_stop_time_sec" : { | |
| "type" : "float" | |
| }, | |
| "young_gen" : { | |
| "properties" : { | |
| "size_kb" : { | |
| "type" : "long" | |
| }, | |
| "used_kb" : { | |
| "type" : "long" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "index" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "node" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "server" : { | |
| "properties" : { | |
| "gc" : { | |
| "properties" : { | |
| "collection_duration" : { | |
| "properties" : { | |
| "ms" : { | |
| "type" : "float" | |
| } | |
| } | |
| }, | |
| "observation_duration" : { | |
| "properties" : { | |
| "ms" : { | |
| "type" : "float" | |
| } | |
| } | |
| }, | |
| "overhead_seq" : { | |
| "type" : "long" | |
| }, | |
| "young" : { | |
| "properties" : { | |
| "one" : { | |
| "type" : "long" | |
| }, | |
| "two" : { | |
| "type" : "long" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "stacktrace" : { | |
| "type" : "keyword", | |
| "index" : false, | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "shard" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "slowlog" : { | |
| "properties" : { | |
| "extra_source" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "logger" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "routing" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "search_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "source" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "source_query" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "stats" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "took" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "total_hits" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "total_shards" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "types" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "envoyproxy" : { | |
| "properties" : { | |
| "authority" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "log_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "proxy_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "request_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "response_flags" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "upstream_service_time" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "error" : { | |
| "properties" : { | |
| "code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "message" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "stack_trace" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "errorCode" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "errorMessage" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "event" : { | |
| "properties" : { | |
| "action" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "category" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "created" : { | |
| "type" : "date" | |
| }, | |
| "dataset" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "duration" : { | |
| "type" : "long" | |
| }, | |
| "end" : { | |
| "type" : "date" | |
| }, | |
| "hash" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ingested" : { | |
| "type" : "date" | |
| }, | |
| "kind" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "module" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "original" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "outcome" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "provider" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "reference" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "risk_score" : { | |
| "type" : "float" | |
| }, | |
| "risk_score_norm" : { | |
| "type" : "float" | |
| }, | |
| "sequence" : { | |
| "type" : "long" | |
| }, | |
| "severity" : { | |
| "type" : "long" | |
| }, | |
| "start" : { | |
| "type" : "date" | |
| }, | |
| "timezone" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "url" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "eventCategory" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "eventID" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "eventName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "eventSource" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "eventTime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "eventType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "eventVersion" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "fields" : { | |
| "type" : "object" | |
| }, | |
| "file" : { | |
| "properties" : { | |
| "accessed" : { | |
| "type" : "date" | |
| }, | |
| "attributes" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "code_signature" : { | |
| "properties" : { | |
| "exists" : { | |
| "type" : "boolean" | |
| }, | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subject_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "trusted" : { | |
| "type" : "boolean" | |
| }, | |
| "valid" : { | |
| "type" : "boolean" | |
| } | |
| } | |
| }, | |
| "created" : { | |
| "type" : "date" | |
| }, | |
| "ctime" : { | |
| "type" : "date" | |
| }, | |
| "device" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "directory" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "drive_letter" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1 | |
| }, | |
| "extension" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "gid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "group" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "hash" : { | |
| "properties" : { | |
| "md5" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sha1" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sha256" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sha512" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "inode" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mime_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mode" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mtime" : { | |
| "type" : "date" | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "owner" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "path" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "pe" : { | |
| "properties" : { | |
| "company" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "description" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "file_version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "original_file_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "product" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "size" : { | |
| "type" : "long" | |
| }, | |
| "target_path" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "uid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "fileset" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "forcepoint" : { | |
| "properties" : { | |
| "virus_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "fortinet" : { | |
| "properties" : { | |
| "file" : { | |
| "properties" : { | |
| "hash" : { | |
| "properties" : { | |
| "crc32" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "firewall" : { | |
| "properties" : { | |
| "acct_stat" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "acktime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "act" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "action" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "activity" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "addr" : { | |
| "type" : "ip" | |
| }, | |
| "addr_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "addrgrp" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "adgroup" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "admin" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "age" : { | |
| "type" : "long" | |
| }, | |
| "agent" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "alarmid" : { | |
| "type" : "long" | |
| }, | |
| "alert" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "analyticscksum" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "analyticssubmit" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ap" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "app-type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "appact" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "appid" : { | |
| "type" : "long" | |
| }, | |
| "applist" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "apprisk" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "apscan" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "apsn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "apstatus" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "aptype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "assigned" : { | |
| "type" : "ip" | |
| }, | |
| "assignip" : { | |
| "type" : "ip" | |
| }, | |
| "attachment" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "attack" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "attackcontext" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "attackcontextid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "attackid" : { | |
| "type" : "long" | |
| }, | |
| "auditid" : { | |
| "type" : "long" | |
| }, | |
| "auditscore" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "audittime" : { | |
| "type" : "long" | |
| }, | |
| "authgrp" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "authid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "authproto" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "authserver" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "bandwidth" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "banned_rule" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "banned_src" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "banword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "botnetdomain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "botnetip" : { | |
| "type" : "ip" | |
| }, | |
| "bssid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "call_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "carrier_ep" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cat" : { | |
| "type" : "long" | |
| }, | |
| "category" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cc" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cdrcontent" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "centralnatid" : { | |
| "type" : "long" | |
| }, | |
| "cert" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cert-type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "certhash" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cfgattr" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cfgobj" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cfgpath" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cfgtid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cfgtxpower" : { | |
| "type" : "long" | |
| }, | |
| "channel" : { | |
| "type" : "long" | |
| }, | |
| "channeltype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "chassisid" : { | |
| "type" : "long" | |
| }, | |
| "checksum" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "chgheaders" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cldobjid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "client_addr" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cloudaction" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "clouduser" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "column" : { | |
| "type" : "long" | |
| }, | |
| "command" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "community" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "configcountry" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "connection_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "conserve" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "constraint" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "contentdisarmed" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "contenttype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cookies" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "count" : { | |
| "type" : "long" | |
| }, | |
| "countapp" : { | |
| "type" : "long" | |
| }, | |
| "countav" : { | |
| "type" : "long" | |
| }, | |
| "countcifs" : { | |
| "type" : "long" | |
| }, | |
| "countdlp" : { | |
| "type" : "long" | |
| }, | |
| "countdns" : { | |
| "type" : "long" | |
| }, | |
| "countemail" : { | |
| "type" : "long" | |
| }, | |
| "countff" : { | |
| "type" : "long" | |
| }, | |
| "countips" : { | |
| "type" : "long" | |
| }, | |
| "countssh" : { | |
| "type" : "long" | |
| }, | |
| "countssl" : { | |
| "type" : "long" | |
| }, | |
| "countwaf" : { | |
| "type" : "long" | |
| }, | |
| "countweb" : { | |
| "type" : "long" | |
| }, | |
| "cpu" : { | |
| "type" : "long" | |
| }, | |
| "craction" : { | |
| "type" : "long" | |
| }, | |
| "criticalcount" : { | |
| "type" : "long" | |
| }, | |
| "crl" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "crlevel" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "crscore" : { | |
| "type" : "long" | |
| }, | |
| "cveid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "daemon" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "datarange" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "date" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ddnsserver" : { | |
| "type" : "ip" | |
| }, | |
| "desc" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "detectionmethod" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "devcategory" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "devintfname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "devtype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dhcp_msg" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dintf" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "disk" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "disklograte" : { | |
| "type" : "long" | |
| }, | |
| "dlpextra" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "docsource" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "domainctrlauthstate" : { | |
| "type" : "long" | |
| }, | |
| "domainctrlauthtype" : { | |
| "type" : "long" | |
| }, | |
| "domainctrldomain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "domainctrlip" : { | |
| "type" : "ip" | |
| }, | |
| "domainctrlname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "domainctrlprotocoltype" : { | |
| "type" : "long" | |
| }, | |
| "domainctrlusername" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "domainfilteridx" : { | |
| "type" : "long" | |
| }, | |
| "domainfilterlist" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ds" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dst_int" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dstcountry" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dstdevcategory" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dstdevtype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dstfamily" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dsthwvendor" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dsthwversion" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dstinetsvc" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dstintfrole" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dstosname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dstosversion" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dstserver" : { | |
| "type" : "long" | |
| }, | |
| "dstssid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dstswversion" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dstunauthusersource" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dstuuid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "duid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "eapolcnt" : { | |
| "type" : "long" | |
| }, | |
| "eapoltype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "encrypt" : { | |
| "type" : "long" | |
| }, | |
| "encryption" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "epoch" : { | |
| "type" : "long" | |
| }, | |
| "espauth" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "esptransform" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "exch" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "exchange" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "expectedsignature" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "expiry" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "fams_pause" : { | |
| "type" : "long" | |
| }, | |
| "fazlograte" : { | |
| "type" : "long" | |
| }, | |
| "fctemssn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "fctuid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "field" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "filefilter" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "filehashsrc" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "filtercat" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "filteridx" : { | |
| "type" : "long" | |
| }, | |
| "filtername" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "filtertype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "fortiguardresp" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "forwardedfor" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "fqdn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "frametype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "freediskstorage" : { | |
| "type" : "long" | |
| }, | |
| "from" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "from_vcluster" : { | |
| "type" : "long" | |
| }, | |
| "fsaverdict" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "fwserver_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "gateway" : { | |
| "type" : "ip" | |
| }, | |
| "green" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "groupid" : { | |
| "type" : "long" | |
| }, | |
| "ha-prio" : { | |
| "type" : "long" | |
| }, | |
| "ha_group" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ha_role" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "handshake" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "hash" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "hbdn_reason" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "highcount" : { | |
| "type" : "long" | |
| }, | |
| "host" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "iaid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "icmpcode" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "icmpid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "icmptype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "identifier" : { | |
| "type" : "long" | |
| }, | |
| "in_spi" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "incidentserialno" : { | |
| "type" : "long" | |
| }, | |
| "infected" : { | |
| "type" : "long" | |
| }, | |
| "infectedfilelevel" : { | |
| "type" : "long" | |
| }, | |
| "informationsource" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "init" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "initiator" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "interface" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "intf" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "invalidmac" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ip" : { | |
| "type" : "ip" | |
| }, | |
| "iptype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "kind" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "lanin" : { | |
| "type" : "long" | |
| }, | |
| "lanout" : { | |
| "type" : "long" | |
| }, | |
| "lease" : { | |
| "type" : "long" | |
| }, | |
| "license_limit" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "limit" : { | |
| "type" : "long" | |
| }, | |
| "line" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "live" : { | |
| "type" : "long" | |
| }, | |
| "local" : { | |
| "type" : "ip" | |
| }, | |
| "log" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "login" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "lowcount" : { | |
| "type" : "long" | |
| }, | |
| "mac" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "malform_data" : { | |
| "type" : "long" | |
| }, | |
| "malform_desc" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "manuf" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "masterdstmac" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mastersrcmac" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mediumcount" : { | |
| "type" : "long" | |
| }, | |
| "mem" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "meshmode" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "message_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "method" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mgmtcnt" : { | |
| "type" : "long" | |
| }, | |
| "mode" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "module" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "monitor-name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "monitor-type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mpsk" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "msgproto" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mtu" : { | |
| "type" : "long" | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "nat" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "netid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "new_status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "new_value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "newchannel" : { | |
| "type" : "long" | |
| }, | |
| "newchassisid" : { | |
| "type" : "long" | |
| }, | |
| "newslot" : { | |
| "type" : "long" | |
| }, | |
| "nextstat" : { | |
| "type" : "long" | |
| }, | |
| "nf_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "noise" : { | |
| "type" : "long" | |
| }, | |
| "old_status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "old_value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "oldchannel" : { | |
| "type" : "long" | |
| }, | |
| "oldchassisid" : { | |
| "type" : "long" | |
| }, | |
| "oldslot" : { | |
| "type" : "long" | |
| }, | |
| "oldsn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "oldwprof" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "onwire" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "opercountry" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "opertxpower" : { | |
| "type" : "long" | |
| }, | |
| "osname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "osversion" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "out_spi" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "outintf" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "passedcount" : { | |
| "type" : "long" | |
| }, | |
| "passwd" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "path" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "peer" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "peer_notif" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "phase2_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "phone" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "pid" : { | |
| "type" : "long" | |
| }, | |
| "policytype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "poolname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "port" : { | |
| "type" : "long" | |
| }, | |
| "portbegin" : { | |
| "type" : "long" | |
| }, | |
| "portend" : { | |
| "type" : "long" | |
| }, | |
| "probeproto" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "process" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "processtime" : { | |
| "type" : "long" | |
| }, | |
| "profile" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "profile_vd" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "profilegroup" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "profiletype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "qtypeval" : { | |
| "type" : "long" | |
| }, | |
| "quarskip" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "quotaexceeded" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "quotamax" : { | |
| "type" : "long" | |
| }, | |
| "quotatype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "quotaused" : { | |
| "type" : "long" | |
| }, | |
| "radioband" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "radioid" : { | |
| "type" : "long" | |
| }, | |
| "radioidclosest" : { | |
| "type" : "long" | |
| }, | |
| "radioiddetected" : { | |
| "type" : "long" | |
| }, | |
| "rate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rawdata" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rawdataid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rcvddelta" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "reason" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "received" : { | |
| "type" : "long" | |
| }, | |
| "receivedsignature" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "red" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "referralurl" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "remote" : { | |
| "type" : "ip" | |
| }, | |
| "remotewtptime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "reporttype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "reqtype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "request_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "result" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "role" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rssi" : { | |
| "type" : "long" | |
| }, | |
| "rsso_key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ruledata" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ruletype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "scanned" : { | |
| "type" : "long" | |
| }, | |
| "scantime" : { | |
| "type" : "long" | |
| }, | |
| "scope" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "security" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sensitivity" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sensor" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sentdelta" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "seq" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "serial" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "serialno" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "server" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "session_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sessionid" : { | |
| "type" : "long" | |
| }, | |
| "setuprate" : { | |
| "type" : "long" | |
| }, | |
| "severity" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "shaperdroprcvdbyte" : { | |
| "type" : "long" | |
| }, | |
| "shaperdropsentbyte" : { | |
| "type" : "long" | |
| }, | |
| "shaperperipdropbyte" : { | |
| "type" : "long" | |
| }, | |
| "shaperperipname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "shaperrcvdname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "shapersentname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "shapingpolicyid" : { | |
| "type" : "long" | |
| }, | |
| "signal" : { | |
| "type" : "long" | |
| }, | |
| "size" : { | |
| "type" : "long" | |
| }, | |
| "slot" : { | |
| "type" : "long" | |
| }, | |
| "sn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "snclosest" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sndetected" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "snmeshparent" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "spi" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "src_int" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "srccountry" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "srcfamily" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "srchwvendor" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "srchwversion" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "srcinetsvc" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "srcintfrole" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "srcname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "srcserver" : { | |
| "type" : "long" | |
| }, | |
| "srcssid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "srcswversion" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "srcuuid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sscname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ssid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sslaction" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ssllocal" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sslremote" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "stacount" : { | |
| "type" : "long" | |
| }, | |
| "stage" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "stamac" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "stitch" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subject" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "submodule" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subservice" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subtype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "suspicious" : { | |
| "type" : "long" | |
| }, | |
| "switchproto" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sync_status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sync_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sysuptime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tamac" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "threattype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "time" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "to" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "to_vcluster" : { | |
| "type" : "long" | |
| }, | |
| "total" : { | |
| "type" : "long" | |
| }, | |
| "totalsession" : { | |
| "type" : "long" | |
| }, | |
| "trace_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "trandisp" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "transid" : { | |
| "type" : "long" | |
| }, | |
| "translationid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "trigger" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "trueclntip" : { | |
| "type" : "ip" | |
| }, | |
| "tunnelid" : { | |
| "type" : "long" | |
| }, | |
| "tunnelip" : { | |
| "type" : "ip" | |
| }, | |
| "tunneltype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ui" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "unauthusersource" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "unit" : { | |
| "type" : "long" | |
| }, | |
| "urlfilteridx" : { | |
| "type" : "long" | |
| }, | |
| "urlfilterlist" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "urlsource" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "urltype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "used" : { | |
| "type" : "long" | |
| }, | |
| "used_for_type" : { | |
| "type" : "long" | |
| }, | |
| "utmaction" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vap" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vapmode" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vcluster" : { | |
| "type" : "long" | |
| }, | |
| "vcluster_member" : { | |
| "type" : "long" | |
| }, | |
| "vcluster_state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vd" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vdname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vendorurl" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vip" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "virus" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "virusid" : { | |
| "type" : "long" | |
| }, | |
| "voip_proto" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vpn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vpntunnel" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vpntype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vrf" : { | |
| "type" : "long" | |
| }, | |
| "vulncat" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vulnid" : { | |
| "type" : "long" | |
| }, | |
| "vulnname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vwlid" : { | |
| "type" : "long" | |
| }, | |
| "vwlquality" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vwlservice" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vwpvlanid" : { | |
| "type" : "long" | |
| }, | |
| "wanin" : { | |
| "type" : "long" | |
| }, | |
| "wanoptapptype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "wanout" : { | |
| "type" : "long" | |
| }, | |
| "weakwepiv" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "xauthgroup" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "xauthuser" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "xid" : { | |
| "type" : "long" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "geo" : { | |
| "properties" : { | |
| "city_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "continent_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "country_iso_code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "country_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "location" : { | |
| "type" : "geo_point" | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "region_iso_code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "region_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "googlecloud" : { | |
| "properties" : { | |
| "audit" : { | |
| "properties" : { | |
| "authentication_info" : { | |
| "properties" : { | |
| "authority_selector" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "principal_email" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "method_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "num_response_items" : { | |
| "type" : "long" | |
| }, | |
| "request" : { | |
| "properties" : { | |
| "filter" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "proto_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "resource_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "request_metadata" : { | |
| "properties" : { | |
| "caller_ip" : { | |
| "type" : "ip" | |
| }, | |
| "caller_supplied_user_agent" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "resource_location" : { | |
| "properties" : { | |
| "current_locations" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "resource_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "response" : { | |
| "properties" : { | |
| "details" : { | |
| "properties" : { | |
| "group" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "kind" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "uid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "proto_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "service_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "status" : { | |
| "properties" : { | |
| "code" : { | |
| "type" : "long" | |
| }, | |
| "message" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "destination" : { | |
| "properties" : { | |
| "instance" : { | |
| "properties" : { | |
| "project_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "region" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "zone" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "vpc" : { | |
| "properties" : { | |
| "project_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subnetwork_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vpc_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "firewall" : { | |
| "properties" : { | |
| "rule_details" : { | |
| "properties" : { | |
| "action" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "destination_range" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "direction" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "priority" : { | |
| "type" : "long" | |
| }, | |
| "reference" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "source_range" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "source_service_account" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "source_tag" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "target_service_account" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "target_tag" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "source" : { | |
| "properties" : { | |
| "instance" : { | |
| "properties" : { | |
| "project_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "region" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "zone" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "vpc" : { | |
| "properties" : { | |
| "project_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subnetwork_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vpc_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "vpcflow" : { | |
| "properties" : { | |
| "reporter" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rtt" : { | |
| "properties" : { | |
| "ms" : { | |
| "type" : "long" | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "group" : { | |
| "properties" : { | |
| "domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "gsuite" : { | |
| "properties" : { | |
| "actor" : { | |
| "properties" : { | |
| "key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "admin" : { | |
| "properties" : { | |
| "alert" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "api" : { | |
| "properties" : { | |
| "client" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "scopes" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "application" : { | |
| "properties" : { | |
| "asp_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "edition" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "enabled" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "licences_order_number" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "licences_purchased" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "package_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "bulk_upload" : { | |
| "properties" : { | |
| "failed" : { | |
| "type" : "long" | |
| }, | |
| "total" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "chrome_licenses" : { | |
| "properties" : { | |
| "allowed" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "enabled" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "chrome_os" : { | |
| "properties" : { | |
| "session_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "device" : { | |
| "properties" : { | |
| "command_details" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "serial_number" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "distribution" : { | |
| "properties" : { | |
| "entity" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "domain" : { | |
| "properties" : { | |
| "alias" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "secondary_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "email" : { | |
| "properties" : { | |
| "log_search_filter" : { | |
| "properties" : { | |
| "end_date" : { | |
| "type" : "date" | |
| }, | |
| "message_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "recipient" : { | |
| "properties" : { | |
| "ip" : { | |
| "type" : "ip" | |
| }, | |
| "value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "sender" : { | |
| "properties" : { | |
| "ip" : { | |
| "type" : "ip" | |
| }, | |
| "value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "start_date" : { | |
| "type" : "date" | |
| } | |
| } | |
| }, | |
| "quarantine_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "email_dump" : { | |
| "properties" : { | |
| "include_deleted" : { | |
| "type" : "boolean" | |
| }, | |
| "package_content" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "query" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "email_monitor" : { | |
| "properties" : { | |
| "dest_email" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "level" : { | |
| "properties" : { | |
| "chat" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "draft" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "incoming" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "outgoing" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "field" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "gateway" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "group" : { | |
| "properties" : { | |
| "allowed_list" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "email" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "priorities" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "info_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "managed_configuration" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mdm" : { | |
| "properties" : { | |
| "token" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vendor" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "mobile" : { | |
| "properties" : { | |
| "action" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "certificate" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "company_owned_devices" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "new_value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "non_featured_services_selection" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "oauth2" : { | |
| "properties" : { | |
| "application" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "service" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "old_value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "org_unit" : { | |
| "properties" : { | |
| "full" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "print_server" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "printer" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "privilege" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "product" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sku" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "request" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "resource" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "role" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "rule" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "service" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "setting" : { | |
| "properties" : { | |
| "description" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "url" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "user" : { | |
| "properties" : { | |
| "birthdate" : { | |
| "type" : "date" | |
| }, | |
| "email" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "nickname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "user_defined_setting" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "verification_method" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "drive" : { | |
| "properties" : { | |
| "added_role" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "billable" : { | |
| "type" : "boolean" | |
| }, | |
| "destination_folder_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "destination_folder_title" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "file" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "owner" : { | |
| "properties" : { | |
| "email" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "is_shared_drive" : { | |
| "type" : "boolean" | |
| } | |
| } | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "membership_change_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "new_value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "old_value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "old_visibility" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "originating_app_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "primary_event" : { | |
| "type" : "boolean" | |
| }, | |
| "removed_role" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "shared_drive_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "shared_drive_settings_change_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sheets_import_range_recipient_doc" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "source_folder_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "source_folder_title" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "target" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "target_domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "visibility" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "visibility_change" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "event" : { | |
| "properties" : { | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "groups" : { | |
| "properties" : { | |
| "acl_permission" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "email" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "member" : { | |
| "properties" : { | |
| "email" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "role" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "message" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "moderation_action" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "new_value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "old_value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "setting" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "kind" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "login" : { | |
| "properties" : { | |
| "affected_email_address" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "challenge_method" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "failure_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "is_second_factor" : { | |
| "type" : "boolean" | |
| }, | |
| "is_suspicious" : { | |
| "type" : "boolean" | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "organization" : { | |
| "properties" : { | |
| "domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "saml" : { | |
| "properties" : { | |
| "application_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "failure_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "initiated_by" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "orgunit_path" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "second_level_status_code" : { | |
| "type" : "long" | |
| }, | |
| "status_code" : { | |
| "type" : "long" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "haproxy" : { | |
| "properties" : { | |
| "backend_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "backend_queue" : { | |
| "type" : "long" | |
| }, | |
| "bind_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "bytes_read" : { | |
| "type" : "long" | |
| }, | |
| "client" : { | |
| "type" : "object" | |
| }, | |
| "connection_wait_time_ms" : { | |
| "type" : "long" | |
| }, | |
| "connections" : { | |
| "properties" : { | |
| "active" : { | |
| "type" : "long" | |
| }, | |
| "backend" : { | |
| "type" : "long" | |
| }, | |
| "frontend" : { | |
| "type" : "long" | |
| }, | |
| "retries" : { | |
| "type" : "long" | |
| }, | |
| "server" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "destination" : { | |
| "type" : "object" | |
| }, | |
| "error_message" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "frontend_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "geoip" : { | |
| "type" : "object" | |
| }, | |
| "http" : { | |
| "properties" : { | |
| "request" : { | |
| "properties" : { | |
| "captured_cookie" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "captured_headers" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "raw_request_line" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "time_wait_ms" : { | |
| "type" : "long" | |
| }, | |
| "time_wait_without_data_ms" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "response" : { | |
| "properties" : { | |
| "captured_cookie" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "captured_headers" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "mode" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "server_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "server_queue" : { | |
| "type" : "long" | |
| }, | |
| "source" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tcp" : { | |
| "properties" : { | |
| "connection_waiting_time_ms" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "termination_state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "time_backend_connect" : { | |
| "type" : "long" | |
| }, | |
| "time_queue" : { | |
| "type" : "long" | |
| }, | |
| "total_waiting_time_ms" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "hash" : { | |
| "properties" : { | |
| "md5" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sha1" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sha256" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sha512" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "host" : { | |
| "properties" : { | |
| "architecture" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "containerized" : { | |
| "type" : "boolean" | |
| }, | |
| "domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "geo" : { | |
| "properties" : { | |
| "city_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "continent_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "country_iso_code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "country_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "location" : { | |
| "type" : "geo_point" | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "region_iso_code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "region_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "hostname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ip" : { | |
| "type" : "ip" | |
| }, | |
| "mac" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "os" : { | |
| "properties" : { | |
| "build" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "codename" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "family" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "full" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "kernel" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "platform" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "uptime" : { | |
| "type" : "long" | |
| }, | |
| "user" : { | |
| "properties" : { | |
| "domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "email" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "full_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "group" : { | |
| "properties" : { | |
| "domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "hash" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "http" : { | |
| "properties" : { | |
| "request" : { | |
| "properties" : { | |
| "body" : { | |
| "properties" : { | |
| "bytes" : { | |
| "type" : "long" | |
| }, | |
| "content" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "bytes" : { | |
| "type" : "long" | |
| }, | |
| "method" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "referrer" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "response" : { | |
| "properties" : { | |
| "body" : { | |
| "properties" : { | |
| "bytes" : { | |
| "type" : "long" | |
| }, | |
| "content" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "bytes" : { | |
| "type" : "long" | |
| }, | |
| "status_code" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "ibmmq" : { | |
| "properties" : { | |
| "errorlog" : { | |
| "properties" : { | |
| "action" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "arithinsert" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "commentinsert" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "errordescription" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "explanation" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "installation" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "qmgr" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "icinga" : { | |
| "properties" : { | |
| "debug" : { | |
| "properties" : { | |
| "facility" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "main" : { | |
| "properties" : { | |
| "facility" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "startup" : { | |
| "properties" : { | |
| "facility" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "icmp" : { | |
| "properties" : { | |
| "code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "igmp" : { | |
| "properties" : { | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "iis" : { | |
| "properties" : { | |
| "access" : { | |
| "properties" : { | |
| "cookie" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "geoip" : { | |
| "type" : "object" | |
| }, | |
| "server_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "site_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sub_status" : { | |
| "type" : "long" | |
| }, | |
| "user_agent" : { | |
| "type" : "object" | |
| }, | |
| "win32_status" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "error" : { | |
| "properties" : { | |
| "geoip" : { | |
| "type" : "object" | |
| }, | |
| "queue_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "reason_phrase" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "input" : { | |
| "properties" : { | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "interface" : { | |
| "properties" : { | |
| "alias" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "iptables" : { | |
| "properties" : { | |
| "ether_type" : { | |
| "type" : "long" | |
| }, | |
| "flow_label" : { | |
| "type" : "long" | |
| }, | |
| "fragment_flags" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "fragment_offset" : { | |
| "type" : "long" | |
| }, | |
| "icmp" : { | |
| "properties" : { | |
| "code" : { | |
| "type" : "long" | |
| }, | |
| "id" : { | |
| "type" : "long" | |
| }, | |
| "parameter" : { | |
| "type" : "long" | |
| }, | |
| "redirect" : { | |
| "type" : "ip" | |
| }, | |
| "seq" : { | |
| "type" : "long" | |
| }, | |
| "type" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "id" : { | |
| "type" : "long" | |
| }, | |
| "incomplete_bytes" : { | |
| "type" : "long" | |
| }, | |
| "input_device" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "length" : { | |
| "type" : "long" | |
| }, | |
| "output_device" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "precedence_bits" : { | |
| "type" : "short" | |
| }, | |
| "tcp" : { | |
| "properties" : { | |
| "ack" : { | |
| "type" : "long" | |
| }, | |
| "flags" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "reserved_bits" : { | |
| "type" : "short" | |
| }, | |
| "seq" : { | |
| "type" : "long" | |
| }, | |
| "window" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "tos" : { | |
| "type" : "long" | |
| }, | |
| "ttl" : { | |
| "type" : "long" | |
| }, | |
| "ubiquiti" : { | |
| "properties" : { | |
| "input_zone" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "output_zone" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rule_number" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rule_set" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "udp" : { | |
| "properties" : { | |
| "length" : { | |
| "type" : "long" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "jolokia" : { | |
| "properties" : { | |
| "agent" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "secured" : { | |
| "type" : "boolean" | |
| }, | |
| "server" : { | |
| "properties" : { | |
| "product" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vendor" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "url" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "kafka" : { | |
| "properties" : { | |
| "block_timestamp" : { | |
| "type" : "date" | |
| }, | |
| "key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "log" : { | |
| "properties" : { | |
| "class" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "component" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "thread" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "trace" : { | |
| "properties" : { | |
| "class" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "message" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "offset" : { | |
| "type" : "long" | |
| }, | |
| "partition" : { | |
| "type" : "long" | |
| }, | |
| "topic" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "kibana" : { | |
| "properties" : { | |
| "log" : { | |
| "properties" : { | |
| "meta" : { | |
| "type" : "object" | |
| }, | |
| "state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tags" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "kubernetes" : { | |
| "properties" : { | |
| "annotations" : { | |
| "properties" : { | |
| "*" : { | |
| "type" : "object" | |
| } | |
| } | |
| }, | |
| "container" : { | |
| "properties" : { | |
| "image" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "deployment" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "labels" : { | |
| "properties" : { | |
| "*" : { | |
| "type" : "object" | |
| } | |
| } | |
| }, | |
| "namespace" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "node" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "pod" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "uid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "replicaset" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "statefulset" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "labels" : { | |
| "type" : "object" | |
| }, | |
| "log" : { | |
| "properties" : { | |
| "file" : { | |
| "properties" : { | |
| "path" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "flags" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "level" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "logger" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "offset" : { | |
| "type" : "long" | |
| }, | |
| "origin" : { | |
| "properties" : { | |
| "file" : { | |
| "properties" : { | |
| "line" : { | |
| "type" : "long" | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "function" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "original" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "source" : { | |
| "properties" : { | |
| "address" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "syslog" : { | |
| "properties" : { | |
| "facility" : { | |
| "properties" : { | |
| "code" : { | |
| "type" : "long" | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "priority" : { | |
| "type" : "long" | |
| }, | |
| "severity" : { | |
| "properties" : { | |
| "code" : { | |
| "type" : "long" | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "logstash" : { | |
| "properties" : { | |
| "log" : { | |
| "properties" : { | |
| "log_event" : { | |
| "type" : "object" | |
| }, | |
| "module" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "pipeline_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "thread" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "slowlog" : { | |
| "properties" : { | |
| "event" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "module" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "plugin_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "plugin_params" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "plugin_params_object" : { | |
| "type" : "object" | |
| }, | |
| "plugin_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "thread" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "took_in_millis" : { | |
| "type" : "long" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "managementEvent" : { | |
| "type" : "boolean" | |
| }, | |
| "message" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "microsoft" : { | |
| "properties" : { | |
| "defender_atp" : { | |
| "properties" : { | |
| "assignedTo" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "classification" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "determination" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "evidence" : { | |
| "properties" : { | |
| "aadUserId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "accountName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "domainName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "entityType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ipAddress" : { | |
| "type" : "ip" | |
| }, | |
| "userPrincipalName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "incidentId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "investigationId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "investigationState" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "lastUpdateTime" : { | |
| "type" : "date" | |
| }, | |
| "rbacGroupName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "resolvedTime" : { | |
| "type" : "date" | |
| }, | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "threatFamilyName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "misp" : { | |
| "properties" : { | |
| "attack_pattern" : { | |
| "properties" : { | |
| "description" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "kill_chain_phases" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "campaign" : { | |
| "properties" : { | |
| "aliases" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "description" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "first_seen" : { | |
| "type" : "date" | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "last_seen" : { | |
| "type" : "date" | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "objective" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "course_of_action" : { | |
| "properties" : { | |
| "description" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "identity" : { | |
| "properties" : { | |
| "contact_information" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "description" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "identity_class" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "labels" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sectors" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "intrusion_set" : { | |
| "properties" : { | |
| "aliases" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "description" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "first_seen" : { | |
| "type" : "date" | |
| }, | |
| "goals" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "last_seen" : { | |
| "type" : "date" | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "primary_motivation" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "resource_level" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "secondary_motivations" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "malware" : { | |
| "properties" : { | |
| "description" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "kill_chain_phases" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "labels" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "note" : { | |
| "properties" : { | |
| "authors" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "description" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "object_refs" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "summary" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "observed_data" : { | |
| "properties" : { | |
| "first_observed" : { | |
| "type" : "date" | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "last_observed" : { | |
| "type" : "date" | |
| }, | |
| "number_observed" : { | |
| "type" : "long" | |
| }, | |
| "objects" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "report" : { | |
| "properties" : { | |
| "description" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "labels" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "object_refs" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "published" : { | |
| "type" : "date" | |
| } | |
| } | |
| }, | |
| "threat_actor" : { | |
| "properties" : { | |
| "aliases" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "description" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "goals" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "labels" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "personal_motivations" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "primary_motivation" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "resource_level" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "roles" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "secondary_motivations" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "sophistication" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "threat_indicator" : { | |
| "properties" : { | |
| "attack_pattern" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "attack_pattern_kql" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "campaign" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "confidence" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "description" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "feed" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "intrusion_set" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "kill_chain_phases" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "labels" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mitre_tactic" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mitre_technique" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "negate" : { | |
| "type" : "boolean" | |
| }, | |
| "severity" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "threat_actor" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "valid_from" : { | |
| "type" : "date" | |
| }, | |
| "valid_until" : { | |
| "type" : "date" | |
| }, | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "tool" : { | |
| "properties" : { | |
| "description" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "kill_chain_phases" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "labels" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tool_version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "vulnerability" : { | |
| "properties" : { | |
| "description" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "mongodb" : { | |
| "properties" : { | |
| "log" : { | |
| "properties" : { | |
| "component" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "context" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "mssql" : { | |
| "properties" : { | |
| "log" : { | |
| "properties" : { | |
| "origin" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "mysql" : { | |
| "properties" : { | |
| "error" : { | |
| "type" : "object" | |
| }, | |
| "slowlog" : { | |
| "properties" : { | |
| "bytes_received" : { | |
| "type" : "long" | |
| }, | |
| "bytes_sent" : { | |
| "type" : "long" | |
| }, | |
| "current_user" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "filesort" : { | |
| "type" : "boolean" | |
| }, | |
| "filesort_on_disk" : { | |
| "type" : "boolean" | |
| }, | |
| "full_join" : { | |
| "type" : "boolean" | |
| }, | |
| "full_scan" : { | |
| "type" : "boolean" | |
| }, | |
| "innodb" : { | |
| "properties" : { | |
| "io_r_bytes" : { | |
| "type" : "long" | |
| }, | |
| "io_r_ops" : { | |
| "type" : "long" | |
| }, | |
| "io_r_wait" : { | |
| "properties" : { | |
| "sec" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "pages_distinct" : { | |
| "type" : "long" | |
| }, | |
| "queue_wait" : { | |
| "properties" : { | |
| "sec" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "rec_lock_wait" : { | |
| "properties" : { | |
| "sec" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "trx_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "killed" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "last_errno" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "lock_time" : { | |
| "properties" : { | |
| "sec" : { | |
| "type" : "float" | |
| } | |
| } | |
| }, | |
| "log_slow_rate_limit" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "log_slow_rate_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "merge_passes" : { | |
| "type" : "long" | |
| }, | |
| "priority_queue" : { | |
| "type" : "boolean" | |
| }, | |
| "query" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "query_cache_hit" : { | |
| "type" : "boolean" | |
| }, | |
| "read_first" : { | |
| "type" : "long" | |
| }, | |
| "read_key" : { | |
| "type" : "long" | |
| }, | |
| "read_last" : { | |
| "type" : "long" | |
| }, | |
| "read_next" : { | |
| "type" : "long" | |
| }, | |
| "read_prev" : { | |
| "type" : "long" | |
| }, | |
| "read_rnd" : { | |
| "type" : "long" | |
| }, | |
| "read_rnd_next" : { | |
| "type" : "long" | |
| }, | |
| "rows_affected" : { | |
| "type" : "long" | |
| }, | |
| "rows_examined" : { | |
| "type" : "long" | |
| }, | |
| "rows_sent" : { | |
| "type" : "long" | |
| }, | |
| "schema" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sort_merge_passes" : { | |
| "type" : "long" | |
| }, | |
| "sort_range_count" : { | |
| "type" : "long" | |
| }, | |
| "sort_rows" : { | |
| "type" : "long" | |
| }, | |
| "sort_scan_count" : { | |
| "type" : "long" | |
| }, | |
| "tmp_disk_tables" : { | |
| "type" : "long" | |
| }, | |
| "tmp_table" : { | |
| "type" : "boolean" | |
| }, | |
| "tmp_table_on_disk" : { | |
| "type" : "boolean" | |
| }, | |
| "tmp_table_sizes" : { | |
| "type" : "long" | |
| }, | |
| "tmp_tables" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "thread_id" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "nats" : { | |
| "properties" : { | |
| "log" : { | |
| "properties" : { | |
| "client" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "msg" : { | |
| "properties" : { | |
| "bytes" : { | |
| "type" : "long" | |
| }, | |
| "error" : { | |
| "properties" : { | |
| "message" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "max_messages" : { | |
| "type" : "long" | |
| }, | |
| "queue_group" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "reply_to" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sid" : { | |
| "type" : "long" | |
| }, | |
| "subject" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "netflow" : { | |
| "properties" : { | |
| "absolute_error" : { | |
| "type" : "double" | |
| }, | |
| "address_pool_high_threshold" : { | |
| "type" : "long" | |
| }, | |
| "address_pool_low_threshold" : { | |
| "type" : "long" | |
| }, | |
| "address_port_mapping_high_threshold" : { | |
| "type" : "long" | |
| }, | |
| "address_port_mapping_low_threshold" : { | |
| "type" : "long" | |
| }, | |
| "address_port_mapping_per_user_high_threshold" : { | |
| "type" : "long" | |
| }, | |
| "anonymization_flags" : { | |
| "type" : "long" | |
| }, | |
| "anonymization_technique" : { | |
| "type" : "long" | |
| }, | |
| "application_category_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "application_description" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "application_group_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "application_id" : { | |
| "type" : "short" | |
| }, | |
| "application_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "application_sub_category_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "bgp_destination_as_number" : { | |
| "type" : "long" | |
| }, | |
| "bgp_next_adjacent_as_number" : { | |
| "type" : "long" | |
| }, | |
| "bgp_next_hop_ipv4_address" : { | |
| "type" : "ip" | |
| }, | |
| "bgp_next_hop_ipv6_address" : { | |
| "type" : "ip" | |
| }, | |
| "bgp_prev_adjacent_as_number" : { | |
| "type" : "long" | |
| }, | |
| "bgp_source_as_number" : { | |
| "type" : "long" | |
| }, | |
| "bgp_validity_state" : { | |
| "type" : "short" | |
| }, | |
| "biflow_direction" : { | |
| "type" : "short" | |
| }, | |
| "class_id" : { | |
| "type" : "long" | |
| }, | |
| "class_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "classification_engine_id" : { | |
| "type" : "short" | |
| }, | |
| "collection_time_milliseconds" : { | |
| "type" : "date" | |
| }, | |
| "collector_certificate" : { | |
| "type" : "short" | |
| }, | |
| "collector_ipv4_address" : { | |
| "type" : "ip" | |
| }, | |
| "collector_ipv6_address" : { | |
| "type" : "ip" | |
| }, | |
| "collector_transport_port" : { | |
| "type" : "long" | |
| }, | |
| "common_properties_id" : { | |
| "type" : "long" | |
| }, | |
| "confidence_level" : { | |
| "type" : "double" | |
| }, | |
| "connection_sum_duration_seconds" : { | |
| "type" : "long" | |
| }, | |
| "connection_transaction_id" : { | |
| "type" : "long" | |
| }, | |
| "data_link_frame_section" : { | |
| "type" : "short" | |
| }, | |
| "data_link_frame_size" : { | |
| "type" : "long" | |
| }, | |
| "data_link_frame_type" : { | |
| "type" : "long" | |
| }, | |
| "data_records_reliability" : { | |
| "type" : "boolean" | |
| }, | |
| "delta_flow_count" : { | |
| "type" : "long" | |
| }, | |
| "destination_ipv4_address" : { | |
| "type" : "ip" | |
| }, | |
| "destination_ipv4_prefix" : { | |
| "type" : "ip" | |
| }, | |
| "destination_ipv4_prefix_length" : { | |
| "type" : "short" | |
| }, | |
| "destination_ipv6_address" : { | |
| "type" : "ip" | |
| }, | |
| "destination_ipv6_prefix" : { | |
| "type" : "ip" | |
| }, | |
| "destination_ipv6_prefix_length" : { | |
| "type" : "short" | |
| }, | |
| "destination_mac_address" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "destination_transport_port" : { | |
| "type" : "long" | |
| }, | |
| "digest_hash_value" : { | |
| "type" : "long" | |
| }, | |
| "distinct_count_of_destination_ip_address" : { | |
| "type" : "long" | |
| }, | |
| "distinct_count_of_destination_ipv4_address" : { | |
| "type" : "long" | |
| }, | |
| "distinct_count_of_destination_ipv6_address" : { | |
| "type" : "long" | |
| }, | |
| "distinct_count_of_source_ip_address" : { | |
| "type" : "long" | |
| }, | |
| "distinct_count_of_source_ipv4_address" : { | |
| "type" : "long" | |
| }, | |
| "distinct_count_of_source_ipv6_address" : { | |
| "type" : "long" | |
| }, | |
| "dot1q_customer_dei" : { | |
| "type" : "boolean" | |
| }, | |
| "dot1q_customer_destination_mac_address" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dot1q_customer_priority" : { | |
| "type" : "short" | |
| }, | |
| "dot1q_customer_source_mac_address" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dot1q_customer_vlan_id" : { | |
| "type" : "long" | |
| }, | |
| "dot1q_dei" : { | |
| "type" : "boolean" | |
| }, | |
| "dot1q_priority" : { | |
| "type" : "short" | |
| }, | |
| "dot1q_service_instance_id" : { | |
| "type" : "long" | |
| }, | |
| "dot1q_service_instance_priority" : { | |
| "type" : "short" | |
| }, | |
| "dot1q_service_instance_tag" : { | |
| "type" : "short" | |
| }, | |
| "dot1q_vlan_id" : { | |
| "type" : "long" | |
| }, | |
| "dropped_layer2_octet_delta_count" : { | |
| "type" : "long" | |
| }, | |
| "dropped_layer2_octet_total_count" : { | |
| "type" : "long" | |
| }, | |
| "dropped_octet_delta_count" : { | |
| "type" : "long" | |
| }, | |
| "dropped_octet_total_count" : { | |
| "type" : "long" | |
| }, | |
| "dropped_packet_delta_count" : { | |
| "type" : "long" | |
| }, | |
| "dropped_packet_total_count" : { | |
| "type" : "long" | |
| }, | |
| "dst_traffic_index" : { | |
| "type" : "long" | |
| }, | |
| "egress_broadcast_packet_total_count" : { | |
| "type" : "long" | |
| }, | |
| "egress_interface" : { | |
| "type" : "long" | |
| }, | |
| "egress_interface_type" : { | |
| "type" : "long" | |
| }, | |
| "egress_physical_interface" : { | |
| "type" : "long" | |
| }, | |
| "egress_unicast_packet_total_count" : { | |
| "type" : "long" | |
| }, | |
| "egress_vrfid" : { | |
| "type" : "long" | |
| }, | |
| "encrypted_technology" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "engine_id" : { | |
| "type" : "short" | |
| }, | |
| "engine_type" : { | |
| "type" : "short" | |
| }, | |
| "ethernet_header_length" : { | |
| "type" : "short" | |
| }, | |
| "ethernet_payload_length" : { | |
| "type" : "long" | |
| }, | |
| "ethernet_total_length" : { | |
| "type" : "long" | |
| }, | |
| "ethernet_type" : { | |
| "type" : "long" | |
| }, | |
| "export_interface" : { | |
| "type" : "long" | |
| }, | |
| "export_protocol_version" : { | |
| "type" : "short" | |
| }, | |
| "export_sctp_stream_id" : { | |
| "type" : "long" | |
| }, | |
| "export_transport_protocol" : { | |
| "type" : "short" | |
| }, | |
| "exported_flow_record_total_count" : { | |
| "type" : "long" | |
| }, | |
| "exported_message_total_count" : { | |
| "type" : "long" | |
| }, | |
| "exported_octet_total_count" : { | |
| "type" : "long" | |
| }, | |
| "exporter" : { | |
| "properties" : { | |
| "address" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "source_id" : { | |
| "type" : "long" | |
| }, | |
| "timestamp" : { | |
| "type" : "date" | |
| }, | |
| "uptime_millis" : { | |
| "type" : "long" | |
| }, | |
| "version" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "exporter_certificate" : { | |
| "type" : "short" | |
| }, | |
| "exporter_ipv4_address" : { | |
| "type" : "ip" | |
| }, | |
| "exporter_ipv6_address" : { | |
| "type" : "ip" | |
| }, | |
| "exporter_transport_port" : { | |
| "type" : "long" | |
| }, | |
| "exporting_process_id" : { | |
| "type" : "long" | |
| }, | |
| "external_address_realm" : { | |
| "type" : "short" | |
| }, | |
| "firewall_event" : { | |
| "type" : "short" | |
| }, | |
| "flags_and_sampler_id" : { | |
| "type" : "long" | |
| }, | |
| "flow_active_timeout" : { | |
| "type" : "long" | |
| }, | |
| "flow_direction" : { | |
| "type" : "short" | |
| }, | |
| "flow_duration_microseconds" : { | |
| "type" : "long" | |
| }, | |
| "flow_duration_milliseconds" : { | |
| "type" : "long" | |
| }, | |
| "flow_end_delta_microseconds" : { | |
| "type" : "long" | |
| }, | |
| "flow_end_microseconds" : { | |
| "type" : "date" | |
| }, | |
| "flow_end_milliseconds" : { | |
| "type" : "date" | |
| }, | |
| "flow_end_nanoseconds" : { | |
| "type" : "date" | |
| }, | |
| "flow_end_reason" : { | |
| "type" : "short" | |
| }, | |
| "flow_end_seconds" : { | |
| "type" : "date" | |
| }, | |
| "flow_end_sys_up_time" : { | |
| "type" : "long" | |
| }, | |
| "flow_id" : { | |
| "type" : "long" | |
| }, | |
| "flow_idle_timeout" : { | |
| "type" : "long" | |
| }, | |
| "flow_key_indicator" : { | |
| "type" : "long" | |
| }, | |
| "flow_label_ipv6" : { | |
| "type" : "long" | |
| }, | |
| "flow_sampling_time_interval" : { | |
| "type" : "long" | |
| }, | |
| "flow_sampling_time_spacing" : { | |
| "type" : "long" | |
| }, | |
| "flow_selected_flow_delta_count" : { | |
| "type" : "long" | |
| }, | |
| "flow_selected_octet_delta_count" : { | |
| "type" : "long" | |
| }, | |
| "flow_selected_packet_delta_count" : { | |
| "type" : "long" | |
| }, | |
| "flow_selector_algorithm" : { | |
| "type" : "long" | |
| }, | |
| "flow_start_delta_microseconds" : { | |
| "type" : "long" | |
| }, | |
| "flow_start_microseconds" : { | |
| "type" : "date" | |
| }, | |
| "flow_start_milliseconds" : { | |
| "type" : "date" | |
| }, | |
| "flow_start_nanoseconds" : { | |
| "type" : "date" | |
| }, | |
| "flow_start_seconds" : { | |
| "type" : "date" | |
| }, | |
| "flow_start_sys_up_time" : { | |
| "type" : "long" | |
| }, | |
| "forwarding_status" : { | |
| "type" : "short" | |
| }, | |
| "fragment_flags" : { | |
| "type" : "short" | |
| }, | |
| "fragment_identification" : { | |
| "type" : "long" | |
| }, | |
| "fragment_offset" : { | |
| "type" : "long" | |
| }, | |
| "global_address_mapping_high_threshold" : { | |
| "type" : "long" | |
| }, | |
| "gre_key" : { | |
| "type" : "long" | |
| }, | |
| "hash_digest_output" : { | |
| "type" : "boolean" | |
| }, | |
| "hash_flow_domain" : { | |
| "type" : "long" | |
| }, | |
| "hash_initialiser_value" : { | |
| "type" : "long" | |
| }, | |
| "hash_ip_payload_offset" : { | |
| "type" : "long" | |
| }, | |
| "hash_ip_payload_size" : { | |
| "type" : "long" | |
| }, | |
| "hash_output_range_max" : { | |
| "type" : "long" | |
| }, | |
| "hash_output_range_min" : { | |
| "type" : "long" | |
| }, | |
| "hash_selected_range_max" : { | |
| "type" : "long" | |
| }, | |
| "hash_selected_range_min" : { | |
| "type" : "long" | |
| }, | |
| "http_content_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "http_message_version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "http_reason_phrase" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "http_request_host" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "http_request_method" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "http_request_target" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "http_status_code" : { | |
| "type" : "long" | |
| }, | |
| "http_user_agent" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "icmp_code_ipv4" : { | |
| "type" : "short" | |
| }, | |
| "icmp_code_ipv6" : { | |
| "type" : "short" | |
| }, | |
| "icmp_type_code_ipv4" : { | |
| "type" : "long" | |
| }, | |
| "icmp_type_code_ipv6" : { | |
| "type" : "long" | |
| }, | |
| "icmp_type_ipv4" : { | |
| "type" : "short" | |
| }, | |
| "icmp_type_ipv6" : { | |
| "type" : "short" | |
| }, | |
| "igmp_type" : { | |
| "type" : "short" | |
| }, | |
| "ignored_data_record_total_count" : { | |
| "type" : "long" | |
| }, | |
| "ignored_layer2_frame_total_count" : { | |
| "type" : "long" | |
| }, | |
| "ignored_layer2_octet_total_count" : { | |
| "type" : "long" | |
| }, | |
| "ignored_octet_total_count" : { | |
| "type" : "long" | |
| }, | |
| "ignored_packet_total_count" : { | |
| "type" : "long" | |
| }, | |
| "information_element_data_type" : { | |
| "type" : "short" | |
| }, | |
| "information_element_description" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "information_element_id" : { | |
| "type" : "long" | |
| }, | |
| "information_element_index" : { | |
| "type" : "long" | |
| }, | |
| "information_element_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "information_element_range_begin" : { | |
| "type" : "long" | |
| }, | |
| "information_element_range_end" : { | |
| "type" : "long" | |
| }, | |
| "information_element_semantics" : { | |
| "type" : "short" | |
| }, | |
| "information_element_units" : { | |
| "type" : "long" | |
| }, | |
| "ingress_broadcast_packet_total_count" : { | |
| "type" : "long" | |
| }, | |
| "ingress_interface" : { | |
| "type" : "long" | |
| }, | |
| "ingress_interface_type" : { | |
| "type" : "long" | |
| }, | |
| "ingress_multicast_packet_total_count" : { | |
| "type" : "long" | |
| }, | |
| "ingress_physical_interface" : { | |
| "type" : "long" | |
| }, | |
| "ingress_unicast_packet_total_count" : { | |
| "type" : "long" | |
| }, | |
| "ingress_vrfid" : { | |
| "type" : "long" | |
| }, | |
| "initiator_octets" : { | |
| "type" : "long" | |
| }, | |
| "initiator_packets" : { | |
| "type" : "long" | |
| }, | |
| "interface_description" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "interface_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "intermediate_process_id" : { | |
| "type" : "long" | |
| }, | |
| "internal_address_realm" : { | |
| "type" : "short" | |
| }, | |
| "ip_class_of_service" : { | |
| "type" : "short" | |
| }, | |
| "ip_diff_serv_code_point" : { | |
| "type" : "short" | |
| }, | |
| "ip_header_length" : { | |
| "type" : "short" | |
| }, | |
| "ip_header_packet_section" : { | |
| "type" : "short" | |
| }, | |
| "ip_next_hop_ipv4_address" : { | |
| "type" : "ip" | |
| }, | |
| "ip_next_hop_ipv6_address" : { | |
| "type" : "ip" | |
| }, | |
| "ip_payload_length" : { | |
| "type" : "long" | |
| }, | |
| "ip_payload_packet_section" : { | |
| "type" : "short" | |
| }, | |
| "ip_precedence" : { | |
| "type" : "short" | |
| }, | |
| "ip_sec_spi" : { | |
| "type" : "long" | |
| }, | |
| "ip_total_length" : { | |
| "type" : "long" | |
| }, | |
| "ip_ttl" : { | |
| "type" : "short" | |
| }, | |
| "ip_version" : { | |
| "type" : "short" | |
| }, | |
| "ipv4_ihl" : { | |
| "type" : "short" | |
| }, | |
| "ipv4_options" : { | |
| "type" : "long" | |
| }, | |
| "ipv4_router_sc" : { | |
| "type" : "ip" | |
| }, | |
| "ipv6_extension_headers" : { | |
| "type" : "long" | |
| }, | |
| "is_multicast" : { | |
| "type" : "short" | |
| }, | |
| "layer2_frame_delta_count" : { | |
| "type" : "long" | |
| }, | |
| "layer2_frame_total_count" : { | |
| "type" : "long" | |
| }, | |
| "layer2_octet_delta_count" : { | |
| "type" : "long" | |
| }, | |
| "layer2_octet_delta_sum_of_squares" : { | |
| "type" : "long" | |
| }, | |
| "layer2_octet_total_count" : { | |
| "type" : "long" | |
| }, | |
| "layer2_octet_total_sum_of_squares" : { | |
| "type" : "long" | |
| }, | |
| "layer2_segment_id" : { | |
| "type" : "long" | |
| }, | |
| "layer2packet_section_data" : { | |
| "type" : "short" | |
| }, | |
| "layer2packet_section_offset" : { | |
| "type" : "long" | |
| }, | |
| "layer2packet_section_size" : { | |
| "type" : "long" | |
| }, | |
| "line_card_id" : { | |
| "type" : "long" | |
| }, | |
| "lower_ci_limit" : { | |
| "type" : "double" | |
| }, | |
| "max_bib_entries" : { | |
| "type" : "long" | |
| }, | |
| "max_entries_per_user" : { | |
| "type" : "long" | |
| }, | |
| "max_export_seconds" : { | |
| "type" : "date" | |
| }, | |
| "max_flow_end_microseconds" : { | |
| "type" : "date" | |
| }, | |
| "max_flow_end_milliseconds" : { | |
| "type" : "date" | |
| }, | |
| "max_flow_end_nanoseconds" : { | |
| "type" : "date" | |
| }, | |
| "max_flow_end_seconds" : { | |
| "type" : "date" | |
| }, | |
| "max_fragments_pending_reassembly" : { | |
| "type" : "long" | |
| }, | |
| "max_session_entries" : { | |
| "type" : "long" | |
| }, | |
| "max_subscribers" : { | |
| "type" : "long" | |
| }, | |
| "maximum_ip_total_length" : { | |
| "type" : "long" | |
| }, | |
| "maximum_layer2_total_length" : { | |
| "type" : "long" | |
| }, | |
| "maximum_ttl" : { | |
| "type" : "short" | |
| }, | |
| "message_md5_checksum" : { | |
| "type" : "short" | |
| }, | |
| "message_scope" : { | |
| "type" : "short" | |
| }, | |
| "metering_process_id" : { | |
| "type" : "long" | |
| }, | |
| "metro_evc_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "metro_evc_type" : { | |
| "type" : "short" | |
| }, | |
| "mib_capture_time_semantics" : { | |
| "type" : "short" | |
| }, | |
| "mib_context_engine_id" : { | |
| "type" : "short" | |
| }, | |
| "mib_context_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mib_index_indicator" : { | |
| "type" : "long" | |
| }, | |
| "mib_module_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mib_object_description" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mib_object_identifier" : { | |
| "type" : "short" | |
| }, | |
| "mib_object_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mib_object_syntax" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mib_object_value_bits" : { | |
| "type" : "short" | |
| }, | |
| "mib_object_value_counter" : { | |
| "type" : "long" | |
| }, | |
| "mib_object_value_gauge" : { | |
| "type" : "long" | |
| }, | |
| "mib_object_value_integer" : { | |
| "type" : "long" | |
| }, | |
| "mib_object_value_ip_address" : { | |
| "type" : "ip" | |
| }, | |
| "mib_object_value_octet_string" : { | |
| "type" : "short" | |
| }, | |
| "mib_object_value_oid" : { | |
| "type" : "short" | |
| }, | |
| "mib_object_value_time_ticks" : { | |
| "type" : "long" | |
| }, | |
| "mib_object_value_unsigned" : { | |
| "type" : "long" | |
| }, | |
| "mib_sub_identifier" : { | |
| "type" : "long" | |
| }, | |
| "min_export_seconds" : { | |
| "type" : "date" | |
| }, | |
| "min_flow_start_microseconds" : { | |
| "type" : "date" | |
| }, | |
| "min_flow_start_milliseconds" : { | |
| "type" : "date" | |
| }, | |
| "min_flow_start_nanoseconds" : { | |
| "type" : "date" | |
| }, | |
| "min_flow_start_seconds" : { | |
| "type" : "date" | |
| }, | |
| "minimum_ip_total_length" : { | |
| "type" : "long" | |
| }, | |
| "minimum_layer2_total_length" : { | |
| "type" : "long" | |
| }, | |
| "minimum_ttl" : { | |
| "type" : "short" | |
| }, | |
| "mobile_imsi" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mobile_msisdn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "monitoring_interval_end_milli_seconds" : { | |
| "type" : "date" | |
| }, | |
| "monitoring_interval_start_milli_seconds" : { | |
| "type" : "date" | |
| }, | |
| "mpls_label_stack_depth" : { | |
| "type" : "long" | |
| }, | |
| "mpls_label_stack_length" : { | |
| "type" : "long" | |
| }, | |
| "mpls_label_stack_section" : { | |
| "type" : "short" | |
| }, | |
| "mpls_label_stack_section10" : { | |
| "type" : "short" | |
| }, | |
| "mpls_label_stack_section2" : { | |
| "type" : "short" | |
| }, | |
| "mpls_label_stack_section3" : { | |
| "type" : "short" | |
| }, | |
| "mpls_label_stack_section4" : { | |
| "type" : "short" | |
| }, | |
| "mpls_label_stack_section5" : { | |
| "type" : "short" | |
| }, | |
| "mpls_label_stack_section6" : { | |
| "type" : "short" | |
| }, | |
| "mpls_label_stack_section7" : { | |
| "type" : "short" | |
| }, | |
| "mpls_label_stack_section8" : { | |
| "type" : "short" | |
| }, | |
| "mpls_label_stack_section9" : { | |
| "type" : "short" | |
| }, | |
| "mpls_payload_length" : { | |
| "type" : "long" | |
| }, | |
| "mpls_payload_packet_section" : { | |
| "type" : "short" | |
| }, | |
| "mpls_top_label_exp" : { | |
| "type" : "short" | |
| }, | |
| "mpls_top_label_ipv4_address" : { | |
| "type" : "ip" | |
| }, | |
| "mpls_top_label_ipv6_address" : { | |
| "type" : "ip" | |
| }, | |
| "mpls_top_label_prefix_length" : { | |
| "type" : "short" | |
| }, | |
| "mpls_top_label_stack_section" : { | |
| "type" : "short" | |
| }, | |
| "mpls_top_label_ttl" : { | |
| "type" : "short" | |
| }, | |
| "mpls_top_label_type" : { | |
| "type" : "short" | |
| }, | |
| "mpls_vpn_route_distinguisher" : { | |
| "type" : "short" | |
| }, | |
| "multicast_replication_factor" : { | |
| "type" : "long" | |
| }, | |
| "nat_event" : { | |
| "type" : "short" | |
| }, | |
| "nat_instance_id" : { | |
| "type" : "long" | |
| }, | |
| "nat_originating_address_realm" : { | |
| "type" : "short" | |
| }, | |
| "nat_pool_id" : { | |
| "type" : "long" | |
| }, | |
| "nat_pool_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "nat_quota_exceeded_event" : { | |
| "type" : "long" | |
| }, | |
| "nat_threshold_event" : { | |
| "type" : "long" | |
| }, | |
| "nat_type" : { | |
| "type" : "short" | |
| }, | |
| "new_connection_delta_count" : { | |
| "type" : "long" | |
| }, | |
| "next_header_ipv6" : { | |
| "type" : "short" | |
| }, | |
| "not_sent_flow_total_count" : { | |
| "type" : "long" | |
| }, | |
| "not_sent_layer2_octet_total_count" : { | |
| "type" : "long" | |
| }, | |
| "not_sent_octet_total_count" : { | |
| "type" : "long" | |
| }, | |
| "not_sent_packet_total_count" : { | |
| "type" : "long" | |
| }, | |
| "observation_domain_id" : { | |
| "type" : "long" | |
| }, | |
| "observation_domain_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "observation_point_id" : { | |
| "type" : "long" | |
| }, | |
| "observation_point_type" : { | |
| "type" : "short" | |
| }, | |
| "observation_time_microseconds" : { | |
| "type" : "date" | |
| }, | |
| "observation_time_milliseconds" : { | |
| "type" : "date" | |
| }, | |
| "observation_time_nanoseconds" : { | |
| "type" : "date" | |
| }, | |
| "observation_time_seconds" : { | |
| "type" : "date" | |
| }, | |
| "observed_flow_total_count" : { | |
| "type" : "long" | |
| }, | |
| "octet_delta_count" : { | |
| "type" : "long" | |
| }, | |
| "octet_delta_sum_of_squares" : { | |
| "type" : "long" | |
| }, | |
| "octet_total_count" : { | |
| "type" : "long" | |
| }, | |
| "octet_total_sum_of_squares" : { | |
| "type" : "long" | |
| }, | |
| "opaque_octets" : { | |
| "type" : "short" | |
| }, | |
| "original_exporter_ipv4_address" : { | |
| "type" : "ip" | |
| }, | |
| "original_exporter_ipv6_address" : { | |
| "type" : "ip" | |
| }, | |
| "original_flows_completed" : { | |
| "type" : "long" | |
| }, | |
| "original_flows_initiated" : { | |
| "type" : "long" | |
| }, | |
| "original_flows_present" : { | |
| "type" : "long" | |
| }, | |
| "original_observation_domain_id" : { | |
| "type" : "long" | |
| }, | |
| "p2p_technology" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "packet_delta_count" : { | |
| "type" : "long" | |
| }, | |
| "packet_total_count" : { | |
| "type" : "long" | |
| }, | |
| "padding_octets" : { | |
| "type" : "short" | |
| }, | |
| "payload_length_ipv6" : { | |
| "type" : "long" | |
| }, | |
| "port_id" : { | |
| "type" : "long" | |
| }, | |
| "port_range_end" : { | |
| "type" : "long" | |
| }, | |
| "port_range_num_ports" : { | |
| "type" : "long" | |
| }, | |
| "port_range_start" : { | |
| "type" : "long" | |
| }, | |
| "port_range_step_size" : { | |
| "type" : "long" | |
| }, | |
| "post_destination_mac_address" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "post_dot1q_customer_vlan_id" : { | |
| "type" : "long" | |
| }, | |
| "post_dot1q_vlan_id" : { | |
| "type" : "long" | |
| }, | |
| "post_ip_class_of_service" : { | |
| "type" : "short" | |
| }, | |
| "post_ip_diff_serv_code_point" : { | |
| "type" : "short" | |
| }, | |
| "post_ip_precedence" : { | |
| "type" : "short" | |
| }, | |
| "post_layer2_octet_delta_count" : { | |
| "type" : "long" | |
| }, | |
| "post_layer2_octet_total_count" : { | |
| "type" : "long" | |
| }, | |
| "post_mcast_layer2_octet_delta_count" : { | |
| "type" : "long" | |
| }, | |
| "post_mcast_layer2_octet_total_count" : { | |
| "type" : "long" | |
| }, | |
| "post_mcast_octet_delta_count" : { | |
| "type" : "long" | |
| }, | |
| "post_mcast_octet_total_count" : { | |
| "type" : "long" | |
| }, | |
| "post_mcast_packet_delta_count" : { | |
| "type" : "long" | |
| }, | |
| "post_mcast_packet_total_count" : { | |
| "type" : "long" | |
| }, | |
| "post_mpls_top_label_exp" : { | |
| "type" : "short" | |
| }, | |
| "post_napt_destination_transport_port" : { | |
| "type" : "long" | |
| }, | |
| "post_napt_source_transport_port" : { | |
| "type" : "long" | |
| }, | |
| "post_nat_destination_ipv4_address" : { | |
| "type" : "ip" | |
| }, | |
| "post_nat_destination_ipv6_address" : { | |
| "type" : "ip" | |
| }, | |
| "post_nat_source_ipv4_address" : { | |
| "type" : "ip" | |
| }, | |
| "post_nat_source_ipv6_address" : { | |
| "type" : "ip" | |
| }, | |
| "post_octet_delta_count" : { | |
| "type" : "long" | |
| }, | |
| "post_octet_total_count" : { | |
| "type" : "long" | |
| }, | |
| "post_packet_delta_count" : { | |
| "type" : "long" | |
| }, | |
| "post_packet_total_count" : { | |
| "type" : "long" | |
| }, | |
| "post_source_mac_address" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "post_vlan_id" : { | |
| "type" : "long" | |
| }, | |
| "private_enterprise_number" : { | |
| "type" : "long" | |
| }, | |
| "protocol_identifier" : { | |
| "type" : "short" | |
| }, | |
| "pseudo_wire_control_word" : { | |
| "type" : "long" | |
| }, | |
| "pseudo_wire_destination_ipv4_address" : { | |
| "type" : "ip" | |
| }, | |
| "pseudo_wire_id" : { | |
| "type" : "long" | |
| }, | |
| "pseudo_wire_type" : { | |
| "type" : "long" | |
| }, | |
| "relative_error" : { | |
| "type" : "double" | |
| }, | |
| "responder_octets" : { | |
| "type" : "long" | |
| }, | |
| "responder_packets" : { | |
| "type" : "long" | |
| }, | |
| "rfc3550_jitter_microseconds" : { | |
| "type" : "long" | |
| }, | |
| "rfc3550_jitter_milliseconds" : { | |
| "type" : "long" | |
| }, | |
| "rfc3550_jitter_nanoseconds" : { | |
| "type" : "long" | |
| }, | |
| "rtp_sequence_number" : { | |
| "type" : "long" | |
| }, | |
| "sampler_id" : { | |
| "type" : "short" | |
| }, | |
| "sampler_mode" : { | |
| "type" : "short" | |
| }, | |
| "sampler_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sampler_random_interval" : { | |
| "type" : "long" | |
| }, | |
| "sampling_algorithm" : { | |
| "type" : "short" | |
| }, | |
| "sampling_flow_interval" : { | |
| "type" : "long" | |
| }, | |
| "sampling_flow_spacing" : { | |
| "type" : "long" | |
| }, | |
| "sampling_interval" : { | |
| "type" : "long" | |
| }, | |
| "sampling_packet_interval" : { | |
| "type" : "long" | |
| }, | |
| "sampling_packet_space" : { | |
| "type" : "long" | |
| }, | |
| "sampling_population" : { | |
| "type" : "long" | |
| }, | |
| "sampling_probability" : { | |
| "type" : "double" | |
| }, | |
| "sampling_size" : { | |
| "type" : "long" | |
| }, | |
| "sampling_time_interval" : { | |
| "type" : "long" | |
| }, | |
| "sampling_time_space" : { | |
| "type" : "long" | |
| }, | |
| "section_exported_octets" : { | |
| "type" : "long" | |
| }, | |
| "section_offset" : { | |
| "type" : "long" | |
| }, | |
| "selection_sequence_id" : { | |
| "type" : "long" | |
| }, | |
| "selector_algorithm" : { | |
| "type" : "long" | |
| }, | |
| "selector_id" : { | |
| "type" : "long" | |
| }, | |
| "selector_id_total_flows_observed" : { | |
| "type" : "long" | |
| }, | |
| "selector_id_total_flows_selected" : { | |
| "type" : "long" | |
| }, | |
| "selector_id_total_pkts_observed" : { | |
| "type" : "long" | |
| }, | |
| "selector_id_total_pkts_selected" : { | |
| "type" : "long" | |
| }, | |
| "selector_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "session_scope" : { | |
| "type" : "short" | |
| }, | |
| "source_ipv4_address" : { | |
| "type" : "ip" | |
| }, | |
| "source_ipv4_prefix" : { | |
| "type" : "ip" | |
| }, | |
| "source_ipv4_prefix_length" : { | |
| "type" : "short" | |
| }, | |
| "source_ipv6_address" : { | |
| "type" : "ip" | |
| }, | |
| "source_ipv6_prefix" : { | |
| "type" : "ip" | |
| }, | |
| "source_ipv6_prefix_length" : { | |
| "type" : "short" | |
| }, | |
| "source_mac_address" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "source_transport_port" : { | |
| "type" : "long" | |
| }, | |
| "source_transport_ports_limit" : { | |
| "type" : "long" | |
| }, | |
| "src_traffic_index" : { | |
| "type" : "long" | |
| }, | |
| "sta_ipv4_address" : { | |
| "type" : "ip" | |
| }, | |
| "sta_mac_address" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "system_init_time_milliseconds" : { | |
| "type" : "date" | |
| }, | |
| "tcp_ack_total_count" : { | |
| "type" : "long" | |
| }, | |
| "tcp_acknowledgement_number" : { | |
| "type" : "long" | |
| }, | |
| "tcp_control_bits" : { | |
| "type" : "long" | |
| }, | |
| "tcp_destination_port" : { | |
| "type" : "long" | |
| }, | |
| "tcp_fin_total_count" : { | |
| "type" : "long" | |
| }, | |
| "tcp_header_length" : { | |
| "type" : "short" | |
| }, | |
| "tcp_options" : { | |
| "type" : "long" | |
| }, | |
| "tcp_psh_total_count" : { | |
| "type" : "long" | |
| }, | |
| "tcp_rst_total_count" : { | |
| "type" : "long" | |
| }, | |
| "tcp_sequence_number" : { | |
| "type" : "long" | |
| }, | |
| "tcp_source_port" : { | |
| "type" : "long" | |
| }, | |
| "tcp_syn_total_count" : { | |
| "type" : "long" | |
| }, | |
| "tcp_urg_total_count" : { | |
| "type" : "long" | |
| }, | |
| "tcp_urgent_pointer" : { | |
| "type" : "long" | |
| }, | |
| "tcp_window_scale" : { | |
| "type" : "long" | |
| }, | |
| "tcp_window_size" : { | |
| "type" : "long" | |
| }, | |
| "template_id" : { | |
| "type" : "long" | |
| }, | |
| "total_length_ipv4" : { | |
| "type" : "long" | |
| }, | |
| "transport_octet_delta_count" : { | |
| "type" : "long" | |
| }, | |
| "transport_packet_delta_count" : { | |
| "type" : "long" | |
| }, | |
| "tunnel_technology" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "udp_destination_port" : { | |
| "type" : "long" | |
| }, | |
| "udp_message_length" : { | |
| "type" : "long" | |
| }, | |
| "udp_source_port" : { | |
| "type" : "long" | |
| }, | |
| "upper_ci_limit" : { | |
| "type" : "double" | |
| }, | |
| "user_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "value_distribution_method" : { | |
| "type" : "short" | |
| }, | |
| "virtual_station_interface_id" : { | |
| "type" : "short" | |
| }, | |
| "virtual_station_interface_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "virtual_station_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "virtual_station_uuid" : { | |
| "type" : "short" | |
| }, | |
| "vlan_id" : { | |
| "type" : "long" | |
| }, | |
| "vpn_identifier" : { | |
| "type" : "short" | |
| }, | |
| "vr_fname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "wlan_channel_id" : { | |
| "type" : "short" | |
| }, | |
| "wlan_ssid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "wtp_mac_address" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "network" : { | |
| "properties" : { | |
| "application" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "bytes" : { | |
| "type" : "long" | |
| }, | |
| "community_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "direction" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "forwarded_ip" : { | |
| "type" : "ip" | |
| }, | |
| "iana_number" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "inner" : { | |
| "properties" : { | |
| "vlan" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "interface" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "packets" : { | |
| "type" : "long" | |
| }, | |
| "protocol" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "transport" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vlan" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "nginx" : { | |
| "properties" : { | |
| "access" : { | |
| "properties" : { | |
| "geoip" : { | |
| "type" : "object" | |
| }, | |
| "user_agent" : { | |
| "type" : "object" | |
| } | |
| } | |
| }, | |
| "error" : { | |
| "properties" : { | |
| "connection_id" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "ingress_controller" : { | |
| "properties" : { | |
| "geoip" : { | |
| "type" : "object" | |
| }, | |
| "http" : { | |
| "properties" : { | |
| "request" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "length" : { | |
| "type" : "long" | |
| }, | |
| "time" : { | |
| "type" : "double" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "upstream" : { | |
| "properties" : { | |
| "alternative_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ip" : { | |
| "type" : "ip" | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "port" : { | |
| "type" : "long" | |
| }, | |
| "response" : { | |
| "properties" : { | |
| "length" : { | |
| "type" : "long" | |
| }, | |
| "status_code" : { | |
| "type" : "long" | |
| }, | |
| "time" : { | |
| "type" : "double" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "user_agent" : { | |
| "type" : "object" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "o365" : { | |
| "properties" : { | |
| "audit" : { | |
| "properties" : { | |
| "ActorContextId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ActorIpAddress" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ActorUserId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ActorYammerUserId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "AlertEntityId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "AlertId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "AlertType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "AppId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ApplicationDisplayName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ApplicationId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "AzureActiveDirectoryEventType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Category" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ClientAppId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ClientIP" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ClientIPAddress" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ClientInfoString" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Comments" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "CorrelationId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "CreationTime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "CustomUniqueId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Data" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "DataType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "EntityType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "EventData" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "EventSource" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ExceptionInfo" : { | |
| "properties" : { | |
| "*" : { | |
| "type" : "object" | |
| } | |
| } | |
| }, | |
| "ExchangeMetaData" : { | |
| "properties" : { | |
| "*" : { | |
| "type" : "object" | |
| } | |
| } | |
| }, | |
| "ExtendedProperties" : { | |
| "properties" : { | |
| "*" : { | |
| "type" : "object" | |
| } | |
| } | |
| }, | |
| "ExternalAccess" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "GroupName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ImplicitShare" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "IncidentId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "InterSystemsId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "InternalLogonType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "IntraSystemId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Item" : { | |
| "properties" : { | |
| "*" : { | |
| "properties" : { | |
| "*" : { | |
| "type" : "object" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "ItemName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ItemType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ListId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ListItemUniqueId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "LogonError" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "LogonType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "LogonUserSid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "MailboxGuid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "MailboxOwnerMasterAccountSid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "MailboxOwnerSid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "MailboxOwnerUPN" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Members" : { | |
| "properties" : { | |
| "*" : { | |
| "type" : "object" | |
| } | |
| } | |
| }, | |
| "ModifiedProperties" : { | |
| "properties" : { | |
| "*" : { | |
| "properties" : { | |
| "*" : { | |
| "type" : "object" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "Name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ObjectId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Operation" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "OrganizationId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "OrganizationName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "OriginatingServer" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Parameters" : { | |
| "properties" : { | |
| "*" : { | |
| "type" : "object" | |
| } | |
| } | |
| }, | |
| "PolicyId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "RecordType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ResultStatus" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "SensitiveInfoDetectionIsIncluded" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "SessionId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Severity" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "SharePointMetaData" : { | |
| "properties" : { | |
| "*" : { | |
| "type" : "object" | |
| } | |
| } | |
| }, | |
| "Site" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "SiteUrl" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Source" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "SourceFileExtension" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "SourceFileName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "SourceRelativeUrl" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "SupportTicketId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "TargetContextId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "TargetUserOrGroupName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "TargetUserOrGroupType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "TeamGuid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "TeamName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "UniqueSharingId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "UserAgent" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "UserId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "UserKey" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "UserType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "WebId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Workload" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "YammerNetworkId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "object_key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "observer" : { | |
| "properties" : { | |
| "egress" : { | |
| "properties" : { | |
| "interface" : { | |
| "properties" : { | |
| "alias" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "vlan" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "zone" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "geo" : { | |
| "properties" : { | |
| "city_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "continent_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "country_iso_code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "country_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "location" : { | |
| "type" : "geo_point" | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "region_iso_code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "region_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "hostname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ingress" : { | |
| "properties" : { | |
| "interface" : { | |
| "properties" : { | |
| "alias" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "vlan" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "zone" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "ip" : { | |
| "type" : "ip" | |
| }, | |
| "mac" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "os" : { | |
| "properties" : { | |
| "family" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "full" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "kernel" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "platform" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "product" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "serial_number" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vendor" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "okta" : { | |
| "properties" : { | |
| "actor" : { | |
| "properties" : { | |
| "alternate_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "display_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "authentication_context" : { | |
| "properties" : { | |
| "authentication_provider" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "authentication_step" : { | |
| "type" : "long" | |
| }, | |
| "credential_provider" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "credential_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "external_session_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "interface" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "client" : { | |
| "properties" : { | |
| "device" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ip" : { | |
| "type" : "ip" | |
| }, | |
| "user_agent" : { | |
| "properties" : { | |
| "browser" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "os" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "raw_user_agent" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "zone" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "debug_context" : { | |
| "properties" : { | |
| "debug_data" : { | |
| "properties" : { | |
| "device_fingerprint" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "request_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "request_uri" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "threat_suspected" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "url" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "display_message" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "event_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "outcome" : { | |
| "properties" : { | |
| "reason" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "result" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "request" : { | |
| "properties" : { | |
| "ip_chain" : { | |
| "properties" : { | |
| "geographical_context" : { | |
| "properties" : { | |
| "city" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "country" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "geolocation" : { | |
| "type" : "geo_point" | |
| }, | |
| "postal_code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "ip" : { | |
| "type" : "ip" | |
| }, | |
| "source" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "security_context" : { | |
| "properties" : { | |
| "as" : { | |
| "properties" : { | |
| "number" : { | |
| "type" : "long" | |
| }, | |
| "organization" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "is_proxy" : { | |
| "type" : "boolean" | |
| }, | |
| "isp" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "severity" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "transaction" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "uuid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "organization" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "os" : { | |
| "properties" : { | |
| "family" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "full" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "kernel" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "platform" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "osquery" : { | |
| "properties" : { | |
| "result" : { | |
| "properties" : { | |
| "action" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "calendar_time" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "host_identifier" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "unix_time" : { | |
| "type" : "long" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "package" : { | |
| "properties" : { | |
| "architecture" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "build_version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "checksum" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "description" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "install_scope" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "installed" : { | |
| "type" : "date" | |
| }, | |
| "license" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "path" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "reference" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "size" : { | |
| "type" : "long" | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "panw" : { | |
| "properties" : { | |
| "panos" : { | |
| "properties" : { | |
| "action" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "destination" : { | |
| "properties" : { | |
| "interface" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "nat" : { | |
| "properties" : { | |
| "ip" : { | |
| "type" : "ip" | |
| }, | |
| "port" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "zone" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "file" : { | |
| "properties" : { | |
| "hash" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "flow_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "network" : { | |
| "properties" : { | |
| "nat" : { | |
| "properties" : { | |
| "community_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "pcap_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "ruleset" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sequence_number" : { | |
| "type" : "long" | |
| }, | |
| "source" : { | |
| "properties" : { | |
| "interface" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "nat" : { | |
| "properties" : { | |
| "ip" : { | |
| "type" : "ip" | |
| }, | |
| "port" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "zone" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "threat" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "resource" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "url" : { | |
| "properties" : { | |
| "category" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "pe" : { | |
| "properties" : { | |
| "company" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "description" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "file_version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "original_file_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "product" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "postgresql" : { | |
| "properties" : { | |
| "log" : { | |
| "properties" : { | |
| "core_id" : { | |
| "type" : "long" | |
| }, | |
| "database" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "error" : { | |
| "properties" : { | |
| "code" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "query" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "query_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "query_step" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "timestamp" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "process" : { | |
| "properties" : { | |
| "args" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "args_count" : { | |
| "type" : "long" | |
| }, | |
| "code_signature" : { | |
| "properties" : { | |
| "exists" : { | |
| "type" : "boolean" | |
| }, | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subject_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "trusted" : { | |
| "type" : "boolean" | |
| }, | |
| "valid" : { | |
| "type" : "boolean" | |
| } | |
| } | |
| }, | |
| "command_line" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "entity_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "executable" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "exit_code" : { | |
| "type" : "long" | |
| }, | |
| "hash" : { | |
| "properties" : { | |
| "md5" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sha1" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sha256" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sha512" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "parent" : { | |
| "properties" : { | |
| "args" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "args_count" : { | |
| "type" : "long" | |
| }, | |
| "code_signature" : { | |
| "properties" : { | |
| "exists" : { | |
| "type" : "boolean" | |
| }, | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subject_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "trusted" : { | |
| "type" : "boolean" | |
| }, | |
| "valid" : { | |
| "type" : "boolean" | |
| } | |
| } | |
| }, | |
| "command_line" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "entity_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "executable" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "exit_code" : { | |
| "type" : "long" | |
| }, | |
| "hash" : { | |
| "properties" : { | |
| "md5" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sha1" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sha256" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sha512" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "pgid" : { | |
| "type" : "long" | |
| }, | |
| "pid" : { | |
| "type" : "long" | |
| }, | |
| "ppid" : { | |
| "type" : "long" | |
| }, | |
| "start" : { | |
| "type" : "date" | |
| }, | |
| "thread" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "long" | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "title" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "uptime" : { | |
| "type" : "long" | |
| }, | |
| "working_directory" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "pe" : { | |
| "properties" : { | |
| "company" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "description" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "file_version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "original_file_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "product" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "pgid" : { | |
| "type" : "long" | |
| }, | |
| "pid" : { | |
| "type" : "long" | |
| }, | |
| "ppid" : { | |
| "type" : "long" | |
| }, | |
| "program" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "start" : { | |
| "type" : "date" | |
| }, | |
| "thread" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "long" | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "title" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "uptime" : { | |
| "type" : "long" | |
| }, | |
| "working_directory" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "provider" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rabbitmq" : { | |
| "properties" : { | |
| "log" : { | |
| "properties" : { | |
| "pid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "readOnly" : { | |
| "type" : "boolean" | |
| }, | |
| "recipientAccountId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "redis" : { | |
| "properties" : { | |
| "log" : { | |
| "properties" : { | |
| "role" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "slowlog" : { | |
| "properties" : { | |
| "args" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cmd" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "duration" : { | |
| "properties" : { | |
| "us" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "id" : { | |
| "type" : "long" | |
| }, | |
| "key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "registry" : { | |
| "properties" : { | |
| "data" : { | |
| "properties" : { | |
| "bytes" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "strings" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "hive" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "path" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "related" : { | |
| "properties" : { | |
| "hash" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ip" : { | |
| "type" : "ip" | |
| }, | |
| "user" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "requestID" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "requestParameters" : { | |
| "properties" : { | |
| "AccessControlPolicy" : { | |
| "properties" : { | |
| "AccessControlList" : { | |
| "properties" : { | |
| "Grant" : { | |
| "properties" : { | |
| "Grantee" : { | |
| "properties" : { | |
| "ID" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "xmlns:xsi" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "xsi:type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "Permission" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "Owner" : { | |
| "properties" : { | |
| "ID" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "xmlns" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "BucketLoggingStatus" : { | |
| "properties" : { | |
| "xmlns" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "CORSConfiguration" : { | |
| "properties" : { | |
| "CORSRule" : { | |
| "properties" : { | |
| "AllowedMethod" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "AllowedOrigin" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "xmlns" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "CreateBucketConfiguration" : { | |
| "properties" : { | |
| "LocationConstraint" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "xmlns" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "CreateLaunchTemplateRequest" : { | |
| "properties" : { | |
| "ClientToken" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "LaunchTemplateData" : { | |
| "properties" : { | |
| "BlockDeviceMapping" : { | |
| "properties" : { | |
| "DeviceName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Ebs" : { | |
| "properties" : { | |
| "VolumeSize" : { | |
| "type" : "long" | |
| }, | |
| "VolumeType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "IamInstanceProfile" : { | |
| "properties" : { | |
| "Name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "ImageId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "InstanceType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "KeyName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "SecurityGroupId" : { | |
| "properties" : { | |
| "content" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "TagSpecification" : { | |
| "properties" : { | |
| "ResourceType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Tag" : { | |
| "properties" : { | |
| "Key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "UserData" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "LaunchTemplateName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "TagSpecification" : { | |
| "properties" : { | |
| "ResourceType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Tag" : { | |
| "properties" : { | |
| "Key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "VersionDescription" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "CreateLaunchTemplateVersionRequest" : { | |
| "properties" : { | |
| "ClientToken" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "LaunchTemplateData" : { | |
| "properties" : { | |
| "BlockDeviceMapping" : { | |
| "properties" : { | |
| "DeviceName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Ebs" : { | |
| "properties" : { | |
| "VolumeSize" : { | |
| "type" : "long" | |
| }, | |
| "VolumeType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "InstanceType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "KeyName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "TagSpecification" : { | |
| "properties" : { | |
| "ResourceType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Tag" : { | |
| "properties" : { | |
| "Key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "UserData" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "LaunchTemplateId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "VersionDescription" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "DeleteLaunchTemplateRequest" : { | |
| "properties" : { | |
| "LaunchTemplateId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "DeleteNatGatewayRequest" : { | |
| "properties" : { | |
| "NatGatewayId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "DescribeAddressesAttributeRequest" : { | |
| "properties" : { | |
| "AllocationId" : { | |
| "properties" : { | |
| "content" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "Attribute" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "DescribeCapacityReservationsRequest" : { | |
| "properties" : { | |
| "Filter" : { | |
| "properties" : { | |
| "Name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Value" : { | |
| "properties" : { | |
| "content" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "MaxResults" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "DescribeClientVpnEndpointsRequest" : { | |
| "properties" : { | |
| "MaxResults" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "DescribeCoipPoolsRequest" : { | |
| "properties" : { | |
| "MaxResults" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "DescribeEgressOnlyInternetGatewaysRequest" : { | |
| "properties" : { | |
| "MaxResults" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "DescribeFastSnapshotRestoresRequest" : { | |
| "properties" : { | |
| "Filter" : { | |
| "properties" : { | |
| "Name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Value" : { | |
| "properties" : { | |
| "content" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "MaxResults" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "DescribeFlowLogsRequest" : { | |
| "properties" : { | |
| "Filter" : { | |
| "properties" : { | |
| "Name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Value" : { | |
| "properties" : { | |
| "content" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "MaxResults" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "DescribeHostsRequest" : { | |
| "properties" : { | |
| "Filter" : { | |
| "properties" : { | |
| "Name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Value" : { | |
| "properties" : { | |
| "content" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "MaxResults" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "DescribeInstanceCreditSpecificationsRequest" : { | |
| "properties" : { | |
| "InstanceId" : { | |
| "properties" : { | |
| "content" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "DescribeInstanceTypeOfferingsRequest" : { | |
| "properties" : { | |
| "LocationType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "NextToken" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "DescribeInstanceTypesRequest" : { | |
| "properties" : { | |
| "MaxResults" : { | |
| "type" : "long" | |
| }, | |
| "NextToken" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "DescribeIpv6PoolsRequest" : { | |
| "properties" : { | |
| "MaxResults" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "DescribeLaunchTemplateVersionsRequest" : { | |
| "properties" : { | |
| "LaunchTemplateId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "LaunchTemplateVersion" : { | |
| "properties" : { | |
| "content" : { | |
| "type" : "long" | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "DescribeLaunchTemplatesRequest" : { | |
| "properties" : { | |
| "LaunchTemplateId" : { | |
| "properties" : { | |
| "content" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "MaxResults" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "DescribeManagedPrefixListsRequest" : { | |
| "properties" : { | |
| "MaxResults" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "DescribeNatGatewaysRequest" : { | |
| "properties" : { | |
| "Filter" : { | |
| "properties" : { | |
| "Name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Value" : { | |
| "properties" : { | |
| "content" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "MaxResults" : { | |
| "type" : "long" | |
| }, | |
| "NatGatewayId" : { | |
| "properties" : { | |
| "content" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "DescribePublicIpv4PoolsRequest" : { | |
| "properties" : { | |
| "MaxResults" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "DescribeReplaceRootVolumeTasksRequest" : { | |
| "properties" : { | |
| "Filter" : { | |
| "properties" : { | |
| "Name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Value" : { | |
| "properties" : { | |
| "content" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "MaxResults" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "DescribeSecurityGroupRulesRequest" : { | |
| "properties" : { | |
| "Filter" : { | |
| "properties" : { | |
| "Name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Value" : { | |
| "properties" : { | |
| "content" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "MaxResults" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "DescribeSpotFleetRequestsRequest" : { | |
| "properties" : { | |
| "MaxResults" : { | |
| "type" : "long" | |
| }, | |
| "NextToken" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "DescribeStaleSecurityGroupsRequest" : { | |
| "properties" : { | |
| "MaxResults" : { | |
| "type" : "long" | |
| }, | |
| "VpcId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "DescribeTrafficMirrorTargetsRequest" : { | |
| "properties" : { | |
| "Filter" : { | |
| "properties" : { | |
| "Name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Value" : { | |
| "properties" : { | |
| "content" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "MaxResults" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "DescribeVolumesModificationsRequest" : { | |
| "properties" : { | |
| "MaxResults" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "DescribeVpcClassicLinkDnsSupportRequest" : { | |
| "properties" : { | |
| "VpcIds" : { | |
| "properties" : { | |
| "content" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "DescribeVpcEndpointServiceConfigurationsRequest" : { | |
| "properties" : { | |
| "MaxResults" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "DescribeVpcEndpointServicesRequest" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "DescribeVpcEndpointsRequest" : { | |
| "properties" : { | |
| "Filter" : { | |
| "properties" : { | |
| "Name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Value" : { | |
| "properties" : { | |
| "content" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "MaxResults" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "Description" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "EnableFastSnapshotRestoresRequest" : { | |
| "properties" : { | |
| "AvailabilityZone" : { | |
| "properties" : { | |
| "content" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "SourceSnapshotId" : { | |
| "properties" : { | |
| "content" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "Filters" : { | |
| "properties" : { | |
| "Name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Values" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "GetConsoleScreenshotRequest" : { | |
| "properties" : { | |
| "InstanceId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "GetDefaultCreditSpecificationRequest" : { | |
| "properties" : { | |
| "InstanceFamily" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "GetEbsEncryptionByDefaultRequest" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "GetManagedPrefixListEntriesRequest" : { | |
| "properties" : { | |
| "MaxResults" : { | |
| "type" : "long" | |
| }, | |
| "PrefixListId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "GetSubnetCidrReservationsRequest" : { | |
| "properties" : { | |
| "SubnetId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "Group" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "GroupName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Host" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Input" : { | |
| "properties" : { | |
| "MaxResults" : { | |
| "type" : "long" | |
| }, | |
| "__type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "LifecycleConfiguration" : { | |
| "properties" : { | |
| "Rule" : { | |
| "properties" : { | |
| "Prefix" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "xmlns" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "MaxResults" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ModifyLaunchTemplateRequest" : { | |
| "properties" : { | |
| "LaunchTemplateId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "SetDefaultVersion" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "ModifySecurityGroupRulesRequest" : { | |
| "properties" : { | |
| "GroupId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "SecurityGroupRule" : { | |
| "properties" : { | |
| "SecurityGroupRule" : { | |
| "properties" : { | |
| "CidrIpv4" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Description" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "FromPort" : { | |
| "type" : "long" | |
| }, | |
| "IpProtocol" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ToPort" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "SecurityGroupRuleId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tag" : { | |
| "type" : "long" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "ModifyVolumeRequest" : { | |
| "properties" : { | |
| "Iops" : { | |
| "type" : "long" | |
| }, | |
| "Size" : { | |
| "type" : "long" | |
| }, | |
| "Throughput" : { | |
| "type" : "long" | |
| }, | |
| "VolumeId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "VolumeType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "Name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "NotificationConfiguration" : { | |
| "properties" : { | |
| "TopicConfiguration" : { | |
| "properties" : { | |
| "Event" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Topic" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "xmlns" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "Operation" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "PublicAccessBlockConfiguration" : { | |
| "properties" : { | |
| "BlockPublicAcls" : { | |
| "type" : "boolean" | |
| }, | |
| "BlockPublicPolicy" : { | |
| "type" : "boolean" | |
| }, | |
| "IgnorePublicAcls" : { | |
| "type" : "boolean" | |
| }, | |
| "RestrictPublicBuckets" : { | |
| "type" : "boolean" | |
| }, | |
| "xmlns" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "ResourceQuery" : { | |
| "properties" : { | |
| "Query" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "Service" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Tagging" : { | |
| "properties" : { | |
| "TagSet" : { | |
| "properties" : { | |
| "Tag" : { | |
| "properties" : { | |
| "Key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "xmlns" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "Tags" : { | |
| "type" : "object" | |
| }, | |
| "Version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "WebsiteConfiguration" : { | |
| "properties" : { | |
| "ErrorDocument" : { | |
| "properties" : { | |
| "Key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "IndexDocument" : { | |
| "properties" : { | |
| "Suffix" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "xmlns" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "aWSServiceName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "accelerate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "acceptedMediaTypes" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "accepts" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "accessControlList" : { | |
| "properties" : { | |
| "x-amz-grant-full-control" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "accessKeyId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "accountAttributeNameSet" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "attributeName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "accountDetails" : { | |
| "properties" : { | |
| "accountId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "email" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "accountId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "accountIds" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "acl" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "action" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "aggregateField" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "aggregators" : { | |
| "properties" : { | |
| "aggregatorType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "aggregators" : { | |
| "properties" : { | |
| "aggregatorType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "attributeName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "typeName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "attributeName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "typeName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "alarmName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "alarmNames" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "alarmTypes" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "allAvailabilityZones" : { | |
| "type" : "boolean" | |
| }, | |
| "allRegions" : { | |
| "type" : "boolean" | |
| }, | |
| "allocationId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "allocationIdsSet" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "allocationId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "allowMajorVersionUpgrade" : { | |
| "type" : "boolean" | |
| }, | |
| "allowReassociation" : { | |
| "type" : "boolean" | |
| }, | |
| "amazonProvidedIpv6CidrBlock" : { | |
| "type" : "boolean" | |
| }, | |
| "amiType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "applyImmediately" : { | |
| "type" : "boolean" | |
| }, | |
| "arn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "assessmentRunArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "assessmentRunArns" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "assessmentRunName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "assessmentTargetArns" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "assessmentTemplateArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "assessmentTemplateArns" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "associationId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "associationType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "attachment" : { | |
| "properties" : { | |
| "attachmentId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deleteOnTermination" : { | |
| "type" : "boolean" | |
| } | |
| } | |
| }, | |
| "attachmentId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "attribute" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "attributeType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "attributes" : { | |
| "properties" : { | |
| "Policy" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "autoMinorVersionUpgrade" : { | |
| "type" : "boolean" | |
| }, | |
| "autoScalingGroupName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "availabilityZone" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "availabilityZoneId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "availabilityZoneIdSet" : { | |
| "type" : "object" | |
| }, | |
| "availabilityZoneSet" : { | |
| "type" : "object" | |
| }, | |
| "backupType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "blockDeviceMapping" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "deviceName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ebs" : { | |
| "properties" : { | |
| "deleteOnTermination" : { | |
| "type" : "boolean" | |
| }, | |
| "encrypted" : { | |
| "type" : "boolean" | |
| }, | |
| "iops" : { | |
| "type" : "long" | |
| }, | |
| "kmsKeyId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "throughput" : { | |
| "type" : "long" | |
| }, | |
| "volumeSize" : { | |
| "type" : "long" | |
| }, | |
| "volumeType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "noDevice" : { | |
| "type" : "object" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "bucket" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "bucketName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "bucketPolicy" : { | |
| "properties" : { | |
| "Id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Statement" : { | |
| "properties" : { | |
| "Action" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Effect" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Principal" : { | |
| "properties" : { | |
| "CanonicalUser" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "Resource" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Sid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "Version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "capacityRebalance" : { | |
| "type" : "boolean" | |
| }, | |
| "capacityReservationSpecification" : { | |
| "properties" : { | |
| "capacityReservationPreference" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "capacityType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "certificateArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "certificateStatuses" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "changeBatch" : { | |
| "properties" : { | |
| "changes" : { | |
| "properties" : { | |
| "action" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "resourceRecordSet" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "resourceRecords" : { | |
| "properties" : { | |
| "value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "tTL" : { | |
| "type" : "long" | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "checkId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "checkIds" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cidrBlock" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cidrIp" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "clientRequestToken" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "clientToken" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cloudFrontOriginAccessIdentityConfig" : { | |
| "properties" : { | |
| "callerReference" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "comment" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "commitment" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "comparisonOperator" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "configurationARN" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "configurationType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "constraints" : { | |
| "properties" : { | |
| "encryptionContextEquals" : { | |
| "properties" : { | |
| "aws:acm:arn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "aws:cloudfront:arn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "encryptionContextSubset" : { | |
| "properties" : { | |
| "aws:ebs:id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "aws:pi:service" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "aws:rds:db-id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "aws:rds:dbc-id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "aws:workspaces:sid-directoryid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "service" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "continue" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cors" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "count" : { | |
| "type" : "long" | |
| }, | |
| "createdSince" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "creditSpecification" : { | |
| "properties" : { | |
| "cpuCredits" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "customerGatewaySet" : { | |
| "type" : "object" | |
| }, | |
| "dBClusterIdentifier" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dBClusterSnapshotIdentifier" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dBInstanceClass" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dBInstanceIdentifier" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dBParameterGroupName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dBSnapshotIdentifier" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dBSubnetGroupName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dbiResourceId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "defaultOnly" : { | |
| "type" : "boolean" | |
| }, | |
| "deleteAutomatedBackups" : { | |
| "type" : "boolean" | |
| }, | |
| "deleteOnTermination" : { | |
| "type" : "boolean" | |
| }, | |
| "deletionProtection" : { | |
| "type" : "boolean" | |
| }, | |
| "deploymentId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "descending" : { | |
| "type" : "boolean" | |
| }, | |
| "description" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "desiredCapacity" : { | |
| "type" : "long" | |
| }, | |
| "destinationAAD" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "destinationCidrBlock" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "destinationEncryptionAlgorithm" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "destinationEncryptionContext" : { | |
| "properties" : { | |
| "aws:acm:arn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "aws:cloudfront:arn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "aws:ebs:id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "destinationId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "destinationIpv6CidrBlock" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "destinationKeyId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "destinationRegion" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "detectorId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "device" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceIndex" : { | |
| "type" : "long" | |
| }, | |
| "dhcpOptionsSet" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "dhcpOptionsId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "dimensions" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "directoryId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "directoryIds" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "disableApiStop" : { | |
| "type" : "boolean" | |
| }, | |
| "disableApiTermination" : { | |
| "type" : "boolean" | |
| }, | |
| "disableEmailNotification" : { | |
| "type" : "boolean" | |
| }, | |
| "distributionConfig" : { | |
| "properties" : { | |
| "aliases" : { | |
| "properties" : { | |
| "items" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "cacheBehaviors" : { | |
| "properties" : { | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "callerReference" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "comment" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "customErrorResponses" : { | |
| "properties" : { | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "defaultCacheBehavior" : { | |
| "properties" : { | |
| "allowedMethods" : { | |
| "properties" : { | |
| "cachedMethods" : { | |
| "properties" : { | |
| "items" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "items" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "cachePolicyId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "compress" : { | |
| "type" : "boolean" | |
| }, | |
| "fieldLevelEncryptionId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "functionAssociations" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "eventType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "functionARN" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "lambdaFunctionAssociations" : { | |
| "properties" : { | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "originRequestPolicyId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "realtimeLogConfigArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "smoothStreaming" : { | |
| "type" : "boolean" | |
| }, | |
| "targetOriginId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "trustedKeyGroups" : { | |
| "properties" : { | |
| "enabled" : { | |
| "type" : "boolean" | |
| }, | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "trustedSigners" : { | |
| "properties" : { | |
| "enabled" : { | |
| "type" : "boolean" | |
| }, | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "viewerProtocolPolicy" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "defaultRootObject" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "enabled" : { | |
| "type" : "boolean" | |
| }, | |
| "httpVersion" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "isIPV6Enabled" : { | |
| "type" : "boolean" | |
| }, | |
| "logging" : { | |
| "properties" : { | |
| "bucket" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "enabled" : { | |
| "type" : "boolean" | |
| }, | |
| "includeCookies" : { | |
| "type" : "boolean" | |
| }, | |
| "prefix" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "originGroups" : { | |
| "properties" : { | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "origins" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "connectionAttempts" : { | |
| "type" : "long" | |
| }, | |
| "connectionTimeout" : { | |
| "type" : "long" | |
| }, | |
| "customHeaders" : { | |
| "properties" : { | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "domainName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "originPath" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "originShield" : { | |
| "properties" : { | |
| "enabled" : { | |
| "type" : "boolean" | |
| } | |
| } | |
| }, | |
| "s3OriginConfig" : { | |
| "properties" : { | |
| "originAccessIdentity" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "priceClass" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "restrictions" : { | |
| "properties" : { | |
| "geoRestriction" : { | |
| "properties" : { | |
| "quantity" : { | |
| "type" : "long" | |
| }, | |
| "restrictionType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "viewerCertificate" : { | |
| "properties" : { | |
| "aCMCertificateArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "certificate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "certificateSource" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cloudFrontDefaultCertificate" : { | |
| "type" : "boolean" | |
| }, | |
| "minimumProtocolVersion" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sSLSupportMethod" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "webACLId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "distributionId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "documentFilterList" : { | |
| "properties" : { | |
| "key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "documentFormat" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "documentVersion" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "domainName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "duration" : { | |
| "type" : "long" | |
| }, | |
| "durationInMonths" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "durationSeconds" : { | |
| "type" : "long" | |
| }, | |
| "durations" : { | |
| "type" : "long" | |
| }, | |
| "ebsOptimized" : { | |
| "type" : "boolean" | |
| }, | |
| "embed" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "enableDnsHostnames" : { | |
| "properties" : { | |
| "value" : { | |
| "type" : "boolean" | |
| } | |
| } | |
| }, | |
| "enablePerformanceInsights" : { | |
| "type" : "boolean" | |
| }, | |
| "encrypted" : { | |
| "type" : "boolean" | |
| }, | |
| "encryption" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "encryptionAlgorithm" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "encryptionConfiguration" : { | |
| "properties" : { | |
| "encryptionType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "encryptionContext" : { | |
| "properties" : { | |
| "*amzn-ddb-env-alg*" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "*amzn-ddb-sig-alg*" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "SecretARN" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "SecretVersionId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "account" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "aws:acm:arn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "aws:cloudfront:arn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "aws:ebs:id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "aws:pi:service" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "aws:rds:db-id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "aws:rds:dbc-id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "aws:s3:arn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "service" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "endTime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "endpointArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "enforceConsumerDeletion" : { | |
| "type" : "boolean" | |
| }, | |
| "engine" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "engineName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "engineVersion" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "evaluateExpressions" : { | |
| "type" : "boolean" | |
| }, | |
| "evaluationPeriods" : { | |
| "type" : "long" | |
| }, | |
| "event" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "eventArns" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "eventObject" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "eventPattern" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "excludeAutoscalingAlarms" : { | |
| "type" : "boolean" | |
| }, | |
| "excludeChildExecutions" : { | |
| "type" : "boolean" | |
| }, | |
| "excludeManagedAlarms" : { | |
| "type" : "boolean" | |
| }, | |
| "exclusionArns" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "executableBySet" : { | |
| "type" : "object" | |
| }, | |
| "exportType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "fileLastWritten" : { | |
| "type" : "long" | |
| }, | |
| "fileSize" : { | |
| "type" : "long" | |
| }, | |
| "filter" : { | |
| "properties" : { | |
| "assessmentTargetNamePattern" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "endpointIds" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "eventStatusCodes" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "eventTypeCategories" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "namePattern" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "severities" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "startTimeRange" : { | |
| "properties" : { | |
| "beginDate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "endDate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "startTimes" : { | |
| "properties" : { | |
| "from" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "states" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "filterName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "filterSet" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "valueSet" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "filters" : { | |
| "properties" : { | |
| "condition" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "field" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "fieldId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "values" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "finalDBSnapshotIdentifier" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "findingArns" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "findingCriteria" : { | |
| "properties" : { | |
| "criterion" : { | |
| "properties" : { | |
| "resource" : { | |
| "properties" : { | |
| "accessKeyDetails" : { | |
| "properties" : { | |
| "accessKeyId" : { | |
| "properties" : { | |
| "eq" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "instanceDetails" : { | |
| "properties" : { | |
| "instanceId" : { | |
| "properties" : { | |
| "eq" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "service" : { | |
| "properties" : { | |
| "archived" : { | |
| "properties" : { | |
| "eq" : { | |
| "type" : "boolean" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "severity" : { | |
| "properties" : { | |
| "eq" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "type" : { | |
| "properties" : { | |
| "eq" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "findingIds" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "findingStatisticTypes" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "force" : { | |
| "type" : "boolean" | |
| }, | |
| "fromPort" : { | |
| "type" : "long" | |
| }, | |
| "functionCode" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "functionConfig" : { | |
| "properties" : { | |
| "comment" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "runtime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "functionName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "gatewayId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "granteePrincipal" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "granularity" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "groupBy" : { | |
| "properties" : { | |
| "dimensions" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "group" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "groupDescription" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "groupId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "groupName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "groupSet" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "groupId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "healthCheckGracePeriod" : { | |
| "type" : "long" | |
| }, | |
| "healthCheckPath" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "healthCheckPort" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "healthCheckProtocol" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "healthCheckType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "hibernationOptions" : { | |
| "properties" : { | |
| "configured" : { | |
| "type" : "boolean" | |
| } | |
| } | |
| }, | |
| "hostedZoneId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "idempotencyToken" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "identifier" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "identities" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "identity" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ids" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ifMatch" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "imageId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "imageIds" : { | |
| "properties" : { | |
| "imageDigest" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "imageTag" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "imageManifest" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "imageManifestMediaType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "imageScanningConfiguration" : { | |
| "properties" : { | |
| "scanOnPush" : { | |
| "type" : "boolean" | |
| } | |
| } | |
| }, | |
| "imageTag" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "imageTagMutability" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "imagesSet" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "imageId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "includeAll" : { | |
| "type" : "boolean" | |
| }, | |
| "includeAllInstances" : { | |
| "type" : "boolean" | |
| }, | |
| "includeAvailabilityZones" : { | |
| "type" : "boolean" | |
| }, | |
| "includeCertificateDetails" : { | |
| "type" : "boolean" | |
| }, | |
| "includeDeleted" : { | |
| "type" : "boolean" | |
| }, | |
| "includeIdentityPools" : { | |
| "type" : "boolean" | |
| }, | |
| "includeInactive" : { | |
| "type" : "boolean" | |
| }, | |
| "includePublic" : { | |
| "type" : "boolean" | |
| }, | |
| "includeRecoveryBin" : { | |
| "type" : "boolean" | |
| }, | |
| "includeRelationalDatabaseAvailabilityZones" : { | |
| "type" : "boolean" | |
| }, | |
| "includeShadowTrails" : { | |
| "type" : "boolean" | |
| }, | |
| "includeShared" : { | |
| "type" : "boolean" | |
| }, | |
| "includes" : { | |
| "properties" : { | |
| "hasDnsFqdn" : { | |
| "type" : "boolean" | |
| }, | |
| "keyTypes" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "instanceId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "instanceInitiatedShutdownBehavior" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "instanceName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "instanceProfileName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "instanceTenancy" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "instanceType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "instanceTypeSet" : { | |
| "type" : "object" | |
| }, | |
| "instancesSet" : { | |
| "properties" : { | |
| "item" : { | |
| "properties" : { | |
| "instanceId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "items" : { | |
| "properties" : { | |
| "imageId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "instanceId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "keyName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "maxCount" : { | |
| "type" : "long" | |
| }, | |
| "minCount" : { | |
| "type" : "long" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "intelligent-tiering" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "internetGatewayId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "invalidationBatch" : { | |
| "properties" : { | |
| "callerReference" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "paths" : { | |
| "properties" : { | |
| "items" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "inventory" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "iops" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ipPermissions" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "fromPort" : { | |
| "type" : "long" | |
| }, | |
| "groups" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "description" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "groupId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "ipProtocol" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ipRanges" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "cidrIp" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "description" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "ipv6Ranges" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "cidrIpv6" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "prefixListIds" : { | |
| "type" : "object" | |
| }, | |
| "toPort" : { | |
| "type" : "long" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "ipProtocol" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ipv4Prefixes" : { | |
| "type" : "object" | |
| }, | |
| "ipv6AddressCount" : { | |
| "type" : "long" | |
| }, | |
| "jobId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "k8sapi" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "keyId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "keyName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "keyPairIdSet" : { | |
| "type" : "object" | |
| }, | |
| "keySet" : { | |
| "type" : "object" | |
| }, | |
| "keySpec" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "labels" : { | |
| "properties" : { | |
| "workload" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "language" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "launchTemplate" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "launchTemplateId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "layerDigest" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "layerDigests" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "lifecycle" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "lifecycleActionResult" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "lifecycleActionToken" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "lifecycleHookName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "lifecycleHookSpecificationList" : { | |
| "properties" : { | |
| "defaultResult" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "heartbeatTimeout" : { | |
| "type" : "long" | |
| }, | |
| "lifecycleHookName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "lifecycleTransition" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "notificationTargetARN" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "limit" : { | |
| "type" : "long" | |
| }, | |
| "listSupportedCharacterSets" : { | |
| "type" : "boolean" | |
| }, | |
| "listSupportedTimezones" : { | |
| "type" : "boolean" | |
| }, | |
| "listenerArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "loadBalancerArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "locale" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "logGroupName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "logGroupNamePrefix" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "logStreamName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "logging" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "majorEngineVersion" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "map" : { | |
| "properties" : { | |
| "month" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "payload" : { | |
| "properties" : { | |
| "myArrayList" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "timestamp" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "year" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "mapPublicIpOnLaunch" : { | |
| "properties" : { | |
| "value" : { | |
| "type" : "boolean" | |
| } | |
| } | |
| }, | |
| "marker" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "maxAllocatedStorage" : { | |
| "type" : "long" | |
| }, | |
| "maxItems" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "maxRecords" : { | |
| "type" : "long" | |
| }, | |
| "maxResults" : { | |
| "type" : "long" | |
| }, | |
| "maxSize" : { | |
| "type" : "long" | |
| }, | |
| "message" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "metadataOptions" : { | |
| "properties" : { | |
| "httpEndpoint" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "httpPutResponseHopLimit" : { | |
| "type" : "long" | |
| }, | |
| "httpTokens" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "metric" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "metricName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "metricQueries" : { | |
| "properties" : { | |
| "groupBy" : { | |
| "properties" : { | |
| "group" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "limit" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "metric" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "minSize" : { | |
| "type" : "long" | |
| }, | |
| "mixedInstancesPolicy" : { | |
| "properties" : { | |
| "instancesDistribution" : { | |
| "properties" : { | |
| "onDemandAllocationStrategy" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "onDemandPercentageAboveBaseCapacity" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "launchTemplate" : { | |
| "properties" : { | |
| "launchTemplateSpecification" : { | |
| "properties" : { | |
| "launchTemplateId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "monitoring" : { | |
| "properties" : { | |
| "enabled" : { | |
| "type" : "boolean" | |
| } | |
| } | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "namespace" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "networkInterfaceId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "networkInterfaceSet" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "deleteOnTermination" : { | |
| "type" : "boolean" | |
| }, | |
| "description" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceIndex" : { | |
| "type" : "long" | |
| }, | |
| "groupSet" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "groupId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "ipv6AddressCount" : { | |
| "type" : "long" | |
| }, | |
| "subnetId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "nextToken" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "noReboot" : { | |
| "type" : "boolean" | |
| }, | |
| "nodeRole" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "nodegroupName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "notification" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "notificationTypes" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "object-lock" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "objectIds" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "offeringIds" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "onlyAssociated" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "onlyAttached" : { | |
| "type" : "boolean" | |
| }, | |
| "openIDConnectProviderArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "operations" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "opsMetadataArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "orderBy" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ownersSet" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "owner" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "ownershipControls" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "pageSize" : { | |
| "type" : "long" | |
| }, | |
| "pageToken" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "parameterGroupName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "parameters" : { | |
| "properties" : { | |
| "extensions" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "partitionBy" : { | |
| "properties" : { | |
| "group" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "limit" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "passwordResetRequired" : { | |
| "type" : "boolean" | |
| }, | |
| "pathPrefix" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "paymentOptions" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "performanceInsightsRetentionPeriod" : { | |
| "type" : "long" | |
| }, | |
| "period" : { | |
| "type" : "long" | |
| }, | |
| "periodInSeconds" : { | |
| "type" : "long" | |
| }, | |
| "pipelineId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "pipelineIds" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "placementGroupIdSet" : { | |
| "type" : "object" | |
| }, | |
| "placementGroupSet" : { | |
| "type" : "object" | |
| }, | |
| "planTypes" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "policy" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "policyArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "policyDocument" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "policyName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "policyStatus" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "policyType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "portInfos" : { | |
| "properties" : { | |
| "cidrListAliases" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cidrs" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "fromPort" : { | |
| "type" : "long" | |
| }, | |
| "protocol" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "toPort" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "presignedUrl" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "principalArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "privateIpAddressesSet" : { | |
| "type" : "object" | |
| }, | |
| "productDescriptionSet" : { | |
| "type" : "object" | |
| }, | |
| "protocol" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "publicAccessBlock" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "publicIpsSet" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "publicIp" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "publiclyAccessible" : { | |
| "type" : "boolean" | |
| }, | |
| "query" : { | |
| "properties" : { | |
| "selectors" : { | |
| "properties" : { | |
| "fieldName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "operator" : { | |
| "properties" : { | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "values" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "queueUrl" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rank" : { | |
| "type" : "long" | |
| }, | |
| "rebootWorkspaceRequests" : { | |
| "properties" : { | |
| "workspaceId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "regionSet" : { | |
| "type" : "object" | |
| }, | |
| "registryId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "registryIds" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "relationalDatabaseName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "replication" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "replicationInstanceArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "replicationInstanceClass" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "replicationSubnetGroupIdentifier" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "repositoryName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "repositoryNames" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "requestContext" : { | |
| "properties" : { | |
| "awsAccountId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "requestPayment" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "reservedInstancesModificationSet" : { | |
| "type" : "object" | |
| }, | |
| "reservedInstancesSet" : { | |
| "type" : "object" | |
| }, | |
| "resource" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "resourceArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "resourceArns" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "resourceId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "resourceIdList" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "resourceIds" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "resourceName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "resourceOwner" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "resourceType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "resourcesSet" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "resourceId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "restApiId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "resultAttributes" : { | |
| "properties" : { | |
| "typeName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "retiringPrincipal" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "roleArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "roleName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "roleSessionName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "routeTableId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "routeTableIdSet" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "routeTableId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "rule" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rulesPackageArns" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sAMLAssertionID" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "savingsPlanOfferingId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "scalableDimension" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "scalingConfig" : { | |
| "properties" : { | |
| "desiredSize" : { | |
| "type" : "long" | |
| }, | |
| "maxSize" : { | |
| "type" : "long" | |
| }, | |
| "minSize" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "scheduleExpression" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "scope" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "secondaryPrivateIpAddressCount" : { | |
| "type" : "long" | |
| }, | |
| "secretId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "securityGroupIdSet" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "groupId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "securityGroupRuleIds" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "securityGroupRuleId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "securityGroupSet" : { | |
| "type" : "object" | |
| }, | |
| "serviceCode" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "serviceName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "serviceNamespace" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "serviceNamespaces" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "serviceType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "serviceUpdateName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "serviceUpdateStatus" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sessionId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "settingId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sharedUsersSet" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "user" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "showMemberInfo" : { | |
| "type" : "boolean" | |
| }, | |
| "showNodeGroupConfig" : { | |
| "type" : "boolean" | |
| }, | |
| "showSubscriptionDestinations" : { | |
| "type" : "boolean" | |
| }, | |
| "size" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "skipFinalSnapshot" : { | |
| "type" : "boolean" | |
| }, | |
| "snapshotId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "snapshotSet" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "snapshotId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "snapshotType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sort" : { | |
| "properties" : { | |
| "direction" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "fieldId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "sortCondition" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sortOrder" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "sortCriteria" : { | |
| "properties" : { | |
| "attributeName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "orderBy" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "sortOrder" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sourceAAD" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sourceEncryptionAlgorithm" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sourceEncryptionContext" : { | |
| "properties" : { | |
| "aws:acm:arn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "aws:ebs:id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "sourceIdentifier" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sourceRegion" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sourceSnapshotId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sourceType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sphere" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "spotInstanceRequestIdSet" : { | |
| "type" : "object" | |
| }, | |
| "stackName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "stage" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "stageName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "start" : { | |
| "type" : "long" | |
| }, | |
| "startTime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "startWorkspaceRequests" : { | |
| "properties" : { | |
| "workspaceId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "stateValue" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "statistic" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "statistics" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "stopWorkspaceRequests" : { | |
| "properties" : { | |
| "workspaceId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "strategy" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "streamCreationTimestamp" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "streamName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subjectAlternativeNames" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subnetId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subnetSet" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "subnetId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "subnets" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "syncType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tableName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tagKeys" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tagSet" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "tagSpecificationSet" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "resourceType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tags" : { | |
| "properties" : { | |
| "key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "tagging" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tags" : { | |
| "properties" : { | |
| "AWS" : { | |
| "properties" : { | |
| "SSM" : { | |
| "properties" : { | |
| "AppManager" : { | |
| "properties" : { | |
| "EKS" : { | |
| "properties" : { | |
| "Cluster" : { | |
| "properties" : { | |
| "ARN" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "workload" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "target" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "targetArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "targetGroupArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "targets" : { | |
| "properties" : { | |
| "arn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "input" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "inputPath" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "port" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "template" : { | |
| "type" : "boolean" | |
| }, | |
| "tenancy" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "terminateWorkspaceRequests" : { | |
| "properties" : { | |
| "workspaceId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "terminationPolicies" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "threshold" : { | |
| "type" : "long" | |
| }, | |
| "throughput" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "timeRangeLowerBound" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "toPort" : { | |
| "type" : "long" | |
| }, | |
| "topicARN" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "topicArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "trailName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "unit" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "updateActionStatus" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "updateConfig" : { | |
| "properties" : { | |
| "maxUnavailable" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "updateId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "updateStageInput" : { | |
| "properties" : { | |
| "patchOperations" : { | |
| "properties" : { | |
| "op" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "path" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "uploadId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "uploads" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "usageCriteria" : { | |
| "properties" : { | |
| "accountIds" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dataSources" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "usageStatisticsType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "userName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vPCZoneIdentifier" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "validationMethod" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "versionId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "versioning" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "volumeId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "volumeSet" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "volumeId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "volumeType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vpc" : { | |
| "type" : "boolean" | |
| }, | |
| "vpcId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vpcPeeringConnectionIdSet" : { | |
| "type" : "object" | |
| }, | |
| "vpcSecurityGroupIds" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vpcSet" : { | |
| "properties" : { | |
| "item" : { | |
| "properties" : { | |
| "vpcId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "items" : { | |
| "properties" : { | |
| "vpcId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "vpnConnectionSet" : { | |
| "type" : "object" | |
| }, | |
| "vpnGatewaySet" : { | |
| "type" : "object" | |
| }, | |
| "website" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "withoutSettings" : { | |
| "type" : "boolean" | |
| }, | |
| "workspaceId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "workspaceIds" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "workspaceProperties" : { | |
| "properties" : { | |
| "computeTypeName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "runningMode" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "userVolumeSizeGib" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "workspaces" : { | |
| "properties" : { | |
| "bundleId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "directoryId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rootVolumeEncryptionEnabled" : { | |
| "type" : "boolean" | |
| }, | |
| "userName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "userVolumeEncryptionEnabled" : { | |
| "type" : "boolean" | |
| }, | |
| "workspaceProperties" : { | |
| "properties" : { | |
| "computeTypeName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rootVolumeSizeGib" : { | |
| "type" : "long" | |
| }, | |
| "runningMode" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "runningModeAutoStopTimeoutInMinutes" : { | |
| "type" : "long" | |
| }, | |
| "userVolumeSizeGib" : { | |
| "type" : "long" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "zone" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "resources" : { | |
| "properties" : { | |
| "ARN" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "accountId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "responseElements" : { | |
| "properties" : { | |
| "ConsoleLogin" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "CreateLaunchTemplateResponse" : { | |
| "properties" : { | |
| "launchTemplate" : { | |
| "properties" : { | |
| "createTime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "createdBy" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "defaultVersionNumber" : { | |
| "type" : "long" | |
| }, | |
| "latestVersionNumber" : { | |
| "type" : "long" | |
| }, | |
| "launchTemplateId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "launchTemplateName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tagSet" : { | |
| "properties" : { | |
| "item" : { | |
| "properties" : { | |
| "key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "requestId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "warning" : { | |
| "properties" : { | |
| "errorSet" : { | |
| "properties" : { | |
| "item" : { | |
| "properties" : { | |
| "code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "message" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "xmlns" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "CreateLaunchTemplateVersionResponse" : { | |
| "properties" : { | |
| "launchTemplateVersion" : { | |
| "properties" : { | |
| "createTime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "createdBy" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "defaultVersion" : { | |
| "type" : "boolean" | |
| }, | |
| "launchTemplateData" : { | |
| "properties" : { | |
| "blockDeviceMappingSet" : { | |
| "properties" : { | |
| "item" : { | |
| "properties" : { | |
| "deviceName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ebs" : { | |
| "properties" : { | |
| "volumeSize" : { | |
| "type" : "long" | |
| }, | |
| "volumeType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "instanceType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "keyName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tagSpecificationSet" : { | |
| "properties" : { | |
| "item" : { | |
| "properties" : { | |
| "resourceType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tagSet" : { | |
| "properties" : { | |
| "item" : { | |
| "properties" : { | |
| "key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "launchTemplateId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "launchTemplateName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "versionDescription" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "versionNumber" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "requestId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "xmlns" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "DeleteLaunchTemplateResponse" : { | |
| "properties" : { | |
| "launchTemplate" : { | |
| "properties" : { | |
| "createTime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "createdBy" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "defaultVersionNumber" : { | |
| "type" : "long" | |
| }, | |
| "latestVersionNumber" : { | |
| "type" : "long" | |
| }, | |
| "launchTemplateId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "launchTemplateName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "requestId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "xmlns" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "DeleteNatGatewayResponse" : { | |
| "properties" : { | |
| "natGatewayId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "requestId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "xmlns" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "EnableFastSnapshotRestoresResponse" : { | |
| "properties" : { | |
| "requestId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "successful" : { | |
| "properties" : { | |
| "item" : { | |
| "properties" : { | |
| "availabilityZone" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "enablingTime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ownerId" : { | |
| "type" : "long" | |
| }, | |
| "snapshotId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "stateTransitionReason" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "unsuccessful" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "xmlns" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "Group" : { | |
| "properties" : { | |
| "Description" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "GroupArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "OwnerId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "ModifyLaunchTemplateResponse" : { | |
| "properties" : { | |
| "launchTemplate" : { | |
| "properties" : { | |
| "createTime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "createdBy" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "defaultVersionNumber" : { | |
| "type" : "long" | |
| }, | |
| "latestVersionNumber" : { | |
| "type" : "long" | |
| }, | |
| "launchTemplateId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "launchTemplateName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "requestId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "xmlns" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "ModifySecurityGroupRulesResponse" : { | |
| "properties" : { | |
| "requestId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "return" : { | |
| "type" : "boolean" | |
| }, | |
| "xmlns" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "ModifyVolumeResponse" : { | |
| "properties" : { | |
| "requestId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "volumeModification" : { | |
| "properties" : { | |
| "modificationState" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "originalIops" : { | |
| "type" : "long" | |
| }, | |
| "originalMultiAttachEnabled" : { | |
| "type" : "boolean" | |
| }, | |
| "originalSize" : { | |
| "type" : "long" | |
| }, | |
| "originalThroughput" : { | |
| "type" : "long" | |
| }, | |
| "originalVolumeType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "progress" : { | |
| "type" : "long" | |
| }, | |
| "startTime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "targetIops" : { | |
| "type" : "long" | |
| }, | |
| "targetMultiAttachEnabled" : { | |
| "type" : "boolean" | |
| }, | |
| "targetSize" : { | |
| "type" : "long" | |
| }, | |
| "targetThroughput" : { | |
| "type" : "long" | |
| }, | |
| "targetVolumeType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "volumeId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "xmlns" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "ResourceQuery" : { | |
| "properties" : { | |
| "Query" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "_return" : { | |
| "type" : "boolean" | |
| }, | |
| "accessKey" : { | |
| "properties" : { | |
| "accessKeyId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "createDate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "userName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "account" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "allocatedStorage" : { | |
| "type" : "long" | |
| }, | |
| "allocationId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "arn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "assessmentRunArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "assignedIpv4PrefixSet" : { | |
| "type" : "object" | |
| }, | |
| "assignedPrivateIpAddressesSet" : { | |
| "properties" : { | |
| "assignedPrivateIpAddressSetType" : { | |
| "properties" : { | |
| "privateIpAddress" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "associationId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "assumedRoleUser" : { | |
| "properties" : { | |
| "arn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "assumedRoleId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "attachTime" : { | |
| "type" : "long" | |
| }, | |
| "attachmentId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "audience" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "autoMinorVersionUpgrade" : { | |
| "type" : "boolean" | |
| }, | |
| "automaticRestartTime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "availabilityZone" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "backupRetentionPeriod" : { | |
| "type" : "long" | |
| }, | |
| "backupTarget" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cACertificateIdentifier" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cacheClusterEnabled" : { | |
| "type" : "boolean" | |
| }, | |
| "cacheClusterSize" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cacheClusterStatus" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cachePolicy" : { | |
| "properties" : { | |
| "cachePolicyConfig" : { | |
| "properties" : { | |
| "comment" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "defaultTTL" : { | |
| "type" : "long" | |
| }, | |
| "maxTTL" : { | |
| "type" : "long" | |
| }, | |
| "minTTL" : { | |
| "type" : "long" | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "parametersInCacheKeyAndForwardedToOrigin" : { | |
| "properties" : { | |
| "cookiesConfig" : { | |
| "properties" : { | |
| "cookieBehavior" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "enableAcceptEncodingBrotli" : { | |
| "type" : "boolean" | |
| }, | |
| "enableAcceptEncodingGzip" : { | |
| "type" : "boolean" | |
| }, | |
| "headersConfig" : { | |
| "properties" : { | |
| "headerBehavior" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "queryStringsConfig" : { | |
| "properties" : { | |
| "queryStringBehavior" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "lastModifiedTime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "cachePolicyList" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "cachePolicy" : { | |
| "properties" : { | |
| "cachePolicyConfig" : { | |
| "properties" : { | |
| "comment" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "defaultTTL" : { | |
| "type" : "long" | |
| }, | |
| "maxTTL" : { | |
| "type" : "long" | |
| }, | |
| "minTTL" : { | |
| "type" : "long" | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "parametersInCacheKeyAndForwardedToOrigin" : { | |
| "properties" : { | |
| "cookiesConfig" : { | |
| "properties" : { | |
| "cookieBehavior" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "enableAcceptEncodingBrotli" : { | |
| "type" : "boolean" | |
| }, | |
| "enableAcceptEncodingGzip" : { | |
| "type" : "boolean" | |
| }, | |
| "headersConfig" : { | |
| "properties" : { | |
| "headerBehavior" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "headers" : { | |
| "properties" : { | |
| "items" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "queryStringsConfig" : { | |
| "properties" : { | |
| "queryStringBehavior" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "queryStrings" : { | |
| "properties" : { | |
| "items" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "lastModifiedTime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "maxItems" : { | |
| "type" : "long" | |
| }, | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "certificateArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "certificateSummaryList" : { | |
| "properties" : { | |
| "certificateArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "domainName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "changeInfo" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "submittedAt" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "clientIDList" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cloudFrontOriginAccessIdentity" : { | |
| "properties" : { | |
| "cloudFrontOriginAccessIdentityConfig" : { | |
| "properties" : { | |
| "callerReference" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "comment" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "s3CanonicalUserId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "contentType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "copyTagsToSnapshot" : { | |
| "type" : "boolean" | |
| }, | |
| "createDate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "createTime" : { | |
| "type" : "long" | |
| }, | |
| "createdDate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "credentials" : { | |
| "properties" : { | |
| "accessKeyId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "expiration" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sessionToken" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "customerOwnedIpEnabled" : { | |
| "type" : "boolean" | |
| }, | |
| "dBClusterIdentifier" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dBClusterSnapshotAttributes" : { | |
| "properties" : { | |
| "attributeName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "dBClusterSnapshotIdentifier" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dBInstanceArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dBInstanceClass" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dBInstanceIdentifier" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dBInstanceStatus" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dBName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dBParameterGroups" : { | |
| "properties" : { | |
| "dBParameterGroupName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "parameterApplyStatus" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "dBSnapshotAttributes" : { | |
| "properties" : { | |
| "attributeName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "dBSnapshotIdentifier" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dBSubnetGroup" : { | |
| "properties" : { | |
| "dBSubnetGroupDescription" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dBSubnetGroupName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subnetGroupStatus" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subnets" : { | |
| "properties" : { | |
| "subnetAvailabilityZone" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "subnetIdentifier" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subnetOutpost" : { | |
| "type" : "object" | |
| }, | |
| "subnetStatus" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "vpcId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "dbInstancePort" : { | |
| "type" : "long" | |
| }, | |
| "dbiResourceId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dedicatedIpAutoWarmupEnabled" : { | |
| "type" : "boolean" | |
| }, | |
| "deleteOnTermination" : { | |
| "type" : "boolean" | |
| }, | |
| "deletionProtection" : { | |
| "type" : "boolean" | |
| }, | |
| "deploymentId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "description" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "device" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "directories" : { | |
| "properties" : { | |
| "alias" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "customerUserName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "directoryId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "directoryName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "directoryType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dnsIpAddresses" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "iamRoleId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "registrationCode" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "selfservicePermissions" : { | |
| "properties" : { | |
| "changeComputeType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "increaseVolumeSize" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rebuildWorkspace" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "restartWorkspace" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "switchRunningMode" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subnetIds" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tenancy" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "workspaceAccessProperties" : { | |
| "properties" : { | |
| "deviceTypeAndroid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceTypeChromeOs" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceTypeIos" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceTypeLinux" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceTypeOsx" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceTypeWeb" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceTypeWindows" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deviceTypeZeroClient" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "workspaceCreationProperties" : { | |
| "properties" : { | |
| "enableInternetAccess" : { | |
| "type" : "boolean" | |
| }, | |
| "enableMaintenanceMode" : { | |
| "type" : "boolean" | |
| }, | |
| "enableWorkDocs" : { | |
| "type" : "boolean" | |
| }, | |
| "userEnabledAsLocalAdministrator" : { | |
| "type" : "boolean" | |
| } | |
| } | |
| }, | |
| "workspaceSecurityGroupId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "distribution" : { | |
| "properties" : { | |
| "aRN" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "activeTrustedKeyGroups" : { | |
| "properties" : { | |
| "enabled" : { | |
| "type" : "boolean" | |
| }, | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "activeTrustedSigners" : { | |
| "properties" : { | |
| "enabled" : { | |
| "type" : "boolean" | |
| }, | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "aliasICPRecordals" : { | |
| "properties" : { | |
| "cNAME" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "iCPRecordalStatus" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "distributionConfig" : { | |
| "properties" : { | |
| "aliases" : { | |
| "properties" : { | |
| "items" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "cacheBehaviors" : { | |
| "properties" : { | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "callerReference" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "comment" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "customErrorResponses" : { | |
| "properties" : { | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "defaultCacheBehavior" : { | |
| "properties" : { | |
| "allowedMethods" : { | |
| "properties" : { | |
| "cachedMethods" : { | |
| "properties" : { | |
| "items" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "items" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "cachePolicyId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "compress" : { | |
| "type" : "boolean" | |
| }, | |
| "fieldLevelEncryptionId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "functionAssociations" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "eventType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "functionARN" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "lambdaFunctionAssociations" : { | |
| "properties" : { | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "smoothStreaming" : { | |
| "type" : "boolean" | |
| }, | |
| "targetOriginId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "trustedKeyGroups" : { | |
| "properties" : { | |
| "enabled" : { | |
| "type" : "boolean" | |
| }, | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "trustedSigners" : { | |
| "properties" : { | |
| "enabled" : { | |
| "type" : "boolean" | |
| }, | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "viewerProtocolPolicy" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "defaultRootObject" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "enabled" : { | |
| "type" : "boolean" | |
| }, | |
| "httpVersion" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "isIPV6Enabled" : { | |
| "type" : "boolean" | |
| }, | |
| "logging" : { | |
| "properties" : { | |
| "bucket" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "enabled" : { | |
| "type" : "boolean" | |
| }, | |
| "includeCookies" : { | |
| "type" : "boolean" | |
| }, | |
| "prefix" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "originGroups" : { | |
| "properties" : { | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "origins" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "connectionAttempts" : { | |
| "type" : "long" | |
| }, | |
| "connectionTimeout" : { | |
| "type" : "long" | |
| }, | |
| "customHeaders" : { | |
| "properties" : { | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "domainName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "originPath" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "originShield" : { | |
| "properties" : { | |
| "enabled" : { | |
| "type" : "boolean" | |
| } | |
| } | |
| }, | |
| "s3OriginConfig" : { | |
| "properties" : { | |
| "originAccessIdentity" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "priceClass" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "restrictions" : { | |
| "properties" : { | |
| "geoRestriction" : { | |
| "properties" : { | |
| "quantity" : { | |
| "type" : "long" | |
| }, | |
| "restrictionType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "viewerCertificate" : { | |
| "properties" : { | |
| "aCMCertificateArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "certificate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "certificateSource" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cloudFrontDefaultCertificate" : { | |
| "type" : "boolean" | |
| }, | |
| "minimumProtocolVersion" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sSLSupportMethod" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "webACLId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "domainName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "inProgressInvalidationBatches" : { | |
| "type" : "long" | |
| }, | |
| "lastModifiedTime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "eTag" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "enabledCloudwatchLogsExports" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "encrypted" : { | |
| "type" : "boolean" | |
| }, | |
| "endpoint" : { | |
| "properties" : { | |
| "address" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "databaseName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "endpointArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "endpointIdentifier" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "endpointType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "engineDisplayName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "engineName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "hostedZoneId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "kmsKeyId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "port" : { | |
| "type" : "long" | |
| }, | |
| "receiveTransferredFiles" : { | |
| "type" : "boolean" | |
| }, | |
| "serverName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sslMode" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "transferFiles" : { | |
| "type" : "boolean" | |
| }, | |
| "username" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "enforcementStatus" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "engine" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "engineVersion" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "enhancedMonitoringResourceArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "failedEntryCount" : { | |
| "type" : "long" | |
| }, | |
| "failedRequests" : { | |
| "properties" : { | |
| "errorCode" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "errorMessage" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "workspaceId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "functionCode" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "functionList" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "functionConfig" : { | |
| "properties" : { | |
| "runtime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "functionMetadata" : { | |
| "properties" : { | |
| "createdTime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "functionARN" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "lastModifiedTime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "stage" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "maxItems" : { | |
| "type" : "long" | |
| }, | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "functionSummary" : { | |
| "properties" : { | |
| "functionConfig" : { | |
| "properties" : { | |
| "comment" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "runtime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "functionMetadata" : { | |
| "properties" : { | |
| "createdTime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "functionARN" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "lastModifiedTime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "stage" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "grantId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "groupId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "groupSet" : { | |
| "type" : "object" | |
| }, | |
| "httpEndpointEnabled" : { | |
| "type" : "boolean" | |
| }, | |
| "iAMDatabaseAuthenticationEnabled" : { | |
| "type" : "boolean" | |
| }, | |
| "image" : { | |
| "properties" : { | |
| "imageId" : { | |
| "properties" : { | |
| "imageDigest" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "imageTag" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "imageManifest" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "imageManifestMediaType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "registryId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "repositoryName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "imageId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "instanceCreateTime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "instanceId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "instanceProfile" : { | |
| "properties" : { | |
| "arn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "createDate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "instanceProfileId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "instanceProfileName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "path" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "roles" : { | |
| "properties" : { | |
| "arn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "assumeRolePolicyDocument" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "createDate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "path" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "roleId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "roleName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "instanceProfiles" : { | |
| "properties" : { | |
| "arn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "createDate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "instanceProfileId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "instanceProfileName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "path" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "roles" : { | |
| "properties" : { | |
| "arn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "assumeRolePolicyDocument" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "createDate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "path" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "roleId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "roleName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "instancesSet" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "amiLaunchIndex" : { | |
| "type" : "long" | |
| }, | |
| "architecture" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "blockDeviceMapping" : { | |
| "type" : "object" | |
| }, | |
| "capacityReservationSpecification" : { | |
| "properties" : { | |
| "capacityReservationPreference" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "clientToken" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cpuOptions" : { | |
| "properties" : { | |
| "coreCount" : { | |
| "type" : "long" | |
| }, | |
| "threadsPerCore" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "currentState" : { | |
| "properties" : { | |
| "code" : { | |
| "type" : "long" | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "ebsOptimized" : { | |
| "type" : "boolean" | |
| }, | |
| "enaSupport" : { | |
| "type" : "boolean" | |
| }, | |
| "enclaveOptions" : { | |
| "properties" : { | |
| "enabled" : { | |
| "type" : "boolean" | |
| } | |
| } | |
| }, | |
| "groupSet" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "groupId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "groupName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "hibernationOptions" : { | |
| "properties" : { | |
| "configured" : { | |
| "type" : "boolean" | |
| } | |
| } | |
| }, | |
| "hypervisor" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "iamInstanceProfile" : { | |
| "properties" : { | |
| "arn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "imageId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "instanceId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "instanceState" : { | |
| "properties" : { | |
| "code" : { | |
| "type" : "long" | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "instanceType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "keyName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "launchTime" : { | |
| "type" : "long" | |
| }, | |
| "metadataOptions" : { | |
| "properties" : { | |
| "httpEndpoint" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "httpPutResponseHopLimit" : { | |
| "type" : "long" | |
| }, | |
| "httpTokens" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "monitoring" : { | |
| "properties" : { | |
| "state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "networkInterfaceSet" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "attachment" : { | |
| "properties" : { | |
| "attachTime" : { | |
| "type" : "long" | |
| }, | |
| "attachmentId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "deleteOnTermination" : { | |
| "type" : "boolean" | |
| }, | |
| "deviceIndex" : { | |
| "type" : "long" | |
| }, | |
| "networkCardIndex" : { | |
| "type" : "long" | |
| }, | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "description" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "groupSet" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "groupId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "groupName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "interfaceType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ipv6AddressesSet" : { | |
| "type" : "object" | |
| }, | |
| "macAddress" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "networkInterfaceId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ownerId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "privateDnsName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "privateIpAddress" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "privateIpAddressesSet" : { | |
| "properties" : { | |
| "item" : { | |
| "properties" : { | |
| "primary" : { | |
| "type" : "boolean" | |
| }, | |
| "privateDnsName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "privateIpAddress" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "sourceDestCheck" : { | |
| "type" : "boolean" | |
| }, | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subnetId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tagSet" : { | |
| "type" : "object" | |
| }, | |
| "vpcId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "placement" : { | |
| "properties" : { | |
| "availabilityZone" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tenancy" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "previousState" : { | |
| "properties" : { | |
| "code" : { | |
| "type" : "long" | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "privateDnsName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "privateIpAddress" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "productCodes" : { | |
| "type" : "object" | |
| }, | |
| "rootDeviceName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rootDeviceType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sourceDestCheck" : { | |
| "type" : "boolean" | |
| }, | |
| "stateReason" : { | |
| "properties" : { | |
| "code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "message" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "subnetId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tagSet" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "virtualizationType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vpcId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "internetGateway" : { | |
| "properties" : { | |
| "association" : { | |
| "type" : "object" | |
| }, | |
| "attachmentSet" : { | |
| "type" : "object" | |
| }, | |
| "internetGatewayId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ownerId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tagSet" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "invalidation" : { | |
| "properties" : { | |
| "createTime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "invalidationBatch" : { | |
| "properties" : { | |
| "callerReference" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "paths" : { | |
| "properties" : { | |
| "items" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "iops" : { | |
| "type" : "long" | |
| }, | |
| "isTruncated" : { | |
| "type" : "boolean" | |
| }, | |
| "issuer" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "jobCompletionDate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "jobCreationDate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "jobId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "jobStatus" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "jobType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "keyFingerprint" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "keyGroupList" : { | |
| "properties" : { | |
| "maxItems" : { | |
| "type" : "long" | |
| }, | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "keyMaterial" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "keyName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "keyPairId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "kmsKeyId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "lastByteReceived" : { | |
| "type" : "long" | |
| }, | |
| "lastUpdatedDate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "latestRestorableTime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "layerDigest" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "licenseModel" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "location" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "loginProfile" : { | |
| "properties" : { | |
| "createDate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "passwordResetRequired" : { | |
| "type" : "boolean" | |
| }, | |
| "userName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "mailFromDomainAttributes" : { | |
| "properties" : { | |
| "email" : { | |
| "properties" : { | |
| "zebpay" : { | |
| "properties" : { | |
| "com" : { | |
| "properties" : { | |
| "behaviorOnMXFailure" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "jenil" : { | |
| "properties" : { | |
| "g@zebpay" : { | |
| "properties" : { | |
| "com" : { | |
| "properties" : { | |
| "behaviorOnMXFailure" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "otc" : { | |
| "properties" : { | |
| "zebpay" : { | |
| "properties" : { | |
| "com" : { | |
| "properties" : { | |
| "behaviorOnMXFailure" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "updates" : { | |
| "properties" : { | |
| "zebpay" : { | |
| "properties" : { | |
| "com" : { | |
| "properties" : { | |
| "behaviorOnMXFailure" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "zebpay" : { | |
| "properties" : { | |
| "com" : { | |
| "properties" : { | |
| "behaviorOnMXFailure" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "marker" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "masterUsername" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "methodSettings" : { | |
| "properties" : { | |
| "*/*" : { | |
| "properties" : { | |
| "cacheDataEncrypted" : { | |
| "type" : "boolean" | |
| }, | |
| "cacheTtlInSeconds" : { | |
| "type" : "long" | |
| }, | |
| "cachingEnabled" : { | |
| "type" : "boolean" | |
| }, | |
| "dataTraceEnabled" : { | |
| "type" : "boolean" | |
| }, | |
| "loggingLevel" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "metricsEnabled" : { | |
| "type" : "boolean" | |
| }, | |
| "requireAuthorizationForCacheControl" : { | |
| "type" : "boolean" | |
| }, | |
| "throttlingBurstLimit" : { | |
| "type" : "long" | |
| }, | |
| "throttlingRateLimit" : { | |
| "type" : "long" | |
| }, | |
| "unauthorizedCacheControlHeaderStrategy" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "monitoringInterval" : { | |
| "type" : "long" | |
| }, | |
| "monitoringRoleArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "multiAZ" : { | |
| "type" : "boolean" | |
| }, | |
| "multiAttachEnabled" : { | |
| "type" : "boolean" | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "nameQualifier" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "networkBorderGroup" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "networkInterface" : { | |
| "properties" : { | |
| "availabilityZone" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "description" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "groupSet" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "groupId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "groupName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "interfaceType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ipv6AddressesSet" : { | |
| "type" : "object" | |
| }, | |
| "macAddress" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "networkInterfaceId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ownerId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "privateDnsName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "privateIpAddress" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "privateIpAddressesSet" : { | |
| "properties" : { | |
| "item" : { | |
| "properties" : { | |
| "primary" : { | |
| "type" : "boolean" | |
| }, | |
| "privateDnsName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "privateIpAddress" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "requesterId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "requesterManaged" : { | |
| "type" : "boolean" | |
| }, | |
| "sourceDestCheck" : { | |
| "type" : "boolean" | |
| }, | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subnetId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tagSet" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "vpcId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "networkInterfaceId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "networkType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "nextToken" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "nodegroup" : { | |
| "properties" : { | |
| "amiType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "capacityType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "clusterName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "createdAt" : { | |
| "type" : "float" | |
| }, | |
| "health" : { | |
| "type" : "object" | |
| }, | |
| "labels" : { | |
| "properties" : { | |
| "workload" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "launchTemplate" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "modifiedAt" : { | |
| "type" : "float" | |
| }, | |
| "nodeRole" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "nodegroupArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "nodegroupName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "releaseVersion" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "resources" : { | |
| "properties" : { | |
| "autoScalingGroups" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "scalingConfig" : { | |
| "properties" : { | |
| "desiredSize" : { | |
| "type" : "long" | |
| }, | |
| "maxSize" : { | |
| "type" : "long" | |
| }, | |
| "minSize" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subnets" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tags" : { | |
| "properties" : { | |
| "workload" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "updateConfig" : { | |
| "properties" : { | |
| "maxUnavailable" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "operation" : { | |
| "properties" : { | |
| "createdAt" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "isTerminal" : { | |
| "type" : "boolean" | |
| }, | |
| "location" : { | |
| "properties" : { | |
| "availabilityZone" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "regionName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "operationDetails" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "operationType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "resourceName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "resourceType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "statusChangedAt" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "operations" : { | |
| "properties" : { | |
| "createdAt" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "isTerminal" : { | |
| "type" : "boolean" | |
| }, | |
| "location" : { | |
| "properties" : { | |
| "availabilityZone" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "regionName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "operationDetails" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "operationType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "resourceName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "resourceType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "statusChangedAt" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "opsMetadataArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "optionGroupMemberships" : { | |
| "properties" : { | |
| "optionGroupName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "originRequestPolicyList" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "originRequestPolicy" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "lastModifiedTime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "originRequestPolicyConfig" : { | |
| "properties" : { | |
| "comment" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cookiesConfig" : { | |
| "properties" : { | |
| "cookieBehavior" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "headersConfig" : { | |
| "properties" : { | |
| "headerBehavior" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "headers" : { | |
| "properties" : { | |
| "items" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "queryStringsConfig" : { | |
| "properties" : { | |
| "queryStringBehavior" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "maxItems" : { | |
| "type" : "long" | |
| }, | |
| "quantity" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "ownerId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "parameterGroups" : { | |
| "properties" : { | |
| "description" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "parameterGroupFamily" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "parameterGroupName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "parameters" : { | |
| "properties" : { | |
| "allowedValues" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "applyType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dataType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "description" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "isModifiable" : { | |
| "type" : "boolean" | |
| }, | |
| "parameterName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "parameterValue" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "source" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "partSize" : { | |
| "type" : "long" | |
| }, | |
| "pendingModifiedValues" : { | |
| "properties" : { | |
| "dBInstanceClass" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "pendingCloudwatchLogsExports" : { | |
| "properties" : { | |
| "logTypesToEnable" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "pendingRequests" : { | |
| "properties" : { | |
| "bundleId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "directoryId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rootVolumeEncryptionEnabled" : { | |
| "type" : "boolean" | |
| }, | |
| "state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "userName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "userVolumeEncryptionEnabled" : { | |
| "type" : "boolean" | |
| }, | |
| "workspaceId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "performanceInsightsEnabled" : { | |
| "type" : "boolean" | |
| }, | |
| "performanceInsightsKMSKeyId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "performanceInsightsRetentionPeriod" : { | |
| "type" : "long" | |
| }, | |
| "placementGroup" : { | |
| "properties" : { | |
| "groupId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "groupName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "strategy" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "policiesGrantingServiceAccess" : { | |
| "properties" : { | |
| "policies" : { | |
| "properties" : { | |
| "policyArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "policyName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "policyType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "serviceNamespace" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "policy" : { | |
| "properties" : { | |
| "arn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "attachmentCount" : { | |
| "type" : "long" | |
| }, | |
| "createDate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "defaultVersionId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "isAttachable" : { | |
| "type" : "boolean" | |
| }, | |
| "path" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "permissionsBoundaryUsageCount" : { | |
| "type" : "long" | |
| }, | |
| "policyId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "policyName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "updateDate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "preferredBackupWindow" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "preferredMaintenanceWindow" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "productionAccessEnabled" : { | |
| "type" : "boolean" | |
| }, | |
| "promotionTier" : { | |
| "type" : "long" | |
| }, | |
| "publicIp" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "publicIpv4Pool" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "publiclyAccessible" : { | |
| "type" : "boolean" | |
| }, | |
| "realtimeLogConfigs" : { | |
| "properties" : { | |
| "isTruncated" : { | |
| "type" : "boolean" | |
| }, | |
| "marker" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "maxItems" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "recommendationGroups" : { | |
| "properties" : { | |
| "count" : { | |
| "type" : "long" | |
| }, | |
| "docLink" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "groupDescription" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "groupKey" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "groupTitle" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "helpText" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "recommendations" : { | |
| "properties" : { | |
| "recommendationApplyNowActions" : { | |
| "properties" : { | |
| "actionCode" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "actionParameters" : { | |
| "properties" : { | |
| "key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "recommendationCode" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "recommendationCreateTime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "recommendationModifyTime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "recommendationNextMaintenanceActions" : { | |
| "properties" : { | |
| "actionCode" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "actionParameters" : { | |
| "properties" : { | |
| "key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "recommendationParameters" : { | |
| "properties" : { | |
| "key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "recommendationStatus" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "recommendationText" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "resourceIdentifier" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "registries" : { | |
| "properties" : { | |
| "registryArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "registryId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "registryUri" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "verified" : { | |
| "type" : "boolean" | |
| } | |
| } | |
| }, | |
| "registryCatalogData" : { | |
| "properties" : { | |
| "displayName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "registryId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "replicationInstance" : { | |
| "properties" : { | |
| "allocatedStorage" : { | |
| "type" : "long" | |
| }, | |
| "autoMinorVersionUpgrade" : { | |
| "type" : "boolean" | |
| }, | |
| "availabilityZone" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "engineVersion" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "instanceCreateTime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "kmsKeyId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "multiAZ" : { | |
| "type" : "boolean" | |
| }, | |
| "patchingPrecedence" : { | |
| "type" : "long" | |
| }, | |
| "pendingModifiedValues" : { | |
| "properties" : { | |
| "replicationInstanceClass" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "preferredMaintenanceWindow" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "publiclyAccessible" : { | |
| "type" : "boolean" | |
| }, | |
| "replicationInstanceArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "replicationInstanceClass" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "replicationInstanceEniId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "replicationInstanceEniIds" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "replicationInstanceIdentifier" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "replicationInstancePrivateIpAddress" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "replicationInstancePrivateIpAddresses" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "replicationInstancePublicIpAddress" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "replicationInstancePublicIpAddresses" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "replicationInstanceStatus" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "replicationSubnetGroup" : { | |
| "properties" : { | |
| "replicationSubnetGroupArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "replicationSubnetGroupDescription" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "replicationSubnetGroupIdentifier" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subnetGroupStatus" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subnets" : { | |
| "properties" : { | |
| "subnetAvailabilityZone" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "subnetIdentifier" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subnetStatus" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "vpcId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "vpcSecurityGroups" : { | |
| "properties" : { | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vpcSecurityGroupId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "repository" : { | |
| "properties" : { | |
| "createdAt" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "encryptionConfiguration" : { | |
| "properties" : { | |
| "encryptionType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "imageScanningConfiguration" : { | |
| "properties" : { | |
| "scanOnPush" : { | |
| "type" : "boolean" | |
| } | |
| } | |
| }, | |
| "imageTagMutability" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "registryId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "repositoryArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "repositoryName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "repositoryUri" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "repositoryName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "requestId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "requesterId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "reservationId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "resourceName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "resourceType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "role" : { | |
| "properties" : { | |
| "arn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "assumeRolePolicyDocument" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "createDate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "path" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "roleId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "roleName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "ruleArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "savingsPlanId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "securityGroupRuleSet" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "cidrIpv4" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cidrIpv6" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "description" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "fromPort" : { | |
| "type" : "long" | |
| }, | |
| "groupId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "groupOwnerId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ipProtocol" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "isEgress" : { | |
| "type" : "boolean" | |
| }, | |
| "referencedGroupInfo" : { | |
| "properties" : { | |
| "groupId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "securityGroupRuleId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "toPort" : { | |
| "type" : "long" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "self" : { | |
| "properties" : { | |
| "restApiId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "stageName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "template" : { | |
| "type" : "boolean" | |
| } | |
| } | |
| }, | |
| "sendQuota" : { | |
| "properties" : { | |
| "max24HourSend" : { | |
| "type" : "long" | |
| }, | |
| "maxSendRate" : { | |
| "type" : "long" | |
| }, | |
| "sentLast24Hours" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "sendingEnabled" : { | |
| "type" : "boolean" | |
| }, | |
| "serviceUpdates" : { | |
| "properties" : { | |
| "autoUpdateAfterRecommendedApplyByDate" : { | |
| "type" : "boolean" | |
| }, | |
| "engine" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "engineVersion" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "estimatedUpdateTime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "serviceUpdateDescription" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "serviceUpdateEndDate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "serviceUpdateName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "serviceUpdateRecommendedApplyByDate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "serviceUpdateReleaseDate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "serviceUpdateSeverity" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "serviceUpdateStatus" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "serviceUpdateType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "servicesLastAccessed" : { | |
| "properties" : { | |
| "serviceName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "serviceNamespace" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "totalAuthenticatedEntities" : { | |
| "type" : "long" | |
| }, | |
| "trackedActionsLastAccessed" : { | |
| "properties" : { | |
| "actionName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "sessionId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "size" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "snapshotId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "stageDelete" : { | |
| "properties" : { | |
| "restApiId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "stageName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "template" : { | |
| "type" : "boolean" | |
| } | |
| } | |
| }, | |
| "stageFlushAuthorizerCache" : { | |
| "properties" : { | |
| "restApiId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "stageName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "template" : { | |
| "type" : "boolean" | |
| } | |
| } | |
| }, | |
| "stageName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "stageUpdate" : { | |
| "properties" : { | |
| "restApiId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "stageName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "template" : { | |
| "type" : "boolean" | |
| } | |
| } | |
| }, | |
| "startTime" : { | |
| "type" : "long" | |
| }, | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "storageEncrypted" : { | |
| "type" : "boolean" | |
| }, | |
| "storageType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "streamUrl" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subject" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subjectType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subnet" : { | |
| "properties" : { | |
| "assignIpv6AddressOnCreation" : { | |
| "type" : "boolean" | |
| }, | |
| "availabilityZone" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "availabilityZoneId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "availableIpAddressCount" : { | |
| "type" : "long" | |
| }, | |
| "cidrBlock" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "defaultForAz" : { | |
| "type" : "boolean" | |
| }, | |
| "ipv6CidrBlockAssociationSet" : { | |
| "type" : "object" | |
| }, | |
| "mapPublicIpOnLaunch" : { | |
| "type" : "boolean" | |
| }, | |
| "ownerId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subnetArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subnetId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tagSet" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "vpcId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "suppressionAttributes" : { | |
| "properties" : { | |
| "suppressedReasons" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "tableDescription" : { | |
| "properties" : { | |
| "itemCount" : { | |
| "type" : "long" | |
| }, | |
| "latestStreamArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "latestStreamLabel" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "provisionedThroughput" : { | |
| "properties" : { | |
| "numberOfDecreasesToday" : { | |
| "type" : "long" | |
| }, | |
| "readCapacityUnits" : { | |
| "type" : "long" | |
| }, | |
| "writeCapacityUnits" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "streamSpecification" : { | |
| "properties" : { | |
| "streamEnabled" : { | |
| "type" : "boolean" | |
| }, | |
| "streamViewType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "tableArn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tableId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tableName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tableSizeBytes" : { | |
| "type" : "long" | |
| }, | |
| "tableStatus" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "tagList" : { | |
| "properties" : { | |
| "key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "tagSet" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "tags" : { | |
| "properties" : { | |
| "key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "testResult" : { | |
| "properties" : { | |
| "computeUtilization" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "functionErrorMessage" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "functionExecutionLogs" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "functionOutput" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "functionSummary" : { | |
| "properties" : { | |
| "functionConfig" : { | |
| "properties" : { | |
| "comment" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "runtime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "functionMetadata" : { | |
| "properties" : { | |
| "createdTime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "functionARN" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "lastModifiedTime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "stage" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "throughput" : { | |
| "type" : "long" | |
| }, | |
| "thumbprintList" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tokenValue" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tracingEnabled" : { | |
| "type" : "boolean" | |
| }, | |
| "unprocessedAccounts" : { | |
| "properties" : { | |
| "accountId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "result" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "update" : { | |
| "properties" : { | |
| "createdAt" : { | |
| "type" : "float" | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "params" : { | |
| "properties" : { | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "updateActions" : { | |
| "properties" : { | |
| "cacheClusterId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "engine" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "nodesUpdated" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "serviceUpdateName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "serviceUpdateRecommendedApplyByDate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "serviceUpdateReleaseDate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "serviceUpdateSeverity" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "serviceUpdateStatus" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "serviceUpdateType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "slaMet" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "updateActionAvailableDate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "updateActionStatus" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "updateActionStatusModifiedDate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "uploadId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "url" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "user" : { | |
| "properties" : { | |
| "arn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "createDate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "path" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "userId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "userName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "userId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "volumeId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "volumeSize" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "volumeType" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vpc" : { | |
| "properties" : { | |
| "cidrBlock" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cidrBlockAssociationSet" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "associationId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cidrBlock" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cidrBlockState" : { | |
| "properties" : { | |
| "state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "dhcpOptionsId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "instanceTenancy" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ipv6CidrBlockAssociationSet" : { | |
| "type" : "object" | |
| }, | |
| "isDefault" : { | |
| "type" : "boolean" | |
| }, | |
| "ownerId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tagSet" : { | |
| "properties" : { | |
| "items" : { | |
| "properties" : { | |
| "key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "vpcId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "vpcSecurityGroups" : { | |
| "properties" : { | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vpcSecurityGroupId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "workspaces" : { | |
| "properties" : { | |
| "bundleId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "computerName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "directoryId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ipAddress" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subnetId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "userName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "userRealm" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "workspaceId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "workspaceProperties" : { | |
| "properties" : { | |
| "computeTypeName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "recycleMode" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rootVolumeSizeGib" : { | |
| "type" : "long" | |
| }, | |
| "runningMode" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "runningModeAutoStopTimeoutInMinutes" : { | |
| "type" : "long" | |
| }, | |
| "userVolumeSizeGib" : { | |
| "type" : "long" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "workspacesConnectionStatus" : { | |
| "properties" : { | |
| "connectionState" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "connectionStateCheckTimestamp" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "lastKnownUserConnectionTimestamp" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "workspaceId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "zone" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "rsa" : { | |
| "properties" : { | |
| "counters" : { | |
| "properties" : { | |
| "dclass_c1" : { | |
| "type" : "long" | |
| }, | |
| "dclass_c1_str" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dclass_c2" : { | |
| "type" : "long" | |
| }, | |
| "dclass_c2_str" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dclass_c3" : { | |
| "type" : "long" | |
| }, | |
| "dclass_c3_str" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dclass_r1" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dclass_r1_str" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dclass_r2" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dclass_r2_str" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dclass_r3" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dclass_r3_str" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "event_counter" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "crypto" : { | |
| "properties" : { | |
| "cert_ca" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cert_checksum" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cert_common" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cert_error" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cert_host_cat" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cert_host_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cert_issuer" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cert_keysize" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cert_serial" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cert_status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cert_subject" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cert_username" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cipher_dst" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cipher_size_dst" : { | |
| "type" : "long" | |
| }, | |
| "cipher_size_src" : { | |
| "type" : "long" | |
| }, | |
| "cipher_src" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "crypto" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "d_certauth" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "https_insact" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "https_valid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ike" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ike_cookie1" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ike_cookie2" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "peer" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "peer_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "s_certauth" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "scheme" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sig_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ssl_ver_dst" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ssl_ver_src" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "db" : { | |
| "properties" : { | |
| "database" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "db_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "db_pid" : { | |
| "type" : "long" | |
| }, | |
| "index" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "instance" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "lread" : { | |
| "type" : "long" | |
| }, | |
| "lwrite" : { | |
| "type" : "long" | |
| }, | |
| "permissions" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "pread" : { | |
| "type" : "long" | |
| }, | |
| "table_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "transact_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "email" : { | |
| "properties" : { | |
| "email" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "email_dst" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "email_src" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subject" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "trans_from" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "trans_to" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "endpoint" : { | |
| "properties" : { | |
| "host_state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "registry_key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "registry_value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "file" : { | |
| "properties" : { | |
| "attachment" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "binary" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "directory_dst" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "directory_src" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "file_entropy" : { | |
| "type" : "double" | |
| }, | |
| "file_vendor" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "filename_dst" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "filename_src" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "filename_tmp" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "filesystem" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "privilege" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "task_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "healthcare" : { | |
| "properties" : { | |
| "patient_fname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "patient_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "patient_lname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "patient_mname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "identity" : { | |
| "properties" : { | |
| "accesses" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "auth_method" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dn_dst" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dn_src" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "federated_idp" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "federated_sp" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "firstname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "host_role" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "lastname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ldap" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ldap_query" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ldap_response" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "logon_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "logon_type_desc" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "middlename" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "org" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "owner" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "password" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "profile" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "realm" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "service_account" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "user_dept" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "user_role" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "user_sid_dst" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "user_sid_src" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "internal" : { | |
| "properties" : { | |
| "audit_class" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "data" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dead" : { | |
| "type" : "long" | |
| }, | |
| "device_class" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "device_group" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "device_host" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "device_ip" : { | |
| "type" : "ip" | |
| }, | |
| "device_ipv6" : { | |
| "type" : "ip" | |
| }, | |
| "device_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "device_type_id" : { | |
| "type" : "long" | |
| }, | |
| "did" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "entropy_req" : { | |
| "type" : "long" | |
| }, | |
| "entropy_res" : { | |
| "type" : "long" | |
| }, | |
| "entry" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "event_desc" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "event_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "feed_category" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "feed_desc" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "feed_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "forward_ip" : { | |
| "type" : "ip" | |
| }, | |
| "forward_ipv6" : { | |
| "type" : "ip" | |
| }, | |
| "hcode" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "header_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "inode" : { | |
| "type" : "long" | |
| }, | |
| "lc_cid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "lc_ctime" : { | |
| "type" : "date" | |
| }, | |
| "level" : { | |
| "type" : "long" | |
| }, | |
| "mcb_req" : { | |
| "type" : "long" | |
| }, | |
| "mcb_res" : { | |
| "type" : "long" | |
| }, | |
| "mcbc_req" : { | |
| "type" : "long" | |
| }, | |
| "mcbc_res" : { | |
| "type" : "long" | |
| }, | |
| "medium" : { | |
| "type" : "long" | |
| }, | |
| "message" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "messageid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "msg" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "msg_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "msg_vid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "node_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "nwe_callback_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "obj_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "obj_server" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "obj_val" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "parse_error" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "payload_req" : { | |
| "type" : "long" | |
| }, | |
| "payload_res" : { | |
| "type" : "long" | |
| }, | |
| "process_vid_dst" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "process_vid_src" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "resource" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "resource_class" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rid" : { | |
| "type" : "long" | |
| }, | |
| "session_split" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "site" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "size" : { | |
| "type" : "long" | |
| }, | |
| "sourcefile" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "statement" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "time" : { | |
| "type" : "date" | |
| }, | |
| "ubc_req" : { | |
| "type" : "long" | |
| }, | |
| "ubc_res" : { | |
| "type" : "long" | |
| }, | |
| "word" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "investigations" : { | |
| "properties" : { | |
| "analysis_file" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "analysis_service" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "analysis_session" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "boc" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ec_activity" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ec_outcome" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ec_subject" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ec_theme" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "eoc" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "event_cat" : { | |
| "type" : "long" | |
| }, | |
| "event_cat_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "event_vcat" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "inv_category" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "inv_context" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ioc" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "misc" : { | |
| "properties" : { | |
| "OS" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "acl_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "acl_op" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "acl_pos" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "acl_table" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "action" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "admin" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "agent_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "alarm_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "alarmname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "alert_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "app_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "audit" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "audit_object" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "auditdata" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "autorun_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "benchmark" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "bypass" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cache" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cache_hit" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "category" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cc_number" : { | |
| "type" : "long" | |
| }, | |
| "cefversion" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cfg_attr" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cfg_obj" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cfg_path" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "change_attrib" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "change_new" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "change_old" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "changes" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "checksum" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "checksum_dst" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "checksum_src" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "client" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "client_ip" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "clustermembers" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cmd" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_acttimeout" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_asn_src" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_bgpv4nxthop" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_ctr_dst_code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_dst_tos" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_dst_vlan" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_engine_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_engine_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_f_switch" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_flowsampid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_flowsampintv" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_flowsampmode" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_inacttimeout" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_inpermbyts" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_inpermpckts" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_invalid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_ip_proto_ver" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_ipv4_ident" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_l_switch" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_log_did" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_log_rid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_max_ttl" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_maxpcktlen" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_min_ttl" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_minpcktlen" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_mpls_lbl_1" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_mpls_lbl_10" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_mpls_lbl_2" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_mpls_lbl_3" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_mpls_lbl_4" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_mpls_lbl_5" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_mpls_lbl_6" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_mpls_lbl_7" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_mpls_lbl_8" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_mpls_lbl_9" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_mplstoplabel" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_mplstoplabip" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_mul_dst_byt" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_mul_dst_pks" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_muligmptype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_sampalgo" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_sampint" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_seqctr" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_spackets" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_src_tos" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_src_vlan" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_sysuptime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_template_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_totbytsexp" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_totflowexp" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_totpcktsexp" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_unixnanosecs" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_v6flowlabel" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_v6optheaders" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "command" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "comments" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "comp_class" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "comp_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "comp_rbytes" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "comp_sbytes" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "comp_version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "connection_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "content" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "content_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "content_version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "context" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "context_subject" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "context_target" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "count" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cpu" : { | |
| "type" : "long" | |
| }, | |
| "cpu_data" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "criticality" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_agency_dst" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_analyzedby" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_av_other" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_av_primary" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_av_secondary" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_bgpv6nxthop" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_bit9status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_context" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_control" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_data" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_datecret" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_dst_tld" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_eth_dst_ven" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_eth_src_ven" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_event_uuid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_filetype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_fld" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_if_desc" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_if_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_ip_next_hop" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_ipv4dstpre" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_ipv4srcpre" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_lifetime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_log_medium" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_loginname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_modulescore" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_modulesign" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_opswatresult" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_payload" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_registrant" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_registrar" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_represult" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_rpayload" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_sampler_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_sourcemodule" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_streams" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_targetmodule" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_v6nxthop" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_whois_server" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cs_yararesult" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cve" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "data_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "description" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "device_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "devvendor" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "disposition" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "distance" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "doc_number" : { | |
| "type" : "long" | |
| }, | |
| "dstburb" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "edomain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "edomaub" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ein_number" : { | |
| "type" : "long" | |
| }, | |
| "error" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "euid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "event_category" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "event_computer" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "event_desc" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "event_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "event_log" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "event_source" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "event_state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "event_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "event_user" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "expected_val" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "facility" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "facilityname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "fcatnum" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "filter" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "finterface" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "flags" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "forensic_info" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "found" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "fresult" : { | |
| "type" : "long" | |
| }, | |
| "gaddr" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "group" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "group_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "group_object" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "hardware_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id3" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "im_buddyid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "im_buddyname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "im_client" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "im_croomid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "im_croomtype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "im_members" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "im_userid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "im_username" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "index" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "inout" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ipkt" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ipscat" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ipspri" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "job_num" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "jobname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "language" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "latitude" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "library" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "lifetime" : { | |
| "type" : "long" | |
| }, | |
| "linenum" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "link" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "list_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "listnum" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "load_data" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "location_floor" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "location_mark" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "log_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "log_session_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "log_session_id1" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "log_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "logid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "logip" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "logname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "longitude" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "lport" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mail_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "match" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mbug_data" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "message_body" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "misc" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "misc_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mode" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "msgIdPart1" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "msgIdPart2" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "msgIdPart3" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "msgIdPart4" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "msg_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "msgid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "netsessid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "node" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ntype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "num" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "number" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "number1" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "number2" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "nwwn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "obj_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "obj_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "object" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "observed_val" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "operation" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "operation_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "opkt" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "orig_from" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "owner_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "p_action" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "p_filter" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "p_group_object" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "p_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "p_msgid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "p_msgid1" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "p_msgid2" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "p_result1" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "param" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "param_dst" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "param_src" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "parent_node" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "password_chg" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "password_expire" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "payload_dst" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "payload_src" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "permgranted" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "permwanted" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "pgid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "phone" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "pid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "policy" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "policyUUID" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "policy_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "policy_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "policy_value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "policy_waiver" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "pool_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "pool_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "port_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "priority" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "process_id_val" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "prog_asp_num" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "program" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "real_data" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "reason" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rec_asp_device" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rec_asp_num" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rec_library" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "recordnum" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "reference_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "reference_id1" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "reference_id2" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "result" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "result_code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "risk" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "risk_info" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "risk_num" : { | |
| "type" : "double" | |
| }, | |
| "risk_num_comm" : { | |
| "type" : "double" | |
| }, | |
| "risk_num_next" : { | |
| "type" : "double" | |
| }, | |
| "risk_num_sand" : { | |
| "type" : "double" | |
| }, | |
| "risk_num_static" : { | |
| "type" : "double" | |
| }, | |
| "risk_suspicious" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "risk_warning" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ruid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rule" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rule_group" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rule_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rule_template" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rule_uid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sburb" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sdomain_fld" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "search_text" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sec" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "second" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sensor" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sensorname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "seqnum" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "serial_number" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "session" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sessiontype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "severity" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sigUUID" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sig_id" : { | |
| "type" : "long" | |
| }, | |
| "sig_id1" : { | |
| "type" : "long" | |
| }, | |
| "sig_id_str" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sig_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sigcat" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "snmp_oid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "snmp_value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "space" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "space1" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "spi" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "spi_dst" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "spi_src" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sql" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "srcburb" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "srcdom" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "srcservice" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "status1" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "streams" : { | |
| "type" : "long" | |
| }, | |
| "subcategory" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "svcno" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "system" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tbdstr1" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tbdstr2" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tcp_flags" : { | |
| "type" : "long" | |
| }, | |
| "terminal" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tgtdom" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tgtdomain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "threshold" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tos" : { | |
| "type" : "long" | |
| }, | |
| "trigger_desc" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "trigger_val" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "type1" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "udb_class" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "url_fld" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "user_div" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "userid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "username_fld" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "utcstamp" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "v_instafname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "virt_data" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "virusname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vm_target" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vpnid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vsys" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vuln_ref" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "workspace" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "network" : { | |
| "properties" : { | |
| "ad_computer_dst" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "addr" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "alias_host" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dinterface" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dmask" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dns_a_record" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dns_cname_record" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dns_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dns_opcode" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dns_ptr_record" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dns_resp" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dns_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "domain1" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "eth_host" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "eth_type" : { | |
| "type" : "long" | |
| }, | |
| "faddr" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "fhost" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "fport" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "gateway" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "host_dst" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "host_orig" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "host_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "icmp_code" : { | |
| "type" : "long" | |
| }, | |
| "icmp_type" : { | |
| "type" : "long" | |
| }, | |
| "interface" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ip_proto" : { | |
| "type" : "long" | |
| }, | |
| "laddr" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "lhost" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "linterface" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mask" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "netname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "network_port" : { | |
| "type" : "long" | |
| }, | |
| "network_service" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "origin" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "packet_length" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "paddr" : { | |
| "type" : "ip" | |
| }, | |
| "phost" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "port" : { | |
| "type" : "long" | |
| }, | |
| "protocol_detail" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "remote_domain_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rpayload" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sinterface" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "smask" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vlan" : { | |
| "type" : "long" | |
| }, | |
| "vlan_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "zone" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "zone_dst" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "zone_src" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "physical" : { | |
| "properties" : { | |
| "org_dst" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "org_src" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "storage" : { | |
| "properties" : { | |
| "disk_volume" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "lun" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "pwwn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "threat" : { | |
| "properties" : { | |
| "alert" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "threat_category" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "threat_desc" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "threat_source" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "time" : { | |
| "properties" : { | |
| "date" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "datetime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "day" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "duration_str" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "duration_time" : { | |
| "type" : "double" | |
| }, | |
| "effective_time" : { | |
| "type" : "date" | |
| }, | |
| "endtime" : { | |
| "type" : "date" | |
| }, | |
| "event_queue_time" : { | |
| "type" : "date" | |
| }, | |
| "event_time" : { | |
| "type" : "date" | |
| }, | |
| "event_time_str" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "eventtime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "expire_time" : { | |
| "type" : "date" | |
| }, | |
| "expire_time_str" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "gmtdate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "gmttime" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "hour" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "min" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "month" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "p_date" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "p_month" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "p_time" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "p_time1" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "p_time2" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "p_year" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "process_time" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "recorded_time" : { | |
| "type" : "date" | |
| }, | |
| "stamp" : { | |
| "type" : "date" | |
| }, | |
| "starttime" : { | |
| "type" : "date" | |
| }, | |
| "timestamp" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "timezone" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tzone" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "year" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "web" : { | |
| "properties" : { | |
| "alias_host" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_asn_dst" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cn_rpackets" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "fqdn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "p_url" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "p_user_agent" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "p_web_cookie" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "p_web_method" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "p_web_referer" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "remote_domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "reputation_num" : { | |
| "type" : "double" | |
| }, | |
| "urlpage" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "urlroot" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "web_cookie" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "web_extension_tmp" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "web_page" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "web_ref_domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "web_ref_page" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "web_ref_query" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "web_ref_root" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "wireless" : { | |
| "properties" : { | |
| "access_point" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "wlan_channel" : { | |
| "type" : "long" | |
| }, | |
| "wlan_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "wlan_ssid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "rule" : { | |
| "properties" : { | |
| "author" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "category" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "description" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "license" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "reference" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ruleset" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "uuid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "samlProvider" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "santa" : { | |
| "properties" : { | |
| "action" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "certificate" : { | |
| "properties" : { | |
| "common_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sha256" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "decision" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "disk" : { | |
| "properties" : { | |
| "bsdname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "bus" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "fs" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "model" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mount" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "serial" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "volume" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "mode" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "reason" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "server" : { | |
| "properties" : { | |
| "address" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "as" : { | |
| "properties" : { | |
| "number" : { | |
| "type" : "long" | |
| }, | |
| "organization" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "bytes" : { | |
| "type" : "long" | |
| }, | |
| "domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "geo" : { | |
| "properties" : { | |
| "city_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "continent_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "country_iso_code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "country_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "location" : { | |
| "type" : "geo_point" | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "region_iso_code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "region_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "ip" : { | |
| "type" : "ip" | |
| }, | |
| "mac" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "nat" : { | |
| "properties" : { | |
| "ip" : { | |
| "type" : "ip" | |
| }, | |
| "port" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "packets" : { | |
| "type" : "long" | |
| }, | |
| "port" : { | |
| "type" : "long" | |
| }, | |
| "registered_domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "top_level_domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "user" : { | |
| "properties" : { | |
| "domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "email" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "full_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "group" : { | |
| "properties" : { | |
| "domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "hash" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "service" : { | |
| "properties" : { | |
| "ephemeral_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "node" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "serviceEventDetails" : { | |
| "properties" : { | |
| "ESMDisableReason" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "snapshotId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "sessionCredentialFromConsole" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sharedEventID" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "signalStatus" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sophos" : { | |
| "properties" : { | |
| "xg" : { | |
| "properties" : { | |
| "Configuration" : { | |
| "type" : "float" | |
| }, | |
| "FTP_direction" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "FTP_url" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Mode" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "PHPSESSID" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Reports" : { | |
| "type" : "float" | |
| }, | |
| "Signature" : { | |
| "type" : "float" | |
| }, | |
| "SysLog_SERVER_NAME" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "Temp" : { | |
| "type" : "float" | |
| }, | |
| "action" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "activityname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ap" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "app_is_cloud" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "appfilter_policy_id" : { | |
| "type" : "long" | |
| }, | |
| "application" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "application_category" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "application_filter_policy" : { | |
| "type" : "long" | |
| }, | |
| "application_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "application_risk" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "application_technology" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "appresolvedby" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "auth_client" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "auth_mechanism" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "av_policy_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "backup_mode" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "branch_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "category" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "category_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "classification" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "client_host_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "client_physical_address" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "clients_conn_ssid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "collisions" : { | |
| "type" : "long" | |
| }, | |
| "con_id" : { | |
| "type" : "long" | |
| }, | |
| "conn_id" : { | |
| "type" : "long" | |
| }, | |
| "connectionname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "connectiontype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "connevent" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "connid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "contenttype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "context_match" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "context_prefix" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "context_suffix" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cookie" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "date" : { | |
| "type" : "date" | |
| }, | |
| "destinationip" : { | |
| "type" : "ip" | |
| }, | |
| "device" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "device_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "device_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dictionary_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dir_disp" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "direction" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "domainname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "download_file_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "download_file_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dst_country_code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dst_domainname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dst_ip" : { | |
| "type" : "ip" | |
| }, | |
| "dst_port" : { | |
| "type" : "long" | |
| }, | |
| "dstdomain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dstzone" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dstzonetype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "duration" : { | |
| "type" : "long" | |
| }, | |
| "email_subject" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ep_uuid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "eventid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "eventtime" : { | |
| "type" : "date" | |
| }, | |
| "eventtype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "exceptions" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "execution_path" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "extra" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "file_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "file_path" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "file_size" : { | |
| "type" : "long" | |
| }, | |
| "filename" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "filepath" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "filesize" : { | |
| "type" : "long" | |
| }, | |
| "free" : { | |
| "type" : "long" | |
| }, | |
| "from_email_address" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ftpcommand" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "fw_rule_id" : { | |
| "type" : "long" | |
| }, | |
| "hb_health" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "host" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "httpresponsecode" : { | |
| "type" : "long" | |
| }, | |
| "iap" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "icmp_code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "icmp_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "idle_cpu" : { | |
| "type" : "float" | |
| }, | |
| "idp_policy_id" : { | |
| "type" : "long" | |
| }, | |
| "idp_policy_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "in_interface" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "interface" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ipaddress" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ips_policy_id" : { | |
| "type" : "long" | |
| }, | |
| "localgateway" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "localnetwork" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "log_component" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "log_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "log_subtype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "log_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "login_user" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mailid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mailsize" : { | |
| "type" : "long" | |
| }, | |
| "message" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "message_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "newversion" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "oldversion" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "out_interface" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "override_authorizer" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "override_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "override_token" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "platform" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "policy_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "priority" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "protocol" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "quarantine" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "quarantine_reason" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "querystring" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "raw_data" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "reason" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "received_pkts" : { | |
| "type" : "long" | |
| }, | |
| "receiveddrops" : { | |
| "type" : "long" | |
| }, | |
| "receivederrors" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "receivedkbits" : { | |
| "type" : "long" | |
| }, | |
| "recv_bytes" : { | |
| "type" : "long" | |
| }, | |
| "red_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "referer" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "remote_ip" : { | |
| "type" : "ip" | |
| }, | |
| "remotenetwork" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "responsetime" : { | |
| "type" : "long" | |
| }, | |
| "rule_priority" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sent_bytes" : { | |
| "type" : "long" | |
| }, | |
| "sent_pkts" : { | |
| "type" : "long" | |
| }, | |
| "server" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sessionid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sha1sum" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "signature_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "signature_msg" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "site_category" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "source" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sourceip" : { | |
| "type" : "ip" | |
| }, | |
| "spamaction" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "src_country_code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "src_domainname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "src_ip" : { | |
| "type" : "ip" | |
| }, | |
| "src_mac" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "src_port" : { | |
| "type" : "long" | |
| }, | |
| "srczone" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "srczonetype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ssid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "start_time" : { | |
| "type" : "date" | |
| }, | |
| "starttime" : { | |
| "type" : "date" | |
| }, | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "status_code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subject" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "system_cpu" : { | |
| "type" : "float" | |
| }, | |
| "target" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "threatname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "timestamp" : { | |
| "type" : "date" | |
| }, | |
| "timezone" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "to_email_address" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "total_memory" : { | |
| "type" : "long" | |
| }, | |
| "trans_dst_ip" : { | |
| "type" : "ip" | |
| }, | |
| "trans_dst_port" : { | |
| "type" : "long" | |
| }, | |
| "trans_src_ ip" : { | |
| "type" : "ip" | |
| }, | |
| "trans_src_port" : { | |
| "type" : "long" | |
| }, | |
| "transaction_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "transactionid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "transmitteddrops" : { | |
| "type" : "long" | |
| }, | |
| "transmittederrors" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "transmittedkbits" : { | |
| "type" : "long" | |
| }, | |
| "unit" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "updatedip" : { | |
| "type" : "ip" | |
| }, | |
| "upload_file_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "upload_file_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "url" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "used" : { | |
| "type" : "long" | |
| }, | |
| "user" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "user_cpu" : { | |
| "type" : "float" | |
| }, | |
| "user_gp" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "user_group" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "user_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "users" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vconn_id" : { | |
| "type" : "long" | |
| }, | |
| "virus" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "website" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "source" : { | |
| "properties" : { | |
| "address" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "as" : { | |
| "properties" : { | |
| "number" : { | |
| "type" : "long" | |
| }, | |
| "organization" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "bytes" : { | |
| "type" : "long" | |
| }, | |
| "domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "geo" : { | |
| "properties" : { | |
| "city_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "continent_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "country_iso_code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "country_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "location" : { | |
| "type" : "geo_point" | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "region_iso_code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "region_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "ip" : { | |
| "type" : "ip" | |
| }, | |
| "mac" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "nat" : { | |
| "properties" : { | |
| "ip" : { | |
| "type" : "ip" | |
| }, | |
| "port" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "packets" : { | |
| "type" : "long" | |
| }, | |
| "port" : { | |
| "type" : "long" | |
| }, | |
| "registered_domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "service" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "top_level_domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "user" : { | |
| "properties" : { | |
| "domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "email" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "full_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "group" : { | |
| "properties" : { | |
| "domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "hash" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "sourceIPAddress" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "stream" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "suricata" : { | |
| "properties" : { | |
| "eve" : { | |
| "properties" : { | |
| "alert" : { | |
| "properties" : { | |
| "action" : { | |
| "type" : "alias", | |
| "path" : "event.outcome" | |
| }, | |
| "category" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "gid" : { | |
| "type" : "long" | |
| }, | |
| "rev" : { | |
| "type" : "long" | |
| }, | |
| "severity" : { | |
| "type" : "alias", | |
| "path" : "event.severity" | |
| }, | |
| "signature" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "signature_id" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "app_proto" : { | |
| "type" : "alias", | |
| "path" : "network.protocol" | |
| }, | |
| "app_proto_expected" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "app_proto_orig" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "app_proto_tc" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "app_proto_ts" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dest_ip" : { | |
| "type" : "alias", | |
| "path" : "destination.ip" | |
| }, | |
| "dest_port" : { | |
| "type" : "alias", | |
| "path" : "destination.port" | |
| }, | |
| "dns" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "long" | |
| }, | |
| "rcode" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rdata" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rrname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rrtype" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ttl" : { | |
| "type" : "long" | |
| }, | |
| "tx_id" : { | |
| "type" : "long" | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "email" : { | |
| "properties" : { | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "event_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "fileinfo" : { | |
| "properties" : { | |
| "filename" : { | |
| "type" : "alias", | |
| "path" : "file.path" | |
| }, | |
| "gaps" : { | |
| "type" : "boolean" | |
| }, | |
| "md5" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sha1" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sha256" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "size" : { | |
| "type" : "alias", | |
| "path" : "file.size" | |
| }, | |
| "state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "stored" : { | |
| "type" : "boolean" | |
| }, | |
| "tx_id" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "flags" : { | |
| "type" : "object" | |
| }, | |
| "flow" : { | |
| "properties" : { | |
| "age" : { | |
| "type" : "long" | |
| }, | |
| "alerted" : { | |
| "type" : "boolean" | |
| }, | |
| "bytes_toclient" : { | |
| "type" : "alias", | |
| "path" : "destination.bytes" | |
| }, | |
| "bytes_toserver" : { | |
| "type" : "alias", | |
| "path" : "source.bytes" | |
| }, | |
| "end" : { | |
| "type" : "date" | |
| }, | |
| "pkts_toclient" : { | |
| "type" : "alias", | |
| "path" : "destination.packets" | |
| }, | |
| "pkts_toserver" : { | |
| "type" : "alias", | |
| "path" : "source.packets" | |
| }, | |
| "reason" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "start" : { | |
| "type" : "alias", | |
| "path" : "event.start" | |
| }, | |
| "state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "flow_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "http" : { | |
| "properties" : { | |
| "hostname" : { | |
| "type" : "alias", | |
| "path" : "url.domain" | |
| }, | |
| "http_content_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "http_method" : { | |
| "type" : "alias", | |
| "path" : "http.request.method" | |
| }, | |
| "http_refer" : { | |
| "type" : "alias", | |
| "path" : "http.request.referrer" | |
| }, | |
| "http_user_agent" : { | |
| "type" : "alias", | |
| "path" : "user_agent.original" | |
| }, | |
| "length" : { | |
| "type" : "alias", | |
| "path" : "http.response.body.bytes" | |
| }, | |
| "protocol" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "redirect" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "status" : { | |
| "type" : "alias", | |
| "path" : "http.response.status_code" | |
| }, | |
| "url" : { | |
| "type" : "alias", | |
| "path" : "url.original" | |
| } | |
| } | |
| }, | |
| "icmp_code" : { | |
| "type" : "long" | |
| }, | |
| "icmp_type" : { | |
| "type" : "long" | |
| }, | |
| "in_iface" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "pcap_cnt" : { | |
| "type" : "long" | |
| }, | |
| "proto" : { | |
| "type" : "alias", | |
| "path" : "network.transport" | |
| }, | |
| "smtp" : { | |
| "properties" : { | |
| "helo" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mail_from" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rcpt_to" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "src_ip" : { | |
| "type" : "alias", | |
| "path" : "source.ip" | |
| }, | |
| "src_port" : { | |
| "type" : "alias", | |
| "path" : "source.port" | |
| }, | |
| "ssh" : { | |
| "properties" : { | |
| "client" : { | |
| "properties" : { | |
| "proto_version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "software_version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "server" : { | |
| "properties" : { | |
| "proto_version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "software_version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "stats" : { | |
| "properties" : { | |
| "app_layer" : { | |
| "properties" : { | |
| "flow" : { | |
| "properties" : { | |
| "dcerpc_tcp" : { | |
| "type" : "long" | |
| }, | |
| "dcerpc_udp" : { | |
| "type" : "long" | |
| }, | |
| "dns_tcp" : { | |
| "type" : "long" | |
| }, | |
| "dns_udp" : { | |
| "type" : "long" | |
| }, | |
| "failed_tcp" : { | |
| "type" : "long" | |
| }, | |
| "failed_udp" : { | |
| "type" : "long" | |
| }, | |
| "ftp" : { | |
| "type" : "long" | |
| }, | |
| "http" : { | |
| "type" : "long" | |
| }, | |
| "imap" : { | |
| "type" : "long" | |
| }, | |
| "msn" : { | |
| "type" : "long" | |
| }, | |
| "smb" : { | |
| "type" : "long" | |
| }, | |
| "smtp" : { | |
| "type" : "long" | |
| }, | |
| "ssh" : { | |
| "type" : "long" | |
| }, | |
| "tls" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "tx" : { | |
| "properties" : { | |
| "dcerpc_tcp" : { | |
| "type" : "long" | |
| }, | |
| "dcerpc_udp" : { | |
| "type" : "long" | |
| }, | |
| "dns_tcp" : { | |
| "type" : "long" | |
| }, | |
| "dns_udp" : { | |
| "type" : "long" | |
| }, | |
| "ftp" : { | |
| "type" : "long" | |
| }, | |
| "http" : { | |
| "type" : "long" | |
| }, | |
| "smb" : { | |
| "type" : "long" | |
| }, | |
| "smtp" : { | |
| "type" : "long" | |
| }, | |
| "ssh" : { | |
| "type" : "long" | |
| }, | |
| "tls" : { | |
| "type" : "long" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "capture" : { | |
| "properties" : { | |
| "kernel_drops" : { | |
| "type" : "long" | |
| }, | |
| "kernel_ifdrops" : { | |
| "type" : "long" | |
| }, | |
| "kernel_packets" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "decoder" : { | |
| "properties" : { | |
| "avg_pkt_size" : { | |
| "type" : "long" | |
| }, | |
| "bytes" : { | |
| "type" : "long" | |
| }, | |
| "dce" : { | |
| "properties" : { | |
| "pkt_too_small" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "erspan" : { | |
| "type" : "long" | |
| }, | |
| "ethernet" : { | |
| "type" : "long" | |
| }, | |
| "gre" : { | |
| "type" : "long" | |
| }, | |
| "icmpv4" : { | |
| "type" : "long" | |
| }, | |
| "icmpv6" : { | |
| "type" : "long" | |
| }, | |
| "ieee8021ah" : { | |
| "type" : "long" | |
| }, | |
| "invalid" : { | |
| "type" : "long" | |
| }, | |
| "ipraw" : { | |
| "properties" : { | |
| "invalid_ip_version" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "ipv4" : { | |
| "type" : "long" | |
| }, | |
| "ipv4_in_ipv6" : { | |
| "type" : "long" | |
| }, | |
| "ipv6" : { | |
| "type" : "long" | |
| }, | |
| "ipv6_in_ipv6" : { | |
| "type" : "long" | |
| }, | |
| "ltnull" : { | |
| "properties" : { | |
| "pkt_too_small" : { | |
| "type" : "long" | |
| }, | |
| "unsupported_type" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "max_pkt_size" : { | |
| "type" : "long" | |
| }, | |
| "mpls" : { | |
| "type" : "long" | |
| }, | |
| "null" : { | |
| "type" : "long" | |
| }, | |
| "pkts" : { | |
| "type" : "long" | |
| }, | |
| "ppp" : { | |
| "type" : "long" | |
| }, | |
| "pppoe" : { | |
| "type" : "long" | |
| }, | |
| "raw" : { | |
| "type" : "long" | |
| }, | |
| "sctp" : { | |
| "type" : "long" | |
| }, | |
| "sll" : { | |
| "type" : "long" | |
| }, | |
| "tcp" : { | |
| "type" : "long" | |
| }, | |
| "teredo" : { | |
| "type" : "long" | |
| }, | |
| "udp" : { | |
| "type" : "long" | |
| }, | |
| "vlan" : { | |
| "type" : "long" | |
| }, | |
| "vlan_qinq" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "defrag" : { | |
| "properties" : { | |
| "ipv4" : { | |
| "properties" : { | |
| "fragments" : { | |
| "type" : "long" | |
| }, | |
| "reassembled" : { | |
| "type" : "long" | |
| }, | |
| "timeouts" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "ipv6" : { | |
| "properties" : { | |
| "fragments" : { | |
| "type" : "long" | |
| }, | |
| "reassembled" : { | |
| "type" : "long" | |
| }, | |
| "timeouts" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "max_frag_hits" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "detect" : { | |
| "properties" : { | |
| "alert" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "dns" : { | |
| "properties" : { | |
| "memcap_global" : { | |
| "type" : "long" | |
| }, | |
| "memcap_state" : { | |
| "type" : "long" | |
| }, | |
| "memuse" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "file_store" : { | |
| "properties" : { | |
| "open_files" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "flow" : { | |
| "properties" : { | |
| "emerg_mode_entered" : { | |
| "type" : "long" | |
| }, | |
| "emerg_mode_over" : { | |
| "type" : "long" | |
| }, | |
| "icmpv4" : { | |
| "type" : "long" | |
| }, | |
| "icmpv6" : { | |
| "type" : "long" | |
| }, | |
| "memcap" : { | |
| "type" : "long" | |
| }, | |
| "memuse" : { | |
| "type" : "long" | |
| }, | |
| "spare" : { | |
| "type" : "long" | |
| }, | |
| "tcp" : { | |
| "type" : "long" | |
| }, | |
| "tcp_reuse" : { | |
| "type" : "long" | |
| }, | |
| "udp" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "flow_mgr" : { | |
| "properties" : { | |
| "bypassed_pruned" : { | |
| "type" : "long" | |
| }, | |
| "closed_pruned" : { | |
| "type" : "long" | |
| }, | |
| "est_pruned" : { | |
| "type" : "long" | |
| }, | |
| "flows_checked" : { | |
| "type" : "long" | |
| }, | |
| "flows_notimeout" : { | |
| "type" : "long" | |
| }, | |
| "flows_removed" : { | |
| "type" : "long" | |
| }, | |
| "flows_timeout" : { | |
| "type" : "long" | |
| }, | |
| "flows_timeout_inuse" : { | |
| "type" : "long" | |
| }, | |
| "new_pruned" : { | |
| "type" : "long" | |
| }, | |
| "rows_busy" : { | |
| "type" : "long" | |
| }, | |
| "rows_checked" : { | |
| "type" : "long" | |
| }, | |
| "rows_empty" : { | |
| "type" : "long" | |
| }, | |
| "rows_maxlen" : { | |
| "type" : "long" | |
| }, | |
| "rows_skipped" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "http" : { | |
| "properties" : { | |
| "memcap" : { | |
| "type" : "long" | |
| }, | |
| "memuse" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "tcp" : { | |
| "properties" : { | |
| "insert_data_normal_fail" : { | |
| "type" : "long" | |
| }, | |
| "insert_data_overlap_fail" : { | |
| "type" : "long" | |
| }, | |
| "insert_list_fail" : { | |
| "type" : "long" | |
| }, | |
| "invalid_checksum" : { | |
| "type" : "long" | |
| }, | |
| "memuse" : { | |
| "type" : "long" | |
| }, | |
| "no_flow" : { | |
| "type" : "long" | |
| }, | |
| "overlap" : { | |
| "type" : "long" | |
| }, | |
| "overlap_diff_data" : { | |
| "type" : "long" | |
| }, | |
| "pseudo" : { | |
| "type" : "long" | |
| }, | |
| "pseudo_failed" : { | |
| "type" : "long" | |
| }, | |
| "reassembly_gap" : { | |
| "type" : "long" | |
| }, | |
| "reassembly_memuse" : { | |
| "type" : "long" | |
| }, | |
| "rst" : { | |
| "type" : "long" | |
| }, | |
| "segment_memcap_drop" : { | |
| "type" : "long" | |
| }, | |
| "sessions" : { | |
| "type" : "long" | |
| }, | |
| "ssn_memcap_drop" : { | |
| "type" : "long" | |
| }, | |
| "stream_depth_reached" : { | |
| "type" : "long" | |
| }, | |
| "syn" : { | |
| "type" : "long" | |
| }, | |
| "synack" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "uptime" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "tcp" : { | |
| "properties" : { | |
| "ack" : { | |
| "type" : "boolean" | |
| }, | |
| "fin" : { | |
| "type" : "boolean" | |
| }, | |
| "psh" : { | |
| "type" : "boolean" | |
| }, | |
| "rst" : { | |
| "type" : "boolean" | |
| }, | |
| "state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "syn" : { | |
| "type" : "boolean" | |
| }, | |
| "tcp_flags" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tcp_flags_tc" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tcp_flags_ts" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "timestamp" : { | |
| "type" : "alias", | |
| "path" : "@timestamp" | |
| }, | |
| "tls" : { | |
| "properties" : { | |
| "fingerprint" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "issuerdn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ja3" : { | |
| "properties" : { | |
| "hash" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "string" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "ja3s" : { | |
| "properties" : { | |
| "hash" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "string" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "notafter" : { | |
| "type" : "date" | |
| }, | |
| "notbefore" : { | |
| "type" : "date" | |
| }, | |
| "serial" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "session_resumed" : { | |
| "type" : "boolean" | |
| }, | |
| "sni" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subject" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "tx_id" : { | |
| "type" : "long" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "syslog" : { | |
| "properties" : { | |
| "facility" : { | |
| "type" : "long" | |
| }, | |
| "facility_label" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "priority" : { | |
| "type" : "long" | |
| }, | |
| "severity_label" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "system" : { | |
| "properties" : { | |
| "auth" : { | |
| "properties" : { | |
| "groupadd" : { | |
| "type" : "object" | |
| }, | |
| "ssh" : { | |
| "properties" : { | |
| "dropped_ip" : { | |
| "type" : "ip" | |
| }, | |
| "event" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "geoip" : { | |
| "type" : "object" | |
| }, | |
| "method" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "signature" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "sudo" : { | |
| "properties" : { | |
| "command" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "error" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "pwd" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tty" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "user" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "useradd" : { | |
| "properties" : { | |
| "home" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "shell" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "syslog" : { | |
| "type" : "object" | |
| } | |
| } | |
| }, | |
| "tags" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "threat" : { | |
| "properties" : { | |
| "framework" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tactic" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "reference" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "technique" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "reference" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "timeseries" : { | |
| "properties" : { | |
| "instance" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "tls" : { | |
| "properties" : { | |
| "cipher" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "client" : { | |
| "properties" : { | |
| "certificate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "certificate_chain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "hash" : { | |
| "properties" : { | |
| "md5" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sha1" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sha256" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "issuer" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ja3" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "not_after" : { | |
| "type" : "date" | |
| }, | |
| "not_before" : { | |
| "type" : "date" | |
| }, | |
| "server_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subject" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "supported_ciphers" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "curve" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "established" : { | |
| "type" : "boolean" | |
| }, | |
| "next_protocol" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "resumed" : { | |
| "type" : "boolean" | |
| }, | |
| "server" : { | |
| "properties" : { | |
| "certificate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "certificate_chain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "hash" : { | |
| "properties" : { | |
| "md5" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sha1" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sha256" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "issuer" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ja3s" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "not_after" : { | |
| "type" : "date" | |
| }, | |
| "not_before" : { | |
| "type" : "date" | |
| }, | |
| "subject" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "version_protocol" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "tlsDetails" : { | |
| "properties" : { | |
| "cipherSuite" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "clientProvidedHostHeader" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tlsVersion" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "tracing" : { | |
| "properties" : { | |
| "trace" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "transaction" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "traefik" : { | |
| "properties" : { | |
| "access" : { | |
| "properties" : { | |
| "backend_url" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "frontend_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "geoip" : { | |
| "properties" : { | |
| "city_name" : { | |
| "type" : "alias", | |
| "path" : "source.geo.city_name" | |
| }, | |
| "continent_name" : { | |
| "type" : "alias", | |
| "path" : "source.geo.continent_name" | |
| }, | |
| "country_iso_code" : { | |
| "type" : "alias", | |
| "path" : "source.geo.country_iso_code" | |
| }, | |
| "location" : { | |
| "type" : "alias", | |
| "path" : "source.geo.location" | |
| }, | |
| "region_iso_code" : { | |
| "type" : "alias", | |
| "path" : "source.geo.region_iso_code" | |
| }, | |
| "region_name" : { | |
| "type" : "alias", | |
| "path" : "source.geo.region_name" | |
| } | |
| } | |
| }, | |
| "request_count" : { | |
| "type" : "long" | |
| }, | |
| "user_agent" : { | |
| "properties" : { | |
| "device" : { | |
| "type" : "alias", | |
| "path" : "user_agent.device.name" | |
| }, | |
| "name" : { | |
| "type" : "alias", | |
| "path" : "user_agent.name" | |
| }, | |
| "original" : { | |
| "type" : "alias", | |
| "path" : "user_agent.original" | |
| }, | |
| "os" : { | |
| "type" : "alias", | |
| "path" : "user_agent.os.full_name" | |
| }, | |
| "os_name" : { | |
| "type" : "alias", | |
| "path" : "user_agent.os.name" | |
| } | |
| } | |
| }, | |
| "user_identifier" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "url" : { | |
| "properties" : { | |
| "domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "extension" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "fragment" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "full" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "original" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "password" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "path" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "port" : { | |
| "type" : "long" | |
| }, | |
| "query" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "registered_domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "scheme" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "top_level_domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "username" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "user" : { | |
| "properties" : { | |
| "audit" : { | |
| "properties" : { | |
| "group" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "effective" : { | |
| "properties" : { | |
| "group" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "email" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "filesystem" : { | |
| "properties" : { | |
| "group" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "full_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "group" : { | |
| "properties" : { | |
| "domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "hash" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "owner" : { | |
| "properties" : { | |
| "group" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "saved" : { | |
| "properties" : { | |
| "group" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "terminal" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "userAgent" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "userIdentity" : { | |
| "properties" : { | |
| "accessKeyId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "accountId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "arn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "identityProvider" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "invokedBy" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "principalId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sessionContext" : { | |
| "properties" : { | |
| "attributes" : { | |
| "properties" : { | |
| "creationDate" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mfaAuthenticated" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "ec2RoleDelivery" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sessionIssuer" : { | |
| "properties" : { | |
| "accountId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "arn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "principalId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "userName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "webIdFederationData" : { | |
| "type" : "object" | |
| } | |
| } | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "userName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "userName" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "user_agent" : { | |
| "properties" : { | |
| "device" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "original" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "os" : { | |
| "properties" : { | |
| "family" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "full" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "full_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "kernel" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "platform" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "vlan" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "vpcEndpointId" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vulnerability" : { | |
| "properties" : { | |
| "category" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "classification" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "description" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024, | |
| "fields" : { | |
| "text" : { | |
| "type" : "text", | |
| "norms" : false | |
| } | |
| } | |
| }, | |
| "enumeration" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "reference" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "report_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "scanner" : { | |
| "properties" : { | |
| "vendor" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "score" : { | |
| "properties" : { | |
| "base" : { | |
| "type" : "float" | |
| }, | |
| "environmental" : { | |
| "type" : "float" | |
| }, | |
| "temporal" : { | |
| "type" : "float" | |
| }, | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "severity" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "zeek" : { | |
| "properties" : { | |
| "capture_loss" : { | |
| "properties" : { | |
| "acks" : { | |
| "type" : "long" | |
| }, | |
| "gaps" : { | |
| "type" : "long" | |
| }, | |
| "peer" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "percent_lost" : { | |
| "type" : "double" | |
| }, | |
| "ts_delta" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "connection" : { | |
| "properties" : { | |
| "history" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "icmp" : { | |
| "properties" : { | |
| "code" : { | |
| "type" : "long" | |
| }, | |
| "type" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "inner_vlan" : { | |
| "type" : "long" | |
| }, | |
| "local_orig" : { | |
| "type" : "boolean" | |
| }, | |
| "local_resp" : { | |
| "type" : "boolean" | |
| }, | |
| "missed_bytes" : { | |
| "type" : "long" | |
| }, | |
| "state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "state_message" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "vlan" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "dce_rpc" : { | |
| "properties" : { | |
| "endpoint" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "named_pipe" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "operation" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rtt" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "dhcp" : { | |
| "properties" : { | |
| "address" : { | |
| "properties" : { | |
| "assigned" : { | |
| "type" : "ip" | |
| }, | |
| "client" : { | |
| "type" : "ip" | |
| }, | |
| "mac" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "requested" : { | |
| "type" : "ip" | |
| }, | |
| "server" : { | |
| "type" : "ip" | |
| } | |
| } | |
| }, | |
| "client_fqdn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "duration" : { | |
| "type" : "double" | |
| }, | |
| "hostname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "id" : { | |
| "properties" : { | |
| "circuit" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "remote_agent" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subscriber" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "lease_time" : { | |
| "type" : "long" | |
| }, | |
| "msg" : { | |
| "properties" : { | |
| "client" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "origin" : { | |
| "type" : "ip" | |
| }, | |
| "server" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "types" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "software" : { | |
| "properties" : { | |
| "client" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "server" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "dnp3" : { | |
| "properties" : { | |
| "function" : { | |
| "properties" : { | |
| "reply" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "request" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "id" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "dns" : { | |
| "properties" : { | |
| "AA" : { | |
| "type" : "boolean" | |
| }, | |
| "RA" : { | |
| "type" : "boolean" | |
| }, | |
| "RD" : { | |
| "type" : "boolean" | |
| }, | |
| "TC" : { | |
| "type" : "boolean" | |
| }, | |
| "TTLs" : { | |
| "type" : "double" | |
| }, | |
| "answers" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "qclass" : { | |
| "type" : "long" | |
| }, | |
| "qclass_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "qtype" : { | |
| "type" : "long" | |
| }, | |
| "qtype_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "query" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rcode" : { | |
| "type" : "long" | |
| }, | |
| "rcode_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rejected" : { | |
| "type" : "boolean" | |
| }, | |
| "rtt" : { | |
| "type" : "double" | |
| }, | |
| "saw_query" : { | |
| "type" : "boolean" | |
| }, | |
| "saw_reply" : { | |
| "type" : "boolean" | |
| }, | |
| "total_answers" : { | |
| "type" : "long" | |
| }, | |
| "total_replies" : { | |
| "type" : "long" | |
| }, | |
| "trans_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "dpd" : { | |
| "properties" : { | |
| "analyzer" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "failure_reason" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "packet_segment" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "files" : { | |
| "properties" : { | |
| "analyzers" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "depth" : { | |
| "type" : "long" | |
| }, | |
| "duration" : { | |
| "type" : "double" | |
| }, | |
| "entropy" : { | |
| "type" : "double" | |
| }, | |
| "extracted" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "extracted_cutoff" : { | |
| "type" : "boolean" | |
| }, | |
| "extracted_size" : { | |
| "type" : "long" | |
| }, | |
| "filename" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "fuid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "is_orig" : { | |
| "type" : "boolean" | |
| }, | |
| "local_orig" : { | |
| "type" : "boolean" | |
| }, | |
| "md5" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mime_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "missing_bytes" : { | |
| "type" : "long" | |
| }, | |
| "overflow_bytes" : { | |
| "type" : "long" | |
| }, | |
| "parent_fuid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rx_host" : { | |
| "type" : "ip" | |
| }, | |
| "seen_bytes" : { | |
| "type" : "long" | |
| }, | |
| "session_ids" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sha1" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sha256" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "source" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "timedout" : { | |
| "type" : "boolean" | |
| }, | |
| "total_bytes" : { | |
| "type" : "long" | |
| }, | |
| "tx_host" : { | |
| "type" : "ip" | |
| } | |
| } | |
| }, | |
| "ftp" : { | |
| "properties" : { | |
| "arg" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "capture_password" : { | |
| "type" : "boolean" | |
| }, | |
| "cmdarg" : { | |
| "properties" : { | |
| "arg" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cmd" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "seq" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "command" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cwd" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "data_channel" : { | |
| "properties" : { | |
| "originating_host" : { | |
| "type" : "ip" | |
| }, | |
| "passive" : { | |
| "type" : "boolean" | |
| }, | |
| "response_host" : { | |
| "type" : "ip" | |
| }, | |
| "response_port" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "file" : { | |
| "properties" : { | |
| "fuid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mime_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "size" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "last_auth_requested" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "passive" : { | |
| "type" : "boolean" | |
| }, | |
| "password" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "pending_commands" : { | |
| "type" : "long" | |
| }, | |
| "reply" : { | |
| "properties" : { | |
| "code" : { | |
| "type" : "long" | |
| }, | |
| "msg" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "user" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "http" : { | |
| "properties" : { | |
| "captured_password" : { | |
| "type" : "boolean" | |
| }, | |
| "client_header_names" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "info_code" : { | |
| "type" : "long" | |
| }, | |
| "info_msg" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "orig_filenames" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "orig_fuids" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "orig_mime_depth" : { | |
| "type" : "long" | |
| }, | |
| "orig_mime_types" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "password" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "proxied" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "range_request" : { | |
| "type" : "boolean" | |
| }, | |
| "resp_filenames" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "resp_fuids" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "resp_mime_depth" : { | |
| "type" : "long" | |
| }, | |
| "resp_mime_types" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "server_header_names" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "status_msg" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tags" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "trans_depth" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "intel" : { | |
| "properties" : { | |
| "file_desc" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "file_mime_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "fuid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "matched" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "seen" : { | |
| "properties" : { | |
| "conn" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "f" : { | |
| "type" : "object" | |
| }, | |
| "fuid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "host" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "indicator" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "indicator_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "node" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "uid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "where" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "sources" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "irc" : { | |
| "properties" : { | |
| "addl" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "command" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dcc" : { | |
| "properties" : { | |
| "file" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "size" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "mime_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "fuid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "nick" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "user" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "kerberos" : { | |
| "properties" : { | |
| "cert" : { | |
| "properties" : { | |
| "client" : { | |
| "properties" : { | |
| "fuid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subject" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "server" : { | |
| "properties" : { | |
| "fuid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subject" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "value" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "cipher" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "client" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "error" : { | |
| "properties" : { | |
| "code" : { | |
| "type" : "long" | |
| }, | |
| "msg" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "forwardable" : { | |
| "type" : "boolean" | |
| }, | |
| "renewable" : { | |
| "type" : "boolean" | |
| }, | |
| "request_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "service" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "success" : { | |
| "type" : "boolean" | |
| }, | |
| "ticket" : { | |
| "properties" : { | |
| "auth" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "new" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "valid" : { | |
| "properties" : { | |
| "days" : { | |
| "type" : "long" | |
| }, | |
| "from" : { | |
| "type" : "date" | |
| }, | |
| "until" : { | |
| "type" : "date" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "modbus" : { | |
| "properties" : { | |
| "exception" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "function" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "track_address" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "mysql" : { | |
| "properties" : { | |
| "arg" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cmd" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "response" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "rows" : { | |
| "type" : "long" | |
| }, | |
| "success" : { | |
| "type" : "boolean" | |
| } | |
| } | |
| }, | |
| "notice" : { | |
| "properties" : { | |
| "actions" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "connection_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "dropped" : { | |
| "type" : "boolean" | |
| }, | |
| "email_body_sections" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "email_delay_tokens" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "false" : { | |
| "type" : "long" | |
| }, | |
| "ffile" : { | |
| "properties" : { | |
| "total_bytes" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "file" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "is_orig" : { | |
| "type" : "boolean" | |
| }, | |
| "mime_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "missing_bytes" : { | |
| "type" : "long" | |
| }, | |
| "overflow_bytes" : { | |
| "type" : "long" | |
| }, | |
| "parent_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "seen_bytes" : { | |
| "type" : "long" | |
| }, | |
| "source" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "fuid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "icmp_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "identifier" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "msg" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "note" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "peer_descr" : { | |
| "type" : "text", | |
| "norms" : false | |
| }, | |
| "peer_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sub" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "suppress_for" : { | |
| "type" : "double" | |
| } | |
| } | |
| }, | |
| "ntlm" : { | |
| "properties" : { | |
| "domain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "hostname" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "server" : { | |
| "properties" : { | |
| "name" : { | |
| "properties" : { | |
| "dns" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "netbios" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tree" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "success" : { | |
| "type" : "boolean" | |
| }, | |
| "username" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "ocsp" : { | |
| "properties" : { | |
| "file_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "hash" : { | |
| "properties" : { | |
| "algorithm" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "issuer" : { | |
| "properties" : { | |
| "key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "revoke" : { | |
| "properties" : { | |
| "reason" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "time" : { | |
| "type" : "date" | |
| } | |
| } | |
| }, | |
| "serial_number" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "update" : { | |
| "properties" : { | |
| "next" : { | |
| "type" : "date" | |
| }, | |
| "this" : { | |
| "type" : "date" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "pe" : { | |
| "properties" : { | |
| "client" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "compile_time" : { | |
| "type" : "date" | |
| }, | |
| "has_cert_table" : { | |
| "type" : "boolean" | |
| }, | |
| "has_debug_data" : { | |
| "type" : "boolean" | |
| }, | |
| "has_export_table" : { | |
| "type" : "boolean" | |
| }, | |
| "has_import_table" : { | |
| "type" : "boolean" | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "is_64bit" : { | |
| "type" : "boolean" | |
| }, | |
| "is_exe" : { | |
| "type" : "boolean" | |
| }, | |
| "machine" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "os" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "section_names" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subsystem" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "uses_aslr" : { | |
| "type" : "boolean" | |
| }, | |
| "uses_code_integrity" : { | |
| "type" : "boolean" | |
| }, | |
| "uses_dep" : { | |
| "type" : "boolean" | |
| }, | |
| "uses_seh" : { | |
| "type" : "boolean" | |
| } | |
| } | |
| }, | |
| "radius" : { | |
| "properties" : { | |
| "connect_info" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "framed_addr" : { | |
| "type" : "ip" | |
| }, | |
| "logged" : { | |
| "type" : "boolean" | |
| }, | |
| "mac" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "remote_ip" : { | |
| "type" : "ip" | |
| }, | |
| "reply_msg" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "result" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ttl" : { | |
| "type" : "long" | |
| }, | |
| "username" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "rdp" : { | |
| "properties" : { | |
| "cert" : { | |
| "properties" : { | |
| "count" : { | |
| "type" : "long" | |
| }, | |
| "permanent" : { | |
| "type" : "boolean" | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "client" : { | |
| "properties" : { | |
| "build" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "client_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "product_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "cookie" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "desktop" : { | |
| "properties" : { | |
| "color_depth" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "height" : { | |
| "type" : "long" | |
| }, | |
| "width" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "done" : { | |
| "type" : "boolean" | |
| }, | |
| "encryption" : { | |
| "properties" : { | |
| "level" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "method" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "keyboard_layout" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "result" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "security_protocol" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "ssl" : { | |
| "type" : "boolean" | |
| } | |
| } | |
| }, | |
| "rfb" : { | |
| "properties" : { | |
| "auth" : { | |
| "properties" : { | |
| "method" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "success" : { | |
| "type" : "boolean" | |
| } | |
| } | |
| }, | |
| "desktop_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "height" : { | |
| "type" : "long" | |
| }, | |
| "share_flag" : { | |
| "type" : "boolean" | |
| }, | |
| "version" : { | |
| "properties" : { | |
| "client" : { | |
| "properties" : { | |
| "major" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "minor" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "server" : { | |
| "properties" : { | |
| "major" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "minor" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "width" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "session_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sip" : { | |
| "properties" : { | |
| "call_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "content_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "date" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "reply_to" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "request" : { | |
| "properties" : { | |
| "body_length" : { | |
| "type" : "long" | |
| }, | |
| "from" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "path" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "to" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "response" : { | |
| "properties" : { | |
| "body_length" : { | |
| "type" : "long" | |
| }, | |
| "from" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "path" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "to" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "sequence" : { | |
| "properties" : { | |
| "method" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "number" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "status" : { | |
| "properties" : { | |
| "code" : { | |
| "type" : "long" | |
| }, | |
| "msg" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "subject" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "transaction_depth" : { | |
| "type" : "long" | |
| }, | |
| "uri" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "user_agent" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "warning" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "smb_cmd" : { | |
| "properties" : { | |
| "argument" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "command" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "file" : { | |
| "properties" : { | |
| "action" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "host" : { | |
| "properties" : { | |
| "rx" : { | |
| "type" : "ip" | |
| }, | |
| "tx" : { | |
| "type" : "ip" | |
| } | |
| } | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "uid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "rtt" : { | |
| "type" : "double" | |
| }, | |
| "smb1_offered_dialects" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "smb2_offered_dialects" : { | |
| "type" : "long" | |
| }, | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "sub_command" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tree" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tree_service" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "username" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "smb_files" : { | |
| "properties" : { | |
| "action" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "fid" : { | |
| "type" : "long" | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "path" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "previous_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "size" : { | |
| "type" : "long" | |
| }, | |
| "times" : { | |
| "properties" : { | |
| "accessed" : { | |
| "type" : "date" | |
| }, | |
| "changed" : { | |
| "type" : "date" | |
| }, | |
| "created" : { | |
| "type" : "date" | |
| }, | |
| "modified" : { | |
| "type" : "date" | |
| } | |
| } | |
| }, | |
| "uuid" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "smb_mapping" : { | |
| "properties" : { | |
| "native_file_system" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "path" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "service" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "share_type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "smtp" : { | |
| "properties" : { | |
| "cc" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "date" : { | |
| "type" : "date" | |
| }, | |
| "first_received" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "from" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "fuids" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "has_client_activity" : { | |
| "type" : "boolean" | |
| }, | |
| "helo" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "in_reply_to" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "is_webmail" : { | |
| "type" : "boolean" | |
| }, | |
| "last_reply" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mail_from" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "msg_id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "path" : { | |
| "type" : "ip" | |
| }, | |
| "process_received_from" : { | |
| "type" : "boolean" | |
| }, | |
| "rcpt_to" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "reply_to" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "second_received" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subject" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "tls" : { | |
| "type" : "boolean" | |
| }, | |
| "to" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "transaction_depth" : { | |
| "type" : "long" | |
| }, | |
| "user_agent" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "x_originating_ip" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "snmp" : { | |
| "properties" : { | |
| "community" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "display_string" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "duration" : { | |
| "type" : "double" | |
| }, | |
| "get" : { | |
| "properties" : { | |
| "bulk_requests" : { | |
| "type" : "long" | |
| }, | |
| "requests" : { | |
| "type" : "long" | |
| }, | |
| "responses" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "set" : { | |
| "properties" : { | |
| "requests" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "up_since" : { | |
| "type" : "date" | |
| }, | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "socks" : { | |
| "properties" : { | |
| "bound" : { | |
| "properties" : { | |
| "host" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "port" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "capture_password" : { | |
| "type" : "boolean" | |
| }, | |
| "password" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "request" : { | |
| "properties" : { | |
| "host" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "port" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "user" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "version" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "ssh" : { | |
| "properties" : { | |
| "algorithm" : { | |
| "properties" : { | |
| "cipher" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "compression" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "host_key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "key_exchange" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "mac" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "auth" : { | |
| "properties" : { | |
| "attempts" : { | |
| "type" : "long" | |
| }, | |
| "success" : { | |
| "type" : "boolean" | |
| } | |
| } | |
| }, | |
| "client" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "direction" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "host_key" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "server" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "version" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "ssl" : { | |
| "properties" : { | |
| "cipher" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "client" : { | |
| "properties" : { | |
| "cert_chain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cert_chain_fuids" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "issuer" : { | |
| "properties" : { | |
| "common_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "country" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "locality" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "organization" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "organizational_unit" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "subject" : { | |
| "properties" : { | |
| "common_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "country" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "locality" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "organization" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "organizational_unit" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "curve" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "established" : { | |
| "type" : "boolean" | |
| }, | |
| "last_alert" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "next_protocol" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "resumed" : { | |
| "type" : "boolean" | |
| }, | |
| "server" : { | |
| "properties" : { | |
| "cert_chain" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "cert_chain_fuids" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "issuer" : { | |
| "properties" : { | |
| "common_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "country" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "locality" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "organization" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "organizational_unit" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subject" : { | |
| "properties" : { | |
| "common_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "country" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "locality" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "organization" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "organizational_unit" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "validation" : { | |
| "properties" : { | |
| "code" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "status" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "version" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "stats" : { | |
| "properties" : { | |
| "bytes" : { | |
| "properties" : { | |
| "received" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "connections" : { | |
| "properties" : { | |
| "icmp" : { | |
| "properties" : { | |
| "active" : { | |
| "type" : "long" | |
| }, | |
| "count" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "tcp" : { | |
| "properties" : { | |
| "active" : { | |
| "type" : "long" | |
| }, | |
| "count" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "udp" : { | |
| "properties" : { | |
| "active" : { | |
| "type" : "long" | |
| }, | |
| "count" : { | |
| "type" : "long" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "dns_requests" : { | |
| "properties" : { | |
| "active" : { | |
| "type" : "long" | |
| }, | |
| "count" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "events" : { | |
| "properties" : { | |
| "processed" : { | |
| "type" : "long" | |
| }, | |
| "queued" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "files" : { | |
| "properties" : { | |
| "active" : { | |
| "type" : "long" | |
| }, | |
| "count" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "memory" : { | |
| "type" : "long" | |
| }, | |
| "packets" : { | |
| "properties" : { | |
| "dropped" : { | |
| "type" : "long" | |
| }, | |
| "processed" : { | |
| "type" : "long" | |
| }, | |
| "received" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "peer" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "reassembly_size" : { | |
| "properties" : { | |
| "file" : { | |
| "type" : "long" | |
| }, | |
| "frag" : { | |
| "type" : "long" | |
| }, | |
| "tcp" : { | |
| "type" : "long" | |
| }, | |
| "unknown" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "timers" : { | |
| "properties" : { | |
| "active" : { | |
| "type" : "long" | |
| }, | |
| "count" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "timestamp_lag" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "syslog" : { | |
| "properties" : { | |
| "facility" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "message" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "severity" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "tunnel" : { | |
| "properties" : { | |
| "action" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "weird" : { | |
| "properties" : { | |
| "additional_info" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "identifier" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "notice" : { | |
| "type" : "boolean" | |
| }, | |
| "peer" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "x509" : { | |
| "properties" : { | |
| "basic_constraints" : { | |
| "properties" : { | |
| "certificate_authority" : { | |
| "type" : "boolean" | |
| }, | |
| "path_length" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "certificate" : { | |
| "properties" : { | |
| "common_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "curve" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "exponent" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "issuer" : { | |
| "properties" : { | |
| "common_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "country" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "locality" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "organization" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "organizational_unit" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "key" : { | |
| "properties" : { | |
| "algorithm" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "length" : { | |
| "type" : "long" | |
| }, | |
| "type" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "serial" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "signature_algorithm" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "subject" : { | |
| "properties" : { | |
| "common_name" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "country" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "locality" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "organization" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "organizational_unit" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "state" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| } | |
| } | |
| }, | |
| "valid" : { | |
| "properties" : { | |
| "from" : { | |
| "type" : "date" | |
| }, | |
| "until" : { | |
| "type" : "date" | |
| } | |
| } | |
| }, | |
| "version" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "id" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "log_cert" : { | |
| "type" : "boolean" | |
| }, | |
| "san" : { | |
| "properties" : { | |
| "dns" : { | |
| "type" : "keyword", | |
| "ignore_above" : 1024 | |
| }, | |
| "email" : { | |
| "type" : "keyword", | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment