Created
February 14, 2018 17:42
-
-
Save djcrabhat/ce74ca10d74748a657f8f5c45c4654f1 to your computer and use it in GitHub Desktop.
filebeat export template --es.version=6.0.1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"index_patterns": [ | |
"filebeat-6.1.0-*" | |
], | |
"mappings": { | |
"doc": { | |
"_meta": { | |
"version": "6.1.0" | |
}, | |
"date_detection": false, | |
"dynamic_templates": [ | |
{ | |
"fields": { | |
"mapping": { | |
"type": "keyword" | |
}, | |
"match_mapping_type": "string", | |
"path_match": "fields.*" | |
} | |
}, | |
{ | |
"docker.container.labels": { | |
"mapping": { | |
"type": "keyword" | |
}, | |
"match_mapping_type": "string", | |
"path_match": "docker.container.labels.*" | |
} | |
}, | |
{ | |
"strings_as_keyword": { | |
"mapping": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"match_mapping_type": "string" | |
} | |
} | |
], | |
"properties": { | |
"@timestamp": { | |
"type": "date" | |
}, | |
"apache2": { | |
"properties": { | |
"access": { | |
"properties": { | |
"agent": { | |
"norms": false, | |
"type": "text" | |
}, | |
"body_sent": { | |
"properties": { | |
"bytes": { | |
"type": "long" | |
} | |
} | |
}, | |
"geoip": { | |
"properties": { | |
"city_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"continent_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"country_iso_code": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"location": { | |
"type": "geo_point" | |
}, | |
"region_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"http_version": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"method": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"referrer": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"remote_ip": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"response_code": { | |
"type": "long" | |
}, | |
"url": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"user_agent": { | |
"properties": { | |
"device": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"major": { | |
"type": "long" | |
}, | |
"minor": { | |
"type": "long" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"os": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"os_major": { | |
"type": "long" | |
}, | |
"os_minor": { | |
"type": "long" | |
}, | |
"os_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"patch": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"user_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"error": { | |
"properties": { | |
"client": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"level": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"message": { | |
"norms": false, | |
"type": "text" | |
}, | |
"module": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"pid": { | |
"type": "long" | |
}, | |
"tid": { | |
"type": "long" | |
} | |
} | |
} | |
} | |
}, | |
"auditd": { | |
"properties": { | |
"log": { | |
"properties": { | |
"a0": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"acct": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"geoip": { | |
"properties": { | |
"city_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"continent_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"country_iso_code": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"location": { | |
"type": "geo_point" | |
}, | |
"region_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"item": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"items": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"new_auid": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"new_ses": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"old_auid": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"old_ses": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"pid": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"ppid": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"record_type": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"res": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"sequence": { | |
"type": "long" | |
} | |
} | |
} | |
} | |
}, | |
"beat": { | |
"properties": { | |
"hostname": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"timezone": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"version": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"docker": { | |
"properties": { | |
"container": { | |
"properties": { | |
"id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"image": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"labels": { | |
"type": "object" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"error": { | |
"properties": { | |
"code": { | |
"type": "long" | |
}, | |
"message": { | |
"norms": false, | |
"type": "text" | |
}, | |
"type": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"fields": { | |
"type": "object" | |
}, | |
"fileset": { | |
"properties": { | |
"module": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"icinga": { | |
"properties": { | |
"debug": { | |
"properties": { | |
"facility": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"message": { | |
"norms": false, | |
"type": "text" | |
}, | |
"severity": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"main": { | |
"properties": { | |
"facility": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"message": { | |
"norms": false, | |
"type": "text" | |
}, | |
"severity": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"startup": { | |
"properties": { | |
"facility": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"message": { | |
"norms": false, | |
"type": "text" | |
}, | |
"severity": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"kafka": { | |
"properties": { | |
"log": { | |
"properties": { | |
"class": { | |
"norms": false, | |
"type": "text" | |
}, | |
"component": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"level": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"message": { | |
"norms": false, | |
"type": "text" | |
}, | |
"timestamp": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"trace": { | |
"properties": { | |
"class": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"full": { | |
"norms": false, | |
"type": "text" | |
}, | |
"message": { | |
"norms": false, | |
"type": "text" | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"kubernetes": { | |
"properties": { | |
"annotations": { | |
"type": "object" | |
}, | |
"container": { | |
"properties": { | |
"image": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"labels": { | |
"type": "object" | |
}, | |
"namespace": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"pod": { | |
"properties": { | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"logstash": { | |
"properties": { | |
"log": { | |
"properties": { | |
"level": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"log_event": { | |
"type": "object" | |
}, | |
"message": { | |
"norms": false, | |
"type": "text" | |
}, | |
"module": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"thread": { | |
"norms": false, | |
"type": "text" | |
} | |
} | |
}, | |
"slowlog": { | |
"properties": { | |
"event": { | |
"norms": false, | |
"type": "text" | |
}, | |
"level": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"message": { | |
"norms": false, | |
"type": "text" | |
}, | |
"module": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"plugin_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"plugin_params": { | |
"norms": false, | |
"type": "text" | |
}, | |
"plugin_params_object": { | |
"type": "object" | |
}, | |
"plugin_type": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"thread": { | |
"norms": false, | |
"type": "text" | |
}, | |
"took_in_millis": { | |
"type": "long" | |
}, | |
"took_in_nanos": { | |
"type": "long" | |
} | |
} | |
} | |
} | |
}, | |
"message": { | |
"norms": false, | |
"type": "text" | |
}, | |
"meta": { | |
"properties": { | |
"cloud": { | |
"properties": { | |
"availability_zone": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"instance_id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"instance_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"machine_type": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"project_id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"provider": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"region": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"mysql": { | |
"properties": { | |
"error": { | |
"properties": { | |
"level": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"message": { | |
"norms": false, | |
"type": "text" | |
}, | |
"thread_id": { | |
"type": "long" | |
}, | |
"timestamp": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"slowlog": { | |
"properties": { | |
"host": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"id": { | |
"type": "long" | |
}, | |
"ip": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"lock_time": { | |
"properties": { | |
"sec": { | |
"type": "float" | |
} | |
} | |
}, | |
"query": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"query_time": { | |
"properties": { | |
"sec": { | |
"type": "float" | |
} | |
} | |
}, | |
"rows_examined": { | |
"type": "long" | |
}, | |
"rows_sent": { | |
"type": "long" | |
}, | |
"timestamp": { | |
"type": "long" | |
}, | |
"user": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"nginx": { | |
"properties": { | |
"access": { | |
"properties": { | |
"agent": { | |
"norms": false, | |
"type": "text" | |
}, | |
"body_sent": { | |
"properties": { | |
"bytes": { | |
"type": "long" | |
} | |
} | |
}, | |
"geoip": { | |
"properties": { | |
"city_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"continent_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"country_iso_code": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"location": { | |
"type": "geo_point" | |
}, | |
"region_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"http_version": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"method": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"referrer": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"remote_ip": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"response_code": { | |
"type": "long" | |
}, | |
"url": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"user_agent": { | |
"properties": { | |
"device": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"major": { | |
"type": "long" | |
}, | |
"minor": { | |
"type": "long" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"os": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"os_major": { | |
"type": "long" | |
}, | |
"os_minor": { | |
"type": "long" | |
}, | |
"os_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"patch": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"user_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"error": { | |
"properties": { | |
"connection_id": { | |
"type": "long" | |
}, | |
"level": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"message": { | |
"norms": false, | |
"type": "text" | |
}, | |
"pid": { | |
"type": "long" | |
}, | |
"tid": { | |
"type": "long" | |
} | |
} | |
} | |
} | |
}, | |
"offset": { | |
"type": "long" | |
}, | |
"postgresql": { | |
"properties": { | |
"log": { | |
"properties": { | |
"database": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"duration": { | |
"type": "float" | |
}, | |
"level": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"message": { | |
"norms": false, | |
"type": "text" | |
}, | |
"query": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"thread_id": { | |
"type": "long" | |
}, | |
"timestamp": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"timezone": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"user": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"prospector": { | |
"properties": { | |
"type": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"read_timestamp": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"redis": { | |
"properties": { | |
"log": { | |
"properties": { | |
"level": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"message": { | |
"norms": false, | |
"type": "text" | |
}, | |
"pid": { | |
"type": "long" | |
}, | |
"role": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"slowlog": { | |
"properties": { | |
"args": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"cmd": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"duration": { | |
"properties": { | |
"us": { | |
"type": "long" | |
} | |
} | |
}, | |
"id": { | |
"type": "long" | |
}, | |
"key": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"source": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"stream": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"system": { | |
"properties": { | |
"auth": { | |
"properties": { | |
"groupadd": { | |
"properties": { | |
"gid": { | |
"type": "long" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"hostname": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"message": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"pid": { | |
"type": "long" | |
}, | |
"program": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"ssh": { | |
"properties": { | |
"dropped_ip": { | |
"type": "ip" | |
}, | |
"event": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"geoip": { | |
"properties": { | |
"city_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"continent_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"country_iso_code": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"location": { | |
"type": "geo_point" | |
}, | |
"region_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"ip": { | |
"type": "ip" | |
}, | |
"method": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"port": { | |
"type": "long" | |
}, | |
"signature": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"sudo": { | |
"properties": { | |
"command": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"error": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"pwd": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"tty": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"user": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"timestamp": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"user": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"useradd": { | |
"properties": { | |
"gid": { | |
"type": "long" | |
}, | |
"home": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"shell": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"uid": { | |
"type": "long" | |
} | |
} | |
} | |
} | |
}, | |
"syslog": { | |
"properties": { | |
"hostname": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"message": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"pid": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"program": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"timestamp": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"tags": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"traefik": { | |
"properties": { | |
"access": { | |
"properties": { | |
"agent": { | |
"norms": false, | |
"type": "text" | |
}, | |
"backend_url": { | |
"norms": false, | |
"type": "text" | |
}, | |
"body_sent": { | |
"properties": { | |
"bytes": { | |
"type": "long" | |
} | |
} | |
}, | |
"frontend_name": { | |
"norms": false, | |
"type": "text" | |
}, | |
"geoip": { | |
"properties": { | |
"city_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"continent_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"country_iso_code": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"location": { | |
"type": "geo_point" | |
}, | |
"region_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"http_version": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"method": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"referrer": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"remote_ip": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"request_count": { | |
"type": "long" | |
}, | |
"response_code": { | |
"type": "long" | |
}, | |
"url": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"user_agent": { | |
"properties": { | |
"device": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"major": { | |
"type": "long" | |
}, | |
"minor": { | |
"type": "long" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"os": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"os_major": { | |
"type": "long" | |
}, | |
"os_minor": { | |
"type": "long" | |
}, | |
"os_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"patch": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"user_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"order": 1, | |
"settings": { | |
"index": { | |
"mapping": { | |
"total_fields": { | |
"limit": 10000 | |
} | |
}, | |
"number_of_shards": 3, | |
"refresh_interval": "5s" | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment