/template.json Secret
Created
February 5, 2020 15:31
Star
You must be signed in to star a gist
discuss elastic \template
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
".monitoring-kibana" : { | |
"order" : 0, | |
"version" : 7000199, | |
"index_patterns" : [ | |
".monitoring-kibana-7-*" | |
], | |
"settings" : { | |
"index" : { | |
"format" : "7", | |
"codec" : "best_compression", | |
"number_of_shards" : "1", | |
"auto_expand_replicas" : "0-1", | |
"number_of_replicas" : "0" | |
} | |
}, | |
"mappings" : { | |
"dynamic" : false, | |
"properties" : { | |
"cluster_uuid" : { | |
"type" : "keyword" | |
}, | |
"timestamp" : { | |
"type" : "date", | |
"format" : "date_time" | |
}, | |
"interval_ms" : { | |
"type" : "long" | |
}, | |
"type" : { | |
"type" : "keyword" | |
}, | |
"source_node" : { | |
"properties" : { | |
"uuid" : { | |
"type" : "keyword" | |
}, | |
"host" : { | |
"type" : "keyword" | |
}, | |
"transport_address" : { | |
"type" : "keyword" | |
}, | |
"ip" : { | |
"type" : "keyword" | |
}, | |
"name" : { | |
"type" : "keyword" | |
}, | |
"timestamp" : { | |
"type" : "date", | |
"format" : "date_time" | |
} | |
} | |
}, | |
"kibana_stats" : { | |
"properties" : { | |
"usage" : { | |
"properties" : { | |
"index" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
"kibana" : { | |
"properties" : { | |
"uuid" : { | |
"type" : "keyword" | |
}, | |
"name" : { | |
"type" : "keyword" | |
}, | |
"host" : { | |
"type" : "keyword" | |
}, | |
"transport_address" : { | |
"type" : "keyword" | |
}, | |
"version" : { | |
"type" : "keyword" | |
}, | |
"snapshot" : { | |
"type" : "boolean" | |
}, | |
"status" : { | |
"type" : "keyword" | |
}, | |
"statuses" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword" | |
}, | |
"state" : { | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"cloud" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword" | |
}, | |
"id" : { | |
"type" : "keyword" | |
}, | |
"vm_type" : { | |
"type" : "keyword" | |
}, | |
"region" : { | |
"type" : "keyword" | |
}, | |
"zone" : { | |
"type" : "keyword" | |
}, | |
"metadata" : { | |
"type" : "object" | |
} | |
} | |
}, | |
"os" : { | |
"properties" : { | |
"load" : { | |
"properties" : { | |
"1m" : { | |
"type" : "half_float" | |
}, | |
"5m" : { | |
"type" : "half_float" | |
}, | |
"15m" : { | |
"type" : "half_float" | |
} | |
} | |
}, | |
"memory" : { | |
"properties" : { | |
"total_in_bytes" : { | |
"type" : "float" | |
}, | |
"free_in_bytes" : { | |
"type" : "float" | |
}, | |
"used_in_bytes" : { | |
"type" : "float" | |
} | |
} | |
}, | |
"uptime_in_millis" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"process" : { | |
"properties" : { | |
"memory" : { | |
"properties" : { | |
"heap" : { | |
"properties" : { | |
"total_in_bytes" : { | |
"type" : "float" | |
}, | |
"used_in_bytes" : { | |
"type" : "float" | |
}, | |
"size_limit" : { | |
"type" : "float" | |
} | |
} | |
}, | |
"resident_set_size_in_bytes" : { | |
"type" : "float" | |
} | |
} | |
}, | |
"event_loop_delay" : { | |
"type" : "float" | |
}, | |
"uptime_in_millis" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"sockets" : { | |
"properties" : { | |
"http" : { | |
"properties" : { | |
"total" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"https" : { | |
"properties" : { | |
"total" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"timestamp" : { | |
"type" : "date" | |
}, | |
"requests" : { | |
"properties" : { | |
"disconnects" : { | |
"type" : "long" | |
}, | |
"total" : { | |
"type" : "long" | |
}, | |
"status_codes" : { | |
"type" : "object" | |
} | |
} | |
}, | |
"response_times" : { | |
"properties" : { | |
"average" : { | |
"type" : "float" | |
}, | |
"max" : { | |
"type" : "float" | |
} | |
} | |
}, | |
"concurrent_connections" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"aliases" : { } | |
}, | |
".triggered_watches" : { | |
"order" : 2147483647, | |
"index_patterns" : [ | |
".triggered_watches*" | |
], | |
"settings" : { | |
"index" : { | |
"format" : "6", | |
"refresh_interval" : "-1", | |
"number_of_shards" : "1", | |
"priority" : "900", | |
"auto_expand_replicas" : "0-1" | |
} | |
}, | |
"mappings" : { | |
"dynamic" : "strict", | |
"properties" : { | |
"trigger_event" : { | |
"type" : "object", | |
"dynamic" : true, | |
"enabled" : false, | |
"properties" : { | |
"schedule" : { | |
"type" : "object", | |
"dynamic" : true, | |
"properties" : { | |
"triggered_time" : { | |
"type" : "date" | |
}, | |
"scheduled_time" : { | |
"type" : "date" | |
} | |
} | |
} | |
} | |
}, | |
"state" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
"aliases" : { } | |
}, | |
".monitoring-alerts-7" : { | |
"order" : 0, | |
"version" : 7000199, | |
"index_patterns" : [ | |
".monitoring-alerts-7" | |
], | |
"settings" : { | |
"index" : { | |
"format" : "7", | |
"codec" : "best_compression", | |
"number_of_shards" : "1", | |
"auto_expand_replicas" : "0-1", | |
"number_of_replicas" : "0" | |
} | |
}, | |
"mappings" : { | |
"dynamic" : false, | |
"properties" : { | |
"timestamp" : { | |
"type" : "date" | |
}, | |
"update_timestamp" : { | |
"type" : "date" | |
}, | |
"resolved_timestamp" : { | |
"type" : "date" | |
}, | |
"prefix" : { | |
"type" : "text" | |
}, | |
"message" : { | |
"type" : "text" | |
}, | |
"suffix" : { | |
"type" : "text" | |
}, | |
"metadata" : { | |
"properties" : { | |
"cluster_uuid" : { | |
"type" : "keyword" | |
}, | |
"link" : { | |
"type" : "keyword" | |
}, | |
"severity" : { | |
"type" : "short" | |
}, | |
"type" : { | |
"type" : "keyword" | |
}, | |
"version" : { | |
"type" : "keyword" | |
}, | |
"watch" : { | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"aliases" : { } | |
}, | |
".watches" : { | |
"order" : 2147483647, | |
"index_patterns" : [ | |
".watches*" | |
], | |
"settings" : { | |
"index" : { | |
"format" : "6", | |
"number_of_shards" : "1", | |
"priority" : "800", | |
"auto_expand_replicas" : "0-1", | |
"number_of_replicas" : "0" | |
} | |
}, | |
"mappings" : { | |
"dynamic" : "strict", | |
"properties" : { | |
"status" : { | |
"type" : "object", | |
"enabled" : false, | |
"dynamic" : true | |
}, | |
"trigger" : { | |
"type" : "object", | |
"enabled" : false, | |
"dynamic" : true | |
}, | |
"input" : { | |
"type" : "object", | |
"enabled" : false, | |
"dynamic" : true | |
}, | |
"condition" : { | |
"type" : "object", | |
"enabled" : false, | |
"dynamic" : true | |
}, | |
"throttle_period" : { | |
"type" : "keyword", | |
"index" : false, | |
"doc_values" : false | |
}, | |
"throttle_period_in_millis" : { | |
"type" : "long", | |
"index" : false, | |
"doc_values" : false | |
}, | |
"transform" : { | |
"type" : "object", | |
"enabled" : false, | |
"dynamic" : true | |
}, | |
"actions" : { | |
"type" : "object", | |
"enabled" : false, | |
"dynamic" : true | |
}, | |
"metadata" : { | |
"type" : "object", | |
"dynamic" : true | |
} | |
} | |
}, | |
"aliases" : { } | |
}, | |
".ml-anomalies-" : { | |
"order" : 0, | |
"version" : 7050099, | |
"index_patterns" : [ | |
".ml-anomalies-*" | |
], | |
"settings" : { | |
"index" : { | |
"unassigned" : { | |
"node_left" : { | |
"delayed_timeout" : "1m" | |
} | |
}, | |
"translog" : { | |
"durability" : "async" | |
}, | |
"auto_expand_replicas" : "0-1", | |
"query" : { | |
"default_field" : "all_field_values" | |
} | |
} | |
}, | |
"mappings" : { | |
"_meta" : { | |
"version" : "7.5.0" | |
}, | |
"dynamic_templates" : [ | |
{ | |
"strings_as_keywords" : { | |
"match" : "*", | |
"mapping" : { | |
"type" : "keyword" | |
} | |
} | |
} | |
], | |
"properties" : { | |
"all_field_values" : { | |
"type" : "text", | |
"analyzer" : "whitespace" | |
}, | |
"job_id" : { | |
"type" : "keyword", | |
"copy_to" : "all_field_values" | |
}, | |
"timestamp" : { | |
"type" : "date" | |
}, | |
"result_type" : { | |
"type" : "keyword" | |
}, | |
"anomaly_score" : { | |
"type" : "double" | |
}, | |
"raw_anomaly_score" : { | |
"type" : "double" | |
}, | |
"initial_anomaly_score" : { | |
"type" : "double" | |
}, | |
"is_interim" : { | |
"type" : "boolean" | |
}, | |
"event_count" : { | |
"type" : "long" | |
}, | |
"bucket_span" : { | |
"type" : "long" | |
}, | |
"processing_time_ms" : { | |
"type" : "long" | |
}, | |
"scheduled_events" : { | |
"type" : "keyword" | |
}, | |
"bucket_influencers" : { | |
"type" : "nested", | |
"properties" : { | |
"job_id" : { | |
"type" : "keyword" | |
}, | |
"result_type" : { | |
"type" : "keyword" | |
}, | |
"influencer_field_name" : { | |
"type" : "keyword" | |
}, | |
"initial_anomaly_score" : { | |
"type" : "double" | |
}, | |
"anomaly_score" : { | |
"type" : "double" | |
}, | |
"raw_anomaly_score" : { | |
"type" : "double" | |
}, | |
"probability" : { | |
"type" : "double" | |
}, | |
"timestamp" : { | |
"type" : "date" | |
}, | |
"bucket_span" : { | |
"type" : "long" | |
}, | |
"is_interim" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"model_feature" : { | |
"type" : "keyword" | |
}, | |
"model_lower" : { | |
"type" : "double" | |
}, | |
"model_upper" : { | |
"type" : "double" | |
}, | |
"model_median" : { | |
"type" : "double" | |
}, | |
"forecast_lower" : { | |
"type" : "double" | |
}, | |
"forecast_upper" : { | |
"type" : "double" | |
}, | |
"forecast_prediction" : { | |
"type" : "double" | |
}, | |
"forecast_id" : { | |
"type" : "keyword" | |
}, | |
"forecast_start_timestamp" : { | |
"type" : "date" | |
}, | |
"forecast_end_timestamp" : { | |
"type" : "date" | |
}, | |
"forecast_create_timestamp" : { | |
"type" : "date" | |
}, | |
"forecast_expiry_timestamp" : { | |
"type" : "date" | |
}, | |
"forecast_messages" : { | |
"type" : "keyword" | |
}, | |
"forecast_progress" : { | |
"type" : "double" | |
}, | |
"forecast_status" : { | |
"type" : "keyword" | |
}, | |
"forecast_memory_bytes" : { | |
"type" : "long" | |
}, | |
"detector_index" : { | |
"type" : "integer" | |
}, | |
"actual" : { | |
"type" : "double" | |
}, | |
"typical" : { | |
"type" : "double" | |
}, | |
"probability" : { | |
"type" : "double" | |
}, | |
"multi_bucket_impact" : { | |
"type" : "double" | |
}, | |
"function" : { | |
"type" : "keyword" | |
}, | |
"function_description" : { | |
"type" : "keyword" | |
}, | |
"by_field_name" : { | |
"type" : "keyword" | |
}, | |
"by_field_value" : { | |
"type" : "keyword", | |
"copy_to" : "all_field_values" | |
}, | |
"field_name" : { | |
"type" : "keyword" | |
}, | |
"partition_field_name" : { | |
"type" : "keyword" | |
}, | |
"partition_field_value" : { | |
"type" : "keyword", | |
"copy_to" : "all_field_values" | |
}, | |
"over_field_name" : { | |
"type" : "keyword" | |
}, | |
"over_field_value" : { | |
"type" : "keyword", | |
"copy_to" : "all_field_values" | |
}, | |
"record_score" : { | |
"type" : "double" | |
}, | |
"initial_record_score" : { | |
"type" : "double" | |
}, | |
"causes" : { | |
"type" : "nested", | |
"properties" : { | |
"actual" : { | |
"type" : "double" | |
}, | |
"typical" : { | |
"type" : "double" | |
}, | |
"probability" : { | |
"type" : "double" | |
}, | |
"function" : { | |
"type" : "keyword" | |
}, | |
"function_description" : { | |
"type" : "keyword" | |
}, | |
"by_field_name" : { | |
"type" : "keyword" | |
}, | |
"by_field_value" : { | |
"type" : "keyword", | |
"copy_to" : "all_field_values" | |
}, | |
"correlated_by_field_value" : { | |
"type" : "keyword", | |
"copy_to" : "all_field_values" | |
}, | |
"field_name" : { | |
"type" : "keyword" | |
}, | |
"partition_field_name" : { | |
"type" : "keyword" | |
}, | |
"partition_field_value" : { | |
"type" : "keyword", | |
"copy_to" : "all_field_values" | |
}, | |
"over_field_name" : { | |
"type" : "keyword" | |
}, | |
"over_field_value" : { | |
"type" : "keyword", | |
"copy_to" : "all_field_values" | |
} | |
} | |
}, | |
"influencers" : { | |
"type" : "nested", | |
"properties" : { | |
"influencer_field_name" : { | |
"type" : "keyword" | |
}, | |
"influencer_field_values" : { | |
"type" : "keyword", | |
"copy_to" : "all_field_values" | |
} | |
} | |
}, | |
"influencer_score" : { | |
"type" : "double" | |
}, | |
"initial_influencer_score" : { | |
"type" : "double" | |
}, | |
"influencer_field_name" : { | |
"type" : "keyword" | |
}, | |
"influencer_field_value" : { | |
"type" : "keyword", | |
"copy_to" : "all_field_values" | |
}, | |
"model_bytes" : { | |
"type" : "long" | |
}, | |
"total_by_field_count" : { | |
"type" : "long" | |
}, | |
"total_over_field_count" : { | |
"type" : "long" | |
}, | |
"total_partition_field_count" : { | |
"type" : "long" | |
}, | |
"bucket_allocation_failures_count" : { | |
"type" : "long" | |
}, | |
"memory_status" : { | |
"type" : "keyword" | |
}, | |
"log_time" : { | |
"type" : "date" | |
}, | |
"category_id" : { | |
"type" : "long" | |
}, | |
"terms" : { | |
"type" : "text" | |
}, | |
"regex" : { | |
"type" : "keyword" | |
}, | |
"max_matching_length" : { | |
"type" : "long" | |
}, | |
"examples" : { | |
"type" : "text" | |
}, | |
"processed_record_count" : { | |
"type" : "long" | |
}, | |
"processed_field_count" : { | |
"type" : "long" | |
}, | |
"input_bytes" : { | |
"type" : "long" | |
}, | |
"input_record_count" : { | |
"type" : "long" | |
}, | |
"input_field_count" : { | |
"type" : "long" | |
}, | |
"invalid_date_count" : { | |
"type" : "long" | |
}, | |
"missing_field_count" : { | |
"type" : "long" | |
}, | |
"out_of_order_timestamp_count" : { | |
"type" : "long" | |
}, | |
"empty_bucket_count" : { | |
"type" : "long" | |
}, | |
"sparse_bucket_count" : { | |
"type" : "long" | |
}, | |
"bucket_count" : { | |
"type" : "long" | |
}, | |
"earliest_record_timestamp" : { | |
"type" : "date" | |
}, | |
"latest_record_timestamp" : { | |
"type" : "date" | |
}, | |
"latest_empty_bucket_timestamp" : { | |
"type" : "date" | |
}, | |
"latest_sparse_bucket_timestamp" : { | |
"type" : "date" | |
}, | |
"last_data_time" : { | |
"type" : "date" | |
}, | |
"minimum_bucket_processing_time_ms" : { | |
"type" : "double" | |
}, | |
"maximum_bucket_processing_time_ms" : { | |
"type" : "double" | |
}, | |
"average_bucket_processing_time_ms" : { | |
"type" : "double" | |
}, | |
"exponential_average_bucket_processing_time_ms" : { | |
"type" : "double" | |
}, | |
"exponential_average_calculation_context" : { | |
"properties" : { | |
"incremental_metric_value_ms" : { | |
"type" : "double" | |
}, | |
"latest_timestamp" : { | |
"type" : "date" | |
}, | |
"previous_exponential_average_ms" : { | |
"type" : "double" | |
} | |
} | |
}, | |
"search_count" : { | |
"type" : "long" | |
}, | |
"total_search_time_ms" : { | |
"type" : "double" | |
}, | |
"description" : { | |
"type" : "text" | |
}, | |
"snapshot_id" : { | |
"type" : "keyword" | |
}, | |
"snapshot_doc_count" : { | |
"type" : "integer" | |
}, | |
"retain" : { | |
"type" : "boolean" | |
}, | |
"model_size_stats" : { | |
"properties" : { | |
"job_id" : { | |
"type" : "keyword" | |
}, | |
"result_type" : { | |
"type" : "keyword" | |
}, | |
"timestamp" : { | |
"type" : "date" | |
}, | |
"model_bytes" : { | |
"type" : "long" | |
}, | |
"total_by_field_count" : { | |
"type" : "long" | |
}, | |
"total_over_field_count" : { | |
"type" : "long" | |
}, | |
"total_partition_field_count" : { | |
"type" : "long" | |
}, | |
"bucket_allocation_failures_count" : { | |
"type" : "long" | |
}, | |
"memory_status" : { | |
"type" : "keyword" | |
}, | |
"log_time" : { | |
"type" : "date" | |
} | |
} | |
}, | |
"quantiles" : { | |
"enabled" : false | |
}, | |
"min_version" : { | |
"type" : "keyword" | |
}, | |
"latest_record_time_stamp" : { | |
"type" : "date" | |
}, | |
"latest_result_time_stamp" : { | |
"type" : "date" | |
} | |
} | |
}, | |
"aliases" : { } | |
}, | |
".monitoring-es" : { | |
"order" : 0, | |
"version" : 7000199, | |
"index_patterns" : [ | |
".monitoring-es-7-*" | |
], | |
"settings" : { | |
"index" : { | |
"format" : "7", | |
"codec" : "best_compression", | |
"number_of_shards" : "1", | |
"auto_expand_replicas" : "0-1", | |
"number_of_replicas" : "0" | |
} | |
}, | |
"mappings" : { | |
"date_detection" : false, | |
"dynamic" : false, | |
"properties" : { | |
"cluster_uuid" : { | |
"type" : "keyword" | |
}, | |
"state_uuid" : { | |
"type" : "keyword" | |
}, | |
"timestamp" : { | |
"type" : "date", | |
"format" : "date_time" | |
}, | |
"interval_ms" : { | |
"type" : "long" | |
}, | |
"type" : { | |
"type" : "keyword" | |
}, | |
"source_node" : { | |
"properties" : { | |
"uuid" : { | |
"type" : "keyword" | |
}, | |
"host" : { | |
"type" : "keyword" | |
}, | |
"transport_address" : { | |
"type" : "keyword" | |
}, | |
"ip" : { | |
"type" : "keyword" | |
}, | |
"name" : { | |
"type" : "keyword" | |
}, | |
"timestamp" : { | |
"type" : "date", | |
"format" : "date_time" | |
} | |
} | |
}, | |
"indices_stats" : { | |
"properties" : { | |
"_all" : { | |
"properties" : { | |
"primaries" : { | |
"properties" : { | |
"docs" : { | |
"properties" : { | |
"count" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"indexing" : { | |
"properties" : { | |
"index_total" : { | |
"type" : "long" | |
}, | |
"index_time_in_millis" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"search" : { | |
"properties" : { | |
"query_total" : { | |
"type" : "long" | |
}, | |
"query_time_in_millis" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"total" : { | |
"properties" : { | |
"docs" : { | |
"properties" : { | |
"count" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"indexing" : { | |
"properties" : { | |
"index_total" : { | |
"type" : "long" | |
}, | |
"index_time_in_millis" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"search" : { | |
"properties" : { | |
"query_total" : { | |
"type" : "long" | |
}, | |
"query_time_in_millis" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"index_stats" : { | |
"properties" : { | |
"index" : { | |
"type" : "keyword" | |
}, | |
"primaries" : { | |
"properties" : { | |
"docs" : { | |
"properties" : { | |
"count" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"fielddata" : { | |
"properties" : { | |
"memory_size_in_bytes" : { | |
"type" : "long" | |
}, | |
"evictions" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"store" : { | |
"properties" : { | |
"size_in_bytes" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"indexing" : { | |
"properties" : { | |
"index_total" : { | |
"type" : "long" | |
}, | |
"index_time_in_millis" : { | |
"type" : "long" | |
}, | |
"throttle_time_in_millis" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"merges" : { | |
"properties" : { | |
"total_size_in_bytes" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"query_cache" : { | |
"properties" : { | |
"memory_size_in_bytes" : { | |
"type" : "long" | |
}, | |
"evictions" : { | |
"type" : "long" | |
}, | |
"hit_count" : { | |
"type" : "long" | |
}, | |
"miss_count" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"request_cache" : { | |
"properties" : { | |
"memory_size_in_bytes" : { | |
"type" : "long" | |
}, | |
"evictions" : { | |
"type" : "long" | |
}, | |
"hit_count" : { | |
"type" : "long" | |
}, | |
"miss_count" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"search" : { | |
"properties" : { | |
"query_total" : { | |
"type" : "long" | |
}, | |
"query_time_in_millis" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"segments" : { | |
"properties" : { | |
"count" : { | |
"type" : "integer" | |
}, | |
"memory_in_bytes" : { | |
"type" : "long" | |
}, | |
"terms_memory_in_bytes" : { | |
"type" : "long" | |
}, | |
"points_memory_in_bytes" : { | |
"type" : "long" | |
}, | |
"stored_fields_memory_in_bytes" : { | |
"type" : "long" | |
}, | |
"term_vectors_memory_in_bytes" : { | |
"type" : "long" | |
}, | |
"norms_memory_in_bytes" : { | |
"type" : "long" | |
}, | |
"doc_values_memory_in_bytes" : { | |
"type" : "long" | |
}, | |
"index_writer_memory_in_bytes" : { | |
"type" : "long" | |
}, | |
"version_map_memory_in_bytes" : { | |
"type" : "long" | |
}, | |
"fixed_bit_set_memory_in_bytes" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"refresh" : { | |
"properties" : { | |
"total_time_in_millis" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"total" : { | |
"properties" : { | |
"docs" : { | |
"properties" : { | |
"count" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"fielddata" : { | |
"properties" : { | |
"memory_size_in_bytes" : { | |
"type" : "long" | |
}, | |
"evictions" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"store" : { | |
"properties" : { | |
"size_in_bytes" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"indexing" : { | |
"properties" : { | |
"index_total" : { | |
"type" : "long" | |
}, | |
"index_time_in_millis" : { | |
"type" : "long" | |
}, | |
"throttle_time_in_millis" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"merges" : { | |
"properties" : { | |
"total_size_in_bytes" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"query_cache" : { | |
"properties" : { | |
"memory_size_in_bytes" : { | |
"type" : "long" | |
}, | |
"evictions" : { | |
"type" : "long" | |
}, | |
"hit_count" : { | |
"type" : "long" | |
}, | |
"miss_count" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"request_cache" : { | |
"properties" : { | |
"memory_size_in_bytes" : { | |
"type" : "long" | |
}, | |
"evictions" : { | |
"type" : "long" | |
}, | |
"hit_count" : { | |
"type" : "long" | |
}, | |
"miss_count" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"search" : { | |
"properties" : { | |
"query_total" : { | |
"type" : "long" | |
}, | |
"query_time_in_millis" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"segments" : { | |
"properties" : { | |
"count" : { | |
"type" : "integer" | |
}, | |
"memory_in_bytes" : { | |
"type" : "long" | |
}, | |
"terms_memory_in_bytes" : { | |
"type" : "long" | |
}, | |
"points_memory_in_bytes" : { | |
"type" : "long" | |
}, | |
"stored_fields_memory_in_bytes" : { | |
"type" : "long" | |
}, | |
"term_vectors_memory_in_bytes" : { | |
"type" : "long" | |
}, | |
"norms_memory_in_bytes" : { | |
"type" : "long" | |
}, | |
"doc_values_memory_in_bytes" : { | |
"type" : "long" | |
}, | |
"index_writer_memory_in_bytes" : { | |
"type" : "long" | |
}, | |
"version_map_memory_in_bytes" : { | |
"type" : "long" | |
}, | |
"fixed_bit_set_memory_in_bytes" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"refresh" : { | |
"properties" : { | |
"total_time_in_millis" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"cluster_stats" : { | |
"properties" : { | |
"nodes" : { | |
"type" : "object" | |
}, | |
"indices" : { | |
"type" : "object" | |
} | |
} | |
}, | |
"cluster_state" : { | |
"properties" : { | |
"version" : { | |
"type" : "long" | |
}, | |
"nodes_hash" : { | |
"type" : "integer" | |
}, | |
"master_node" : { | |
"type" : "keyword" | |
}, | |
"state_uuid" : { | |
"type" : "keyword" | |
}, | |
"status" : { | |
"type" : "keyword" | |
}, | |
"nodes" : { | |
"type" : "object" | |
}, | |
"shards" : { | |
"type" : "object" | |
} | |
} | |
}, | |
"node_stats" : { | |
"properties" : { | |
"node_id" : { | |
"type" : "keyword" | |
}, | |
"node_master" : { | |
"type" : "boolean" | |
}, | |
"mlockall" : { | |
"type" : "boolean" | |
}, | |
"indices" : { | |
"properties" : { | |
"docs" : { | |
"properties" : { | |
"count" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"fielddata" : { | |
"properties" : { | |
"memory_size_in_bytes" : { | |
"type" : "long" | |
}, | |
"evictions" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"indexing" : { | |
"properties" : { | |
"index_time_in_millis" : { | |
"type" : "long" | |
}, | |
"index_total" : { | |
"type" : "long" | |
}, | |
"throttle_time_in_millis" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"query_cache" : { | |
"properties" : { | |
"memory_size_in_bytes" : { | |
"type" : "long" | |
}, | |
"evictions" : { | |
"type" : "long" | |
}, | |
"hit_count" : { | |
"type" : "long" | |
}, | |
"miss_count" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"request_cache" : { | |
"properties" : { | |
"memory_size_in_bytes" : { | |
"type" : "long" | |
}, | |
"evictions" : { | |
"type" : "long" | |
}, | |
"hit_count" : { | |
"type" : "long" | |
}, | |
"miss_count" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"search" : { | |
"properties" : { | |
"query_time_in_millis" : { | |
"type" : "long" | |
}, | |
"query_total" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"segments" : { | |
"properties" : { | |
"count" : { | |
"type" : "integer" | |
}, | |
"memory_in_bytes" : { | |
"type" : "long" | |
}, | |
"terms_memory_in_bytes" : { | |
"type" : "long" | |
}, | |
"points_memory_in_bytes" : { | |
"type" : "long" | |
}, | |
"stored_fields_memory_in_bytes" : { | |
"type" : "long" | |
}, | |
"term_vectors_memory_in_bytes" : { | |
"type" : "long" | |
}, | |
"norms_memory_in_bytes" : { | |
"type" : "long" | |
}, | |
"doc_values_memory_in_bytes" : { | |
"type" : "long" | |
}, | |
"index_writer_memory_in_bytes" : { | |
"type" : "long" | |
}, | |
"version_map_memory_in_bytes" : { | |
"type" : "long" | |
}, | |
"fixed_bit_set_memory_in_bytes" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"store" : { | |
"properties" : { | |
"size_in_bytes" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"fs" : { | |
"properties" : { | |
"total" : { | |
"properties" : { | |
"total_in_bytes" : { | |
"type" : "long" | |
}, | |
"free_in_bytes" : { | |
"type" : "long" | |
}, | |
"available_in_bytes" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"data" : { | |
"properties" : { | |
"spins" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"io_stats" : { | |
"properties" : { | |
"total" : { | |
"properties" : { | |
"operations" : { | |
"type" : "long" | |
}, | |
"read_operations" : { | |
"type" : "long" | |
}, | |
"write_operations" : { | |
"type" : "long" | |
}, | |
"read_kilobytes" : { | |
"type" : "long" | |
}, | |
"write_kilobytes" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"os" : { | |
"properties" : { | |
"cgroup" : { | |
"properties" : { | |
"cpuacct" : { | |
"properties" : { | |
"control_group" : { | |
"type" : "keyword" | |
}, | |
"usage_nanos" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"cpu" : { | |
"properties" : { | |
"cfs_quota_micros" : { | |
"type" : "long" | |
}, | |
"control_group" : { | |
"type" : "keyword" | |
}, | |
"stat" : { | |
"properties" : { | |
"number_of_elapsed_periods" : { | |
"type" : "long" | |
}, | |
"number_of_times_throttled" : { | |
"type" : "long" | |
}, | |
"time_throttled_nanos" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"memory" : { | |
"properties" : { | |
"control_group" : { | |
"type" : "keyword" | |
}, | |
"limit_in_bytes" : { | |
"type" : "keyword" | |
}, | |
"usage_in_bytes" : { | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"cpu" : { | |
"properties" : { | |
"load_average" : { | |
"properties" : { | |
"1m" : { | |
"type" : "half_float" | |
}, | |
"5m" : { | |
"type" : "half_float" | |
}, | |
"15m" : { | |
"type" : "half_float" | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"process" : { | |
"properties" : { | |
"open_file_descriptors" : { | |
"type" : "long" | |
}, | |
"max_file_descriptors" : { | |
"type" : "long" | |
}, | |
"cpu" : { | |
"properties" : { | |
"percent" : { | |
"type" : "half_float" | |
} | |
} | |
} | |
} | |
}, | |
"jvm" : { | |
"properties" : { | |
"mem" : { | |
"properties" : { | |
"heap_used_in_bytes" : { | |
"type" : "long" | |
}, | |
"heap_used_percent" : { | |
"type" : "half_float" | |
}, | |
"heap_max_in_bytes" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"gc" : { | |
"properties" : { | |
"collectors" : { | |
"properties" : { | |
"young" : { | |
"properties" : { | |
"collection_count" : { | |
"type" : "long" | |
}, | |
"collection_time_in_millis" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"old" : { | |
"properties" : { | |
"collection_count" : { | |
"type" : "long" | |
}, | |
"collection_time_in_millis" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"thread_pool" : { | |
"properties" : { | |
"bulk" : { | |
"properties" : { | |
"threads" : { | |
"type" : "integer" | |
}, | |
"queue" : { | |
"type" : "integer" | |
}, | |
"rejected" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"generic" : { | |
"properties" : { | |
"threads" : { | |
"type" : "integer" | |
}, | |
"queue" : { | |
"type" : "integer" | |
}, | |
"rejected" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"get" : { | |
"properties" : { | |
"threads" : { | |
"type" : "integer" | |
}, | |
"queue" : { | |
"type" : "integer" | |
}, | |
"rejected" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"index" : { | |
"properties" : { | |
"threads" : { | |
"type" : "integer" | |
}, | |
"queue" : { | |
"type" : "integer" | |
}, | |
"rejected" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"management" : { | |
"properties" : { | |
"threads" : { | |
"type" : "integer" | |
}, | |
"queue" : { | |
"type" : "integer" | |
}, | |
"rejected" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"search" : { | |
"properties" : { | |
"threads" : { | |
"type" : "integer" | |
}, | |
"queue" : { | |
"type" : "integer" | |
}, | |
"rejected" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"watcher" : { | |
"properties" : { | |
"threads" : { | |
"type" : "integer" | |
}, | |
"queue" : { | |
"type" : "integer" | |
}, | |
"rejected" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"write" : { | |
"properties" : { | |
"queue" : { | |
"type" : "integer" | |
}, | |
"rejected" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"index_recovery" : { | |
"type" : "object" | |
}, | |
"shard" : { | |
"properties" : { | |
"state" : { | |
"type" : "keyword" | |
}, | |
"primary" : { | |
"type" : "boolean" | |
}, | |
"index" : { | |
"type" : "keyword" | |
}, | |
"relocating_node" : { | |
"type" : "keyword" | |
}, | |
"shard" : { | |
"type" : "long" | |
}, | |
"node" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
"job_stats" : { | |
"properties" : { | |
"job_id" : { | |
"type" : "keyword" | |
}, | |
"state" : { | |
"type" : "keyword" | |
}, | |
"data_counts" : { | |
"properties" : { | |
"input_bytes" : { | |
"type" : "long" | |
}, | |
"processed_record_count" : { | |
"type" : "long" | |
}, | |
"empty_bucket_count" : { | |
"type" : "long" | |
}, | |
"sparse_bucket_count" : { | |
"type" : "long" | |
}, | |
"bucket_count" : { | |
"type" : "long" | |
}, | |
"earliest_record_timestamp" : { | |
"type" : "date" | |
}, | |
"latest_record_timestamp" : { | |
"type" : "date" | |
} | |
} | |
}, | |
"model_size_stats" : { | |
"properties" : { | |
"model_bytes" : { | |
"type" : "long" | |
}, | |
"bucket_allocation_failures_count" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"node" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"ccr_stats" : { | |
"properties" : { | |
"remote_cluster" : { | |
"type" : "keyword" | |
}, | |
"leader_index" : { | |
"type" : "keyword" | |
}, | |
"follower_index" : { | |
"type" : "keyword" | |
}, | |
"shard_id" : { | |
"type" : "integer" | |
}, | |
"leader_global_checkpoint" : { | |
"type" : "long" | |
}, | |
"leader_max_seq_no" : { | |
"type" : "long" | |
}, | |
"follower_global_checkpoint" : { | |
"type" : "long" | |
}, | |
"follower_max_seq_no" : { | |
"type" : "long" | |
}, | |
"last_requested_seq_no" : { | |
"type" : "long" | |
}, | |
"outstanding_read_requests" : { | |
"type" : "long" | |
}, | |
"outstanding_write_requests" : { | |
"type" : "long" | |
}, | |
"write_buffer_operation_count" : { | |
"type" : "long" | |
}, | |
"write_buffer_size_in_bytes" : { | |
"type" : "long" | |
}, | |
"follower_mapping_version" : { | |
"type" : "long" | |
}, | |
"follower_settings_version" : { | |
"type" : "long" | |
}, | |
"follower_aliases_version" : { | |
"type" : "long" | |
}, | |
"total_read_time_millis" : { | |
"type" : "long" | |
}, | |
"total_read_remote_exec_time_millis" : { | |
"type" : "long" | |
}, | |
"successful_read_requests" : { | |
"type" : "long" | |
}, | |
"failed_read_requests" : { | |
"type" : "long" | |
}, | |
"operations_read" : { | |
"type" : "long" | |
}, | |
"bytes_read" : { | |
"type" : "long" | |
}, | |
"total_write_time_millis" : { | |
"type" : "long" | |
}, | |
"successful_write_requests" : { | |
"type" : "long" | |
}, | |
"failed_write_requests" : { | |
"type" : "long" | |
}, | |
"operations_written" : { | |
"type" : "long" | |
}, | |
"read_exceptions" : { | |
"type" : "nested", | |
"properties" : { | |
"from_seq_no" : { | |
"type" : "long" | |
}, | |
"retries" : { | |
"type" : "integer" | |
}, | |
"exception" : { | |
"type" : "object", | |
"properties" : { | |
"type" : { | |
"type" : "keyword" | |
}, | |
"reason" : { | |
"type" : "text" | |
} | |
} | |
} | |
} | |
}, | |
"time_since_last_read_millis" : { | |
"type" : "long" | |
}, | |
"fatal_exception" : { | |
"type" : "object", | |
"properties" : { | |
"type" : { | |
"type" : "keyword" | |
}, | |
"reason" : { | |
"type" : "text" | |
} | |
} | |
} | |
} | |
}, | |
"ccr_auto_follow_stats" : { | |
"properties" : { | |
"number_of_failed_follow_indices" : { | |
"type" : "long" | |
}, | |
"number_of_failed_remote_cluster_state_requests" : { | |
"type" : "long" | |
}, | |
"number_of_successful_follow_indices" : { | |
"type" : "long" | |
}, | |
"recent_auto_follow_errors" : { | |
"type" : "nested", | |
"properties" : { | |
"leader_index" : { | |
"type" : "keyword" | |
}, | |
"timestamp" : { | |
"type" : "long" | |
}, | |
"auto_follow_exception" : { | |
"type" : "object", | |
"properties" : { | |
"type" : { | |
"type" : "keyword" | |
}, | |
"reason" : { | |
"type" : "text" | |
} | |
} | |
} | |
} | |
}, | |
"auto_followed_clusters" : { | |
"type" : "nested", | |
"properties" : { | |
"cluster_name" : { | |
"type" : "keyword" | |
}, | |
"time_since_last_check_millis" : { | |
"type" : "long" | |
}, | |
"last_seen_metadata_version" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"enrich_coordinator_stats" : { | |
"properties" : { | |
"node_id" : { | |
"type" : "keyword" | |
}, | |
"queue_size" : { | |
"type" : "integer" | |
}, | |
"remote_requests_current" : { | |
"type" : "long" | |
}, | |
"remote_requests_total" : { | |
"type" : "long" | |
}, | |
"executed_searches_total" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"enrich_executing_policy_stats" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword" | |
}, | |
"task" : { | |
"type" : "object", | |
"properties" : { | |
"node" : { | |
"type" : "keyword" | |
}, | |
"id" : { | |
"type" : "long" | |
}, | |
"type" : { | |
"type" : "keyword" | |
}, | |
"action" : { | |
"type" : "keyword" | |
}, | |
"description" : { | |
"type" : "keyword" | |
}, | |
"start_time_in_millis" : { | |
"type" : "date", | |
"format" : "epoch_millis" | |
}, | |
"running_time_in_nanos" : { | |
"type" : "long" | |
}, | |
"cancellable" : { | |
"type" : "boolean" | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"aliases" : { } | |
}, | |
".logstash-management" : { | |
"order" : 0, | |
"index_patterns" : [ | |
".logstash" | |
], | |
"settings" : { | |
"index" : { | |
"number_of_shards" : "1", | |
"auto_expand_replicas" : "0-1", | |
"codec" : "best_compression" | |
} | |
}, | |
"mappings" : { | |
"_meta" : { | |
"logstash-version" : "7.5.0" | |
}, | |
"dynamic" : "strict", | |
"properties" : { | |
"description" : { | |
"type" : "text" | |
}, | |
"last_modified" : { | |
"type" : "date" | |
}, | |
"pipeline_metadata" : { | |
"properties" : { | |
"version" : { | |
"type" : "short" | |
}, | |
"type" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
"pipeline" : { | |
"type" : "text" | |
}, | |
"pipeline_settings" : { | |
"dynamic" : false, | |
"type" : "object" | |
}, | |
"username" : { | |
"type" : "keyword" | |
}, | |
"metadata" : { | |
"type" : "object", | |
"dynamic" : false | |
} | |
} | |
}, | |
"aliases" : { } | |
}, | |
".transform-notifications-000001" : { | |
"order" : 0, | |
"version" : 7050099, | |
"index_patterns" : [ | |
".transform-notifications-*" | |
], | |
"settings" : { | |
"index" : { | |
"number_of_shards" : "1", | |
"auto_expand_replicas" : "0-1" | |
} | |
}, | |
"mappings" : { | |
"_meta" : { | |
"version" : "7.5.0" | |
}, | |
"dynamic" : "false", | |
"properties" : { | |
"transform_id" : { | |
"type" : "keyword" | |
}, | |
"level" : { | |
"type" : "keyword" | |
}, | |
"message" : { | |
"type" : "text", | |
"fields" : { | |
"raw" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
"timestamp" : { | |
"type" : "date" | |
}, | |
"node_name" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
"aliases" : { | |
".transform-notifications-read" : { } | |
} | |
}, | |
".ml-notifications-000001" : { | |
"order" : 0, | |
"version" : 7050099, | |
"index_patterns" : [ | |
".ml-notifications-000001" | |
], | |
"settings" : { | |
"index" : { | |
"number_of_shards" : "1", | |
"auto_expand_replicas" : "0-1", | |
"unassigned" : { | |
"node_left" : { | |
"delayed_timeout" : "1m" | |
} | |
} | |
} | |
}, | |
"mappings" : { | |
"_meta" : { | |
"version" : "7.5.0" | |
}, | |
"dynamic" : "false", | |
"properties" : { | |
"job_id" : { | |
"type" : "keyword" | |
}, | |
"level" : { | |
"type" : "keyword" | |
}, | |
"message" : { | |
"type" : "text", | |
"fields" : { | |
"raw" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
"timestamp" : { | |
"type" : "date" | |
}, | |
"node_name" : { | |
"type" : "keyword" | |
}, | |
"job_type" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
"aliases" : { } | |
}, | |
".monitoring-logstash" : { | |
"order" : 0, | |
"version" : 7000199, | |
"index_patterns" : [ | |
".monitoring-logstash-7-*" | |
], | |
"settings" : { | |
"index" : { | |
"format" : "7", | |
"codec" : "best_compression", | |
"number_of_shards" : "1", | |
"auto_expand_replicas" : "0-1", | |
"number_of_replicas" : "0" | |
} | |
}, | |
"mappings" : { | |
"dynamic" : false, | |
"properties" : { | |
"cluster_uuid" : { | |
"type" : "keyword" | |
}, | |
"timestamp" : { | |
"type" : "date", | |
"format" : "date_time" | |
}, | |
"interval_ms" : { | |
"type" : "long" | |
}, | |
"type" : { | |
"type" : "keyword" | |
}, | |
"source_node" : { | |
"properties" : { | |
"uuid" : { | |
"type" : "keyword" | |
}, | |
"host" : { | |
"type" : "keyword" | |
}, | |
"transport_address" : { | |
"type" : "keyword" | |
}, | |
"ip" : { | |
"type" : "keyword" | |
}, | |
"name" : { | |
"type" : "keyword" | |
}, | |
"timestamp" : { | |
"type" : "date", | |
"format" : "date_time" | |
} | |
} | |
}, | |
"logstash_stats" : { | |
"type" : "object", | |
"properties" : { | |
"logstash" : { | |
"properties" : { | |
"uuid" : { | |
"type" : "keyword" | |
}, | |
"name" : { | |
"type" : "keyword" | |
}, | |
"ephemeral_id" : { | |
"type" : "keyword" | |
}, | |
"host" : { | |
"type" : "keyword" | |
}, | |
"http_address" : { | |
"type" : "keyword" | |
}, | |
"version" : { | |
"type" : "keyword" | |
}, | |
"snapshot" : { | |
"type" : "boolean" | |
}, | |
"status" : { | |
"type" : "keyword" | |
}, | |
"pipeline" : { | |
"properties" : { | |
"workers" : { | |
"type" : "short" | |
}, | |
"batch_size" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"events" : { | |
"properties" : { | |
"filtered" : { | |
"type" : "long" | |
}, | |
"in" : { | |
"type" : "long" | |
}, | |
"out" : { | |
"type" : "long" | |
}, | |
"duration_in_millis" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"timestamp" : { | |
"type" : "date" | |
}, | |
"jvm" : { | |
"properties" : { | |
"uptime_in_millis" : { | |
"type" : "long" | |
}, | |
"gc" : { | |
"properties" : { | |
"collectors" : { | |
"properties" : { | |
"old" : { | |
"properties" : { | |
"collection_count" : { | |
"type" : "long" | |
}, | |
"collection_time_in_millis" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"young" : { | |
"properties" : { | |
"collection_count" : { | |
"type" : "long" | |
}, | |
"collection_time_in_millis" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"mem" : { | |
"properties" : { | |
"heap_max_in_bytes" : { | |
"type" : "long" | |
}, | |
"heap_used_in_bytes" : { | |
"type" : "long" | |
}, | |
"heap_used_percent" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"os" : { | |
"properties" : { | |
"cpu" : { | |
"properties" : { | |
"load_average" : { | |
"properties" : { | |
"1m" : { | |
"type" : "half_float" | |
}, | |
"5m" : { | |
"type" : "half_float" | |
}, | |
"15m" : { | |
"type" : "half_float" | |
} | |
} | |
} | |
} | |
}, | |
"cgroup" : { | |
"properties" : { | |
"cpuacct" : { | |
"properties" : { | |
"control_group" : { | |
"type" : "keyword" | |
}, | |
"usage_nanos" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"cpu" : { | |
"properties" : { | |
"control_group" : { | |
"type" : "keyword" | |
}, | |
"stat" : { | |
"properties" : { | |
"number_of_elapsed_periods" : { | |
"type" : "long" | |
}, | |
"number_of_times_throttled" : { | |
"type" : "long" | |
}, | |
"time_throttled_nanos" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"process" : { | |
"properties" : { | |
"cpu" : { | |
"properties" : { | |
"percent" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"max_file_descriptors" : { | |
"type" : "long" | |
}, | |
"open_file_descriptors" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"reloads" : { | |
"properties" : { | |
"failures" : { | |
"type" : "long" | |
}, | |
"successes" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"queue" : { | |
"properties" : { | |
"events_count" : { | |
"type" : "long" | |
}, | |
"type" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
"pipelines" : { | |
"type" : "nested", | |
"properties" : { | |
"id" : { | |
"type" : "keyword" | |
}, | |
"hash" : { | |
"type" : "keyword" | |
}, | |
"ephemeral_id" : { | |
"type" : "keyword" | |
}, | |
"events" : { | |
"properties" : { | |
"in" : { | |
"type" : "long" | |
}, | |
"filtered" : { | |
"type" : "long" | |
}, | |
"out" : { | |
"type" : "long" | |
}, | |
"duration_in_millis" : { | |
"type" : "long" | |
}, | |
"queue_push_duration_in_millis" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"queue" : { | |
"properties" : { | |
"events_count" : { | |
"type" : "long" | |
}, | |
"type" : { | |
"type" : "keyword" | |
}, | |
"max_queue_size_in_bytes" : { | |
"type" : "long" | |
}, | |
"queue_size_in_bytes" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"vertices" : { | |
"type" : "nested", | |
"properties" : { | |
"id" : { | |
"type" : "keyword" | |
}, | |
"pipeline_ephemeral_id" : { | |
"type" : "keyword" | |
}, | |
"events_in" : { | |
"type" : "long" | |
}, | |
"events_out" : { | |
"type" : "long" | |
}, | |
"duration_in_millis" : { | |
"type" : "long" | |
}, | |
"queue_push_duration_in_millis" : { | |
"type" : "long" | |
}, | |
"long_counters" : { | |
"type" : "nested", | |
"properties" : { | |
"name" : { | |
"type" : "keyword" | |
}, | |
"value" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"double_gauges" : { | |
"type" : "nested", | |
"properties" : { | |
"name" : { | |
"type" : "keyword" | |
}, | |
"value" : { | |
"type" : "double" | |
} | |
} | |
} | |
} | |
}, | |
"reloads" : { | |
"properties" : { | |
"failures" : { | |
"type" : "long" | |
}, | |
"successes" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"workers" : { | |
"type" : "short" | |
}, | |
"batch_size" : { | |
"type" : "integer" | |
} | |
} | |
}, | |
"logstash_state" : { | |
"properties" : { | |
"uuid" : { | |
"type" : "keyword" | |
}, | |
"name" : { | |
"type" : "keyword" | |
}, | |
"host" : { | |
"type" : "keyword" | |
}, | |
"http_address" : { | |
"type" : "keyword" | |
}, | |
"ephemeral_id" : { | |
"type" : "keyword" | |
}, | |
"version" : { | |
"type" : "keyword" | |
}, | |
"snapshot" : { | |
"type" : "boolean" | |
}, | |
"status" : { | |
"type" : "keyword" | |
}, | |
"pipeline" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword" | |
}, | |
"hash" : { | |
"type" : "keyword" | |
}, | |
"ephemeral_id" : { | |
"type" : "keyword" | |
}, | |
"workers" : { | |
"type" : "short" | |
}, | |
"batch_size" : { | |
"type" : "integer" | |
}, | |
"format" : { | |
"type" : "keyword" | |
}, | |
"version" : { | |
"type" : "keyword" | |
}, | |
"representation" : { | |
"enabled" : false | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"aliases" : { } | |
}, | |
"logstash" : { | |
"order" : 0, | |
"version" : 60001, | |
"index_patterns" : [ | |
"logstash-*" | |
], | |
"settings" : { | |
"index" : { | |
"lifecycle" : { | |
"name" : "logstash-policy", | |
"rollover_alias" : "logstash" | |
}, | |
"number_of_shards" : "1", | |
"refresh_interval" : "5s" | |
} | |
}, | |
"mappings" : { | |
"dynamic_templates" : [ | |
{ | |
"message_field" : { | |
"path_match" : "message", | |
"mapping" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"match_mapping_type" : "string" | |
} | |
}, | |
{ | |
"string_fields" : { | |
"mapping" : { | |
"norms" : false, | |
"type" : "text", | |
"fields" : { | |
"keyword" : { | |
"ignore_above" : 256, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"match_mapping_type" : "string", | |
"match" : "*" | |
} | |
} | |
], | |
"properties" : { | |
"@timestamp" : { | |
"type" : "date" | |
}, | |
"geoip" : { | |
"dynamic" : true, | |
"properties" : { | |
"ip" : { | |
"type" : "ip" | |
}, | |
"latitude" : { | |
"type" : "half_float" | |
}, | |
"location" : { | |
"type" : "geo_point" | |
}, | |
"longitude" : { | |
"type" : "half_float" | |
} | |
} | |
}, | |
"@version" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
"aliases" : { } | |
}, | |
"filebeat-7.5.0" : { | |
"order" : 1, | |
"index_patterns" : [ | |
"filebeat-7.5.0-*" | |
], | |
"settings" : { | |
"index" : { | |
"lifecycle" : { | |
"name" : "filebeat-7.5.0", | |
"rollover_alias" : "filebeat-7.5.0" | |
}, | |
"mapping" : { | |
"total_fields" : { | |
"limit" : "10000" | |
} | |
}, | |
"refresh_interval" : "5s", | |
"number_of_routing_shards" : "30", | |
"number_of_shards" : "1", | |
"query" : { | |
"default_field" : [ | |
"message", | |
"tags", | |
"agent.ephemeral_id", | |
"agent.id", | |
"agent.name", | |
"agent.type", | |
"agent.version", | |
"as.organization.name", | |
"client.address", | |
"client.as.organization.name", | |
"client.domain", | |
"client.geo.city_name", | |
"client.geo.continent_name", | |
"client.geo.country_iso_code", | |
"client.geo.country_name", | |
"client.geo.name", | |
"client.geo.region_iso_code", | |
"client.geo.region_name", | |
"client.mac", | |
"client.user.domain", | |
"client.user.email", | |
"client.user.full_name", | |
"client.user.group.id", | |
"client.user.group.name", | |
"client.user.hash", | |
"client.user.id", | |
"client.user.name", | |
"cloud.account.id", | |
"cloud.availability_zone", | |
"cloud.instance.id", | |
"cloud.instance.name", | |
"cloud.machine.type", | |
"cloud.provider", | |
"cloud.region", | |
"container.id", | |
"container.image.name", | |
"container.image.tag", | |
"container.name", | |
"container.runtime", | |
"destination.address", | |
"destination.as.organization.name", | |
"destination.domain", | |
"destination.geo.city_name", | |
"destination.geo.continent_name", | |
"destination.geo.country_iso_code", | |
"destination.geo.country_name", | |
"destination.geo.name", | |
"destination.geo.region_iso_code", | |
"destination.geo.region_name", | |
"destination.mac", | |
"destination.user.domain", | |
"destination.user.email", | |
"destination.user.full_name", | |
"destination.user.group.id", | |
"destination.user.group.name", | |
"destination.user.hash", | |
"destination.user.id", | |
"destination.user.name", | |
"dns.answers.class", | |
"dns.answers.data", | |
"dns.answers.name", | |
"dns.answers.type", | |
"dns.header_flags", | |
"dns.id", | |
"dns.op_code", | |
"dns.question.class", | |
"dns.question.name", | |
"dns.question.registered_domain", | |
"dns.question.type", | |
"dns.response_code", | |
"dns.type", | |
"ecs.version", | |
"error.code", | |
"error.id", | |
"error.message", | |
"event.action", | |
"event.category", | |
"event.code", | |
"event.dataset", | |
"event.hash", | |
"event.id", | |
"event.kind", | |
"event.module", | |
"event.original", | |
"event.outcome", | |
"event.provider", | |
"event.timezone", | |
"event.type", | |
"file.device", | |
"file.directory", | |
"file.extension", | |
"file.gid", | |
"file.group", | |
"file.hash.md5", | |
"file.hash.sha1", | |
"file.hash.sha256", | |
"file.hash.sha512", | |
"file.inode", | |
"file.mode", | |
"file.name", | |
"file.owner", | |
"file.path", | |
"file.target_path", | |
"file.type", | |
"file.uid", | |
"geo.city_name", | |
"geo.continent_name", | |
"geo.country_iso_code", | |
"geo.country_name", | |
"geo.name", | |
"geo.region_iso_code", | |
"geo.region_name", | |
"group.id", | |
"group.name", | |
"hash.md5", | |
"hash.sha1", | |
"hash.sha256", | |
"hash.sha512", | |
"host.architecture", | |
"host.geo.city_name", | |
"host.geo.continent_name", | |
"host.geo.country_iso_code", | |
"host.geo.country_name", | |
"host.geo.name", | |
"host.geo.region_iso_code", | |
"host.geo.region_name", | |
"host.hostname", | |
"host.id", | |
"host.mac", | |
"host.name", | |
"host.os.family", | |
"host.os.full", | |
"host.os.kernel", | |
"host.os.name", | |
"host.os.platform", | |
"host.os.version", | |
"host.type", | |
"host.user.domain", | |
"host.user.email", | |
"host.user.full_name", | |
"host.user.group.id", | |
"host.user.group.name", | |
"host.user.hash", | |
"host.user.id", | |
"host.user.name", | |
"http.request.body.content", | |
"http.request.method", | |
"http.request.referrer", | |
"http.response.body.content", | |
"http.version", | |
"log.level", | |
"log.logger", | |
"log.original", | |
"network.application", | |
"network.community_id", | |
"network.direction", | |
"network.iana_number", | |
"network.name", | |
"network.protocol", | |
"network.transport", | |
"network.type", | |
"observer.geo.city_name", | |
"observer.geo.continent_name", | |
"observer.geo.country_iso_code", | |
"observer.geo.country_name", | |
"observer.geo.name", | |
"observer.geo.region_iso_code", | |
"observer.geo.region_name", | |
"observer.hostname", | |
"observer.mac", | |
"observer.os.family", | |
"observer.os.full", | |
"observer.os.kernel", | |
"observer.os.name", | |
"observer.os.platform", | |
"observer.os.version", | |
"observer.serial_number", | |
"observer.type", | |
"observer.vendor", | |
"observer.version", | |
"organization.id", | |
"organization.name", | |
"os.family", | |
"os.full", | |
"os.kernel", | |
"os.name", | |
"os.platform", | |
"os.version", | |
"process.args", | |
"process.executable", | |
"process.hash.md5", | |
"process.hash.sha1", | |
"process.hash.sha256", | |
"process.hash.sha512", | |
"process.name", | |
"process.thread.name", | |
"process.title", | |
"process.working_directory", | |
"server.address", | |
"server.as.organization.name", | |
"server.domain", | |
"server.geo.city_name", | |
"server.geo.continent_name", | |
"server.geo.country_iso_code", | |
"server.geo.country_name", | |
"server.geo.name", | |
"server.geo.region_iso_code", | |
"server.geo.region_name", | |
"server.mac", | |
"server.user.domain", | |
"server.user.email", | |
"server.user.full_name", | |
"server.user.group.id", | |
"server.user.group.name", | |
"server.user.hash", | |
"server.user.id", | |
"server.user.name", | |
"service.ephemeral_id", | |
"service.id", | |
"service.name", | |
"service.state", | |
"service.type", | |
"service.version", | |
"source.address", | |
"source.as.organization.name", | |
"source.domain", | |
"source.geo.city_name", | |
"source.geo.continent_name", | |
"source.geo.country_iso_code", | |
"source.geo.country_name", | |
"source.geo.name", | |
"source.geo.region_iso_code", | |
"source.geo.region_name", | |
"source.mac", | |
"source.user.domain", | |
"source.user.email", | |
"source.user.full_name", | |
"source.user.group.id", | |
"source.user.group.name", | |
"source.user.hash", | |
"source.user.id", | |
"source.user.name", | |
"tracing.trace.id", | |
"tracing.transaction.id", | |
"url.domain", | |
"url.fragment", | |
"url.full", | |
"url.original", | |
"url.password", | |
"url.path", | |
"url.query", | |
"url.scheme", | |
"url.username", | |
"user.domain", | |
"user.email", | |
"user.full_name", | |
"user.group.id", | |
"user.group.name", | |
"user.hash", | |
"user.id", | |
"user.name", | |
"user_agent.device.name", | |
"user_agent.name", | |
"user_agent.original", | |
"user_agent.os.family", | |
"user_agent.os.full", | |
"user_agent.os.kernel", | |
"user_agent.os.name", | |
"user_agent.os.platform", | |
"user_agent.os.version", | |
"user_agent.version", | |
"agent.hostname", | |
"error.type", | |
"timeseries.instance", | |
"cloud.project.id", | |
"cloud.image.id", | |
"host.os.build", | |
"host.os.codename", | |
"kubernetes.pod.name", | |
"kubernetes.pod.uid", | |
"kubernetes.namespace", | |
"kubernetes.node.name", | |
"kubernetes.replicaset.name", | |
"kubernetes.deployment.name", | |
"kubernetes.statefulset.name", | |
"kubernetes.container.name", | |
"kubernetes.container.image", | |
"jolokia.agent.version", | |
"jolokia.agent.id", | |
"jolokia.server.product", | |
"jolokia.server.version", | |
"jolokia.server.vendor", | |
"jolokia.url", | |
"log.file.path", | |
"log.source.address", | |
"stream", | |
"input.type", | |
"syslog.severity_label", | |
"syslog.facility_label", | |
"process.program", | |
"log.flags", | |
"user_agent.os.full_name", | |
"fileset.name", | |
"icmp.code", | |
"icmp.type", | |
"igmp.type", | |
"kafka.topic", | |
"kafka.key", | |
"apache.access.ssl.protocol", | |
"apache.access.ssl.cipher", | |
"apache.error.module", | |
"user.terminal", | |
"user.audit.id", | |
"user.audit.name", | |
"user.audit.group.id", | |
"user.audit.group.name", | |
"user.effective.id", | |
"user.effective.name", | |
"user.effective.group.id", | |
"user.effective.group.name", | |
"user.filesystem.id", | |
"user.filesystem.name", | |
"user.filesystem.group.id", | |
"user.filesystem.group.name", | |
"user.owner.id", | |
"user.owner.name", | |
"user.owner.group.id", | |
"user.owner.group.name", | |
"user.saved.id", | |
"user.saved.name", | |
"user.saved.group.id", | |
"user.saved.group.name", | |
"auditd.log.old_auid", | |
"auditd.log.new_auid", | |
"auditd.log.old_ses", | |
"auditd.log.new_ses", | |
"auditd.log.items", | |
"auditd.log.item", | |
"auditd.log.tty", | |
"auditd.log.a0", | |
"aws.elb.name", | |
"aws.elb.type", | |
"aws.elb.target_group.arn", | |
"aws.elb.listener", | |
"aws.elb.protocol", | |
"aws.elb.backend.ip", | |
"aws.elb.backend.port", | |
"aws.elb.backend.http.response.status_code", | |
"aws.elb.ssl_cipher", | |
"aws.elb.ssl_protocol", | |
"aws.elb.chosen_cert.arn", | |
"aws.elb.chosen_cert.serial", | |
"aws.elb.incoming_tls_alert", | |
"aws.elb.tls_named_group", | |
"aws.elb.trace_id", | |
"aws.elb.matched_rule_priority", | |
"aws.elb.action_executed", | |
"aws.elb.redirect_url", | |
"aws.elb.error.reason", | |
"aws.s3access.bucket_owner", | |
"aws.s3access.bucket", | |
"aws.s3access.requester", | |
"aws.s3access.request_id", | |
"aws.s3access.operation", | |
"aws.s3access.key", | |
"aws.s3access.request_uri", | |
"aws.s3access.error_code", | |
"aws.s3access.referrer", | |
"aws.s3access.user_agent", | |
"aws.s3access.version_id", | |
"aws.s3access.host_id", | |
"aws.s3access.signature_version", | |
"aws.s3access.cipher_suite", | |
"aws.s3access.authentication_type", | |
"aws.s3access.host_header", | |
"aws.s3access.tls_version", | |
"azure.subscription_id", | |
"azure.correlation_id", | |
"azure.tenant_id", | |
"azure.resource.id", | |
"azure.resource.group", | |
"azure.resource.provider", | |
"azure.resource.namespace", | |
"azure.resource.name", | |
"azure.activitylogs.identity.claims_initiated_by_user.name", | |
"azure.activitylogs.identity.claims_initiated_by_user.givenname", | |
"azure.activitylogs.identity.claims_initiated_by_user.surname", | |
"azure.activitylogs.identity.claims_initiated_by_user.fullname", | |
"azure.activitylogs.identity.claims_initiated_by_user.schema", | |
"azure.activitylogs.identity.authorization.evidence.role_assignment_scope", | |
"azure.activitylogs.identity.authorization.evidence.role_definition_id", | |
"azure.activitylogs.identity.authorization.evidence.role", | |
"azure.activitylogs.identity.authorization.evidence.role_assignment_id", | |
"azure.activitylogs.identity.authorization.evidence.principal_id", | |
"azure.activitylogs.identity.authorization.evidence.principal_type", | |
"azure.activitylogs.identity.scope", | |
"azure.activitylogs.identity.action", | |
"azure.activitylogs.operation_name", | |
"azure.activitylogs.result_signature", | |
"azure.activitylogs.properties.service_request_id", | |
"azure.activitylogs.properties.status_code", | |
"azure.auditlogs.operation_name", | |
"azure.auditlogs.operation_version", | |
"azure.auditlogs.tenant_id", | |
"azure.auditlogs.result_signature", | |
"azure.auditlogs.properties.result", | |
"azure.auditlogs.properties.activity_display_name", | |
"azure.auditlogs.properties.result_reason", | |
"azure.auditlogs.properties.correlation_id", | |
"azure.auditlogs.properties.logged_by_service", | |
"azure.auditlogs.properties.operation_type", | |
"azure.auditlogs.properties.id", | |
"azure.auditlogs.properties.activityDateTime", | |
"azure.auditlogs.properties.category", | |
"azure.auditlogs.properties.target_resources.display_name", | |
"azure.auditlogs.properties.target_resources.id", | |
"azure.auditlogs.properties.target_resources.type", | |
"azure.auditlogs.properties.target_resources.ip_address", | |
"azure.auditlogs.properties.target_resources.user_principal_name", | |
"azure.auditlogs.properties.target_resources.modified_properties.newValue", | |
"azure.auditlogs.properties.target_resources.modified_properties.displayName", | |
"azure.auditlogs.properties.target_resources.modified_properties.oldValue", | |
"azure.auditlogs.properties.initiated_by.app.servicePrincipalName", | |
"azure.auditlogs.properties.initiated_by.app.displayName", | |
"azure.auditlogs.properties.initiated_by.app.appId", | |
"azure.auditlogs.properties.initiated_by.app.servicePrincipalId", | |
"azure.auditlogs.properties.initiated_by.user.userPrincipalName", | |
"azure.auditlogs.properties.initiated_by.user.displayName", | |
"azure.auditlogs.properties.initiated_by.user.id", | |
"azure.auditlogs.properties.initiated_by.user.ipAddress", | |
"azure.signinlogs.operation_name", | |
"azure.signinlogs.operation_version", | |
"azure.signinlogs.tenant_id", | |
"azure.signinlogs.result_signature", | |
"azure.signinlogs.identity", | |
"azure.signinlogs.properties.id", | |
"azure.signinlogs.properties.created_at", | |
"azure.signinlogs.properties.user_display_name", | |
"azure.signinlogs.properties.correlation_id", | |
"azure.signinlogs.properties.user_principal_name", | |
"azure.signinlogs.properties.user_id", | |
"azure.signinlogs.properties.app_id", | |
"azure.signinlogs.properties.app_display_name", | |
"azure.signinlogs.properties.ip_address", | |
"azure.signinlogs.properties.client_app_used", | |
"azure.signinlogs.properties.conditional_access_status", | |
"azure.signinlogs.properties.original_request_id", | |
"azure.signinlogs.properties.is_interactive", | |
"azure.signinlogs.properties.token_issuer_name", | |
"azure.signinlogs.properties.token_issuer_type", | |
"azure.signinlogs.properties.risk_detail", | |
"azure.signinlogs.properties.risk_level_aggregated", | |
"azure.signinlogs.properties.risk_level_during_signin", | |
"azure.signinlogs.properties.risk_state", | |
"azure.signinlogs.properties.resource_display_name", | |
"azure.signinlogs.properties.status.error_code", | |
"azure.signinlogs.properties.status.additional_details", | |
"azure.signinlogs.properties.device_detail.device_id", | |
"azure.signinlogs.properties.device_detail.operating_system", | |
"azure.signinlogs.properties.device_detail.browser", | |
"azure.signinlogs.properties.device_detail.display_name", | |
"azure.signinlogs.properties.device_detail.trust_type", | |
"azure.signinlogs.properties.service_principal_id", | |
"cisco.asa.message_id", | |
"cisco.asa.suffix", | |
"cisco.asa.source_interface", | |
"cisco.asa.destination_interface", | |
"cisco.asa.rule_name", | |
"cisco.asa.source_username", | |
"cisco.asa.destination_username", | |
"cisco.asa.threat_level", | |
"cisco.asa.threat_category", | |
"cisco.asa.connection_id", | |
"cisco.ftd.message_id", | |
"cisco.ftd.suffix", | |
"cisco.ftd.source_interface", | |
"cisco.ftd.destination_interface", | |
"cisco.ftd.rule_name", | |
"cisco.ftd.source_username", | |
"cisco.ftd.destination_username", | |
"cisco.ftd.threat_level", | |
"cisco.ftd.threat_category", | |
"cisco.ftd.connection_id", | |
"cisco.ios.access_list", | |
"cisco.ios.facility", | |
"coredns.id", | |
"coredns.query.class", | |
"coredns.query.name", | |
"coredns.query.type", | |
"coredns.response.code", | |
"coredns.response.flags", | |
"cef.version", | |
"cef.device.vendor", | |
"cef.device.product", | |
"cef.device.version", | |
"cef.device.event_class_id", | |
"cef.severity", | |
"cef.name", | |
"observer.product", | |
"source.service.name", | |
"destination.service.name", | |
"elasticsearch.component", | |
"elasticsearch.cluster.uuid", | |
"elasticsearch.cluster.name", | |
"elasticsearch.node.id", | |
"elasticsearch.node.name", | |
"elasticsearch.index.name", | |
"elasticsearch.index.id", | |
"elasticsearch.shard.id", | |
"elasticsearch.audit.layer", | |
"elasticsearch.audit.event_type", | |
"elasticsearch.audit.origin.type", | |
"elasticsearch.audit.realm", | |
"elasticsearch.audit.user.realm", | |
"elasticsearch.audit.user.roles", | |
"elasticsearch.audit.action", | |
"elasticsearch.audit.url.params", | |
"elasticsearch.audit.indices", | |
"elasticsearch.audit.request.id", | |
"elasticsearch.audit.request.name", | |
"elasticsearch.audit.message", | |
"elasticsearch.gc.phase.name", | |
"elasticsearch.gc.tags", | |
"elasticsearch.slowlog.logger", | |
"elasticsearch.slowlog.took", | |
"elasticsearch.slowlog.types", | |
"elasticsearch.slowlog.stats", | |
"elasticsearch.slowlog.search_type", | |
"elasticsearch.slowlog.source_query", | |
"elasticsearch.slowlog.extra_source", | |
"elasticsearch.slowlog.total_hits", | |
"elasticsearch.slowlog.total_shards", | |
"elasticsearch.slowlog.routing", | |
"elasticsearch.slowlog.id", | |
"elasticsearch.slowlog.type", | |
"elasticsearch.slowlog.source", | |
"envoyproxy.log_type", | |
"envoyproxy.response_flags", | |
"envoyproxy.request_id", | |
"envoyproxy.authority", | |
"envoyproxy.proxy_type", | |
"googlecloud.vpcflow.reporter", | |
"googlecloud.vpcflow.destination.instance.project_id", | |
"googlecloud.vpcflow.destination.instance.region", | |
"googlecloud.vpcflow.destination.instance.zone", | |
"googlecloud.vpcflow.destination.vpc.project_id", | |
"googlecloud.vpcflow.destination.vpc.vpc_name", | |
"googlecloud.vpcflow.destination.vpc.subnetwork_name", | |
"googlecloud.vpcflow.source.instance.project_id", | |
"googlecloud.vpcflow.source.instance.region", | |
"googlecloud.vpcflow.source.instance.zone", | |
"googlecloud.vpcflow.source.vpc.project_id", | |
"googlecloud.vpcflow.source.vpc.vpc_name", | |
"googlecloud.vpcflow.source.vpc.subnetwork_name", | |
"haproxy.frontend_name", | |
"haproxy.backend_name", | |
"haproxy.server_name", | |
"haproxy.bind_name", | |
"haproxy.error_message", | |
"haproxy.source", | |
"haproxy.termination_state", | |
"haproxy.mode", | |
"haproxy.http.response.captured_cookie", | |
"haproxy.http.response.captured_headers", | |
"haproxy.http.request.captured_cookie", | |
"haproxy.http.request.captured_headers", | |
"haproxy.http.request.raw_request_line", | |
"ibmmq.errorlog.installation", | |
"ibmmq.errorlog.qmgr", | |
"ibmmq.errorlog.arithinsert", | |
"ibmmq.errorlog.commentinsert", | |
"ibmmq.errorlog.errordescription", | |
"ibmmq.errorlog.explanation", | |
"ibmmq.errorlog.action", | |
"ibmmq.errorlog.code", | |
"icinga.debug.facility", | |
"icinga.main.facility", | |
"icinga.startup.facility", | |
"iis.access.site_name", | |
"iis.access.server_name", | |
"iis.access.cookie", | |
"iis.error.reason_phrase", | |
"iis.error.queue_name", | |
"iptables.fragment_flags", | |
"iptables.input_device", | |
"iptables.output_device", | |
"iptables.tcp.flags", | |
"iptables.ubiquiti.input_zone", | |
"iptables.ubiquiti.output_zone", | |
"iptables.ubiquiti.rule_number", | |
"iptables.ubiquiti.rule_set", | |
"kafka.log.component", | |
"kafka.log.class", | |
"kafka.log.trace.class", | |
"kafka.log.trace.message", | |
"kibana.log.tags", | |
"kibana.log.state", | |
"logstash.log.module", | |
"text", | |
"logstash.log.thread", | |
"logstash.slowlog.module", | |
"text", | |
"logstash.slowlog.thread", | |
"text", | |
"logstash.slowlog.event", | |
"logstash.slowlog.plugin_name", | |
"logstash.slowlog.plugin_type", | |
"text", | |
"logstash.slowlog.plugin_params", | |
"misp.attack_pattern.id", | |
"misp.attack_pattern.name", | |
"misp.attack_pattern.description", | |
"misp.attack_pattern.kill_chain_phases", | |
"misp.campaign.id", | |
"misp.campaign.name", | |
"misp.campaign.description", | |
"misp.campaign.aliases", | |
"misp.campaign.objective", | |
"misp.course_of_action.id", | |
"misp.course_of_action.name", | |
"misp.course_of_action.description", | |
"misp.identity.id", | |
"misp.identity.name", | |
"misp.identity.description", | |
"misp.identity.identity_class", | |
"misp.identity.labels", | |
"misp.identity.sectors", | |
"misp.identity.contact_information", | |
"misp.intrusion_set.id", | |
"misp.intrusion_set.name", | |
"misp.intrusion_set.description", | |
"misp.intrusion_set.aliases", | |
"misp.intrusion_set.goals", | |
"misp.intrusion_set.resource_level", | |
"misp.intrusion_set.primary_motivation", | |
"misp.intrusion_set.secondary_motivations", | |
"misp.malware.id", | |
"misp.malware.name", | |
"misp.malware.description", | |
"misp.malware.labels", | |
"misp.malware.kill_chain_phases", | |
"misp.note.id", | |
"misp.note.summary", | |
"misp.note.description", | |
"misp.note.authors", | |
"misp.note.object_refs", | |
"misp.threat_indicator.labels", | |
"misp.threat_indicator.id", | |
"misp.threat_indicator.version", | |
"misp.threat_indicator.type", | |
"misp.threat_indicator.description", | |
"misp.threat_indicator.feed", | |
"misp.threat_indicator.severity", | |
"misp.threat_indicator.confidence", | |
"misp.threat_indicator.kill_chain_phases", | |
"misp.threat_indicator.mitre_tactic", | |
"misp.threat_indicator.mitre_technique", | |
"misp.threat_indicator.attack_pattern", | |
"misp.threat_indicator.intrusion_set", | |
"misp.threat_indicator.campaign", | |
"misp.threat_indicator.threat_actor", | |
"misp.observed_data.id", | |
"misp.observed_data.objects", | |
"misp.report.id", | |
"misp.report.labels", | |
"misp.report.name", | |
"misp.report.description", | |
"misp.report.object_refs", | |
"misp.threat_actor.id", | |
"misp.threat_actor.labels", | |
"misp.threat_actor.name", | |
"misp.threat_actor.description", | |
"misp.threat_actor.aliases", | |
"misp.threat_actor.roles", | |
"misp.threat_actor.goals", | |
"misp.threat_actor.sophistication", | |
"misp.threat_actor.resource_level", | |
"misp.threat_actor.primary_motivation", | |
"misp.threat_actor.secondary_motivations", | |
"misp.threat_actor.personal_motivations", | |
"misp.tool.id", | |
"misp.tool.labels", | |
"misp.tool.name", | |
"misp.tool.description", | |
"misp.tool.tool_version", | |
"misp.tool.kill_chain_phases", | |
"misp.vulnerability.id", | |
"misp.vulnerability.name", | |
"misp.vulnerability.description", | |
"mongodb.log.component", | |
"mongodb.log.context", | |
"mssql.log.origin", | |
"mysql.slowlog.query", | |
"mysql.slowlog.schema", | |
"mysql.slowlog.current_user", | |
"mysql.slowlog.last_errno", | |
"mysql.slowlog.killed", | |
"mysql.slowlog.log_slow_rate_type", | |
"mysql.slowlog.log_slow_rate_limit", | |
"mysql.slowlog.innodb.trx_id", | |
"nats.log.msg.type", | |
"nats.log.msg.subject", | |
"nats.log.msg.reply_to", | |
"nats.log.msg.error.message", | |
"nats.log.msg.queue_group", | |
"netflow.type", | |
"netflow.exporter.address", | |
"netflow.source_mac_address", | |
"netflow.post_destination_mac_address", | |
"netflow.destination_mac_address", | |
"netflow.post_source_mac_address", | |
"netflow.interface_name", | |
"netflow.interface_description", | |
"netflow.sampler_name", | |
"netflow.application_description", | |
"netflow.application_name", | |
"netflow.class_name", | |
"netflow.wlan_ssid", | |
"netflow.vr_fname", | |
"netflow.metro_evc_id", | |
"netflow.nat_pool_name", | |
"netflow.p2p_technology", | |
"netflow.tunnel_technology", | |
"netflow.encrypted_technology", | |
"netflow.observation_domain_name", | |
"netflow.selector_name", | |
"netflow.information_element_description", | |
"netflow.information_element_name", | |
"netflow.virtual_station_interface_name", | |
"netflow.virtual_station_name", | |
"netflow.sta_mac_address", | |
"netflow.wtp_mac_address", | |
"netflow.user_name", | |
"netflow.application_category_name", | |
"netflow.application_sub_category_name", | |
"netflow.application_group_name", | |
"netflow.dot1q_customer_source_mac_address", | |
"netflow.dot1q_customer_destination_mac_address", | |
"netflow.mib_context_name", | |
"netflow.mib_object_name", | |
"netflow.mib_object_description", | |
"netflow.mib_object_syntax", | |
"netflow.mib_module_name", | |
"netflow.mobile_imsi", | |
"netflow.mobile_msisdn", | |
"netflow.http_request_method", | |
"netflow.http_request_host", | |
"netflow.http_request_target", | |
"netflow.http_message_version", | |
"netflow.http_user_agent", | |
"netflow.http_content_type", | |
"netflow.http_reason_phrase", | |
"osquery.result.name", | |
"osquery.result.action", | |
"osquery.result.host_identifier", | |
"osquery.result.calendar_time", | |
"panw.panos.ruleset", | |
"panw.panos.source.zone", | |
"panw.panos.source.interface", | |
"panw.panos.destination.zone", | |
"panw.panos.destination.interface", | |
"panw.panos.network.pcap_id", | |
"panw.panos.network.nat.community_id", | |
"panw.panos.file.hash", | |
"panw.panos.url.category", | |
"panw.panos.flow_id", | |
"panw.panos.threat.resource", | |
"panw.panos.threat.id", | |
"panw.panos.threat.name", | |
"postgresql.log.timestamp", | |
"postgresql.log.database", | |
"postgresql.log.query", | |
"postgresql.log.query_step", | |
"postgresql.log.query_name", | |
"rabbitmq.log.pid", | |
"redis.log.role", | |
"redis.slowlog.cmd", | |
"redis.slowlog.key", | |
"redis.slowlog.args", | |
"bucket_name", | |
"object_key", | |
"santa.action", | |
"santa.decision", | |
"santa.reason", | |
"santa.mode", | |
"santa.disk.volume", | |
"santa.disk.bus", | |
"santa.disk.serial", | |
"santa.disk.bsdname", | |
"santa.disk.model", | |
"santa.disk.fs", | |
"santa.disk.mount", | |
"certificate.common_name", | |
"certificate.sha256", | |
"suricata.eve.event_type", | |
"suricata.eve.app_proto_orig", | |
"suricata.eve.tcp.tcp_flags", | |
"suricata.eve.tcp.tcp_flags_tc", | |
"suricata.eve.tcp.state", | |
"suricata.eve.tcp.tcp_flags_ts", | |
"suricata.eve.fileinfo.sha1", | |
"suricata.eve.fileinfo.state", | |
"suricata.eve.fileinfo.sha256", | |
"suricata.eve.fileinfo.md5", | |
"suricata.eve.dns.type", | |
"suricata.eve.dns.rrtype", | |
"suricata.eve.dns.rrname", | |
"suricata.eve.dns.rdata", | |
"suricata.eve.dns.rcode", | |
"suricata.eve.flow_id", | |
"suricata.eve.email.status", | |
"suricata.eve.http.redirect", | |
"suricata.eve.http.protocol", | |
"suricata.eve.http.http_content_type", | |
"suricata.eve.in_iface", | |
"suricata.eve.alert.category", | |
"suricata.eve.alert.signature", | |
"suricata.eve.ssh.client.proto_version", | |
"suricata.eve.ssh.client.software_version", | |
"suricata.eve.ssh.server.proto_version", | |
"suricata.eve.ssh.server.software_version", | |
"suricata.eve.tls.issuerdn", | |
"suricata.eve.tls.sni", | |
"suricata.eve.tls.version", | |
"suricata.eve.tls.fingerprint", | |
"suricata.eve.tls.serial", | |
"suricata.eve.tls.subject", | |
"suricata.eve.app_proto_ts", | |
"suricata.eve.flow.state", | |
"suricata.eve.flow.reason", | |
"suricata.eve.app_proto_tc", | |
"suricata.eve.smtp.rcpt_to", | |
"suricata.eve.smtp.mail_from", | |
"suricata.eve.smtp.helo", | |
"suricata.eve.app_proto_expected", | |
"system.auth.ssh.method", | |
"system.auth.ssh.signature", | |
"system.auth.ssh.event", | |
"system.auth.sudo.error", | |
"system.auth.sudo.tty", | |
"system.auth.sudo.pwd", | |
"system.auth.sudo.user", | |
"system.auth.sudo.command", | |
"system.auth.useradd.home", | |
"system.auth.useradd.shell", | |
"traefik.access.user_identifier", | |
"traefik.access.frontend_name", | |
"traefik.access.backend_url", | |
"zeek.session_id", | |
"zeek.connection.state", | |
"zeek.connection.history", | |
"zeek.connection.orig_l2_addr", | |
"zeek.connection.resp_l2_addr", | |
"zeek.dns.trans_id", | |
"zeek.dns.query", | |
"zeek.dns.qclass_name", | |
"zeek.dns.qtype_name", | |
"zeek.dns.rcode_name", | |
"zeek.dns.answers", | |
"zeek.http.status_msg", | |
"zeek.http.info_msg", | |
"zeek.http.tags", | |
"zeek.http.password", | |
"zeek.http.proxied", | |
"zeek.http.client_header_names", | |
"zeek.http.server_header_names", | |
"zeek.http.orig_fuids", | |
"zeek.http.orig_mime_types", | |
"zeek.http.orig_filenames", | |
"zeek.http.resp_fuids", | |
"zeek.http.resp_mime_types", | |
"zeek.http.resp_filenames", | |
"zeek.files.fuid", | |
"zeek.files.session_ids", | |
"zeek.files.source", | |
"zeek.files.analyzers", | |
"zeek.files.mime_type", | |
"zeek.files.filename", | |
"zeek.files.parent_fuid", | |
"zeek.files.md5", | |
"zeek.files.sha1", | |
"zeek.files.sha256", | |
"zeek.files.extracted", | |
"zeek.ssl.version", | |
"zeek.ssl.cipher", | |
"zeek.ssl.curve", | |
"zeek.ssl.server_name", | |
"zeek.ssl.next_protocol", | |
"zeek.ssl.cert_chain", | |
"zeek.ssl.cert_chain_fuids", | |
"zeek.ssl.client_cert_chain", | |
"zeek.ssl.client_cert_chain_fuids", | |
"zeek.ssl.issuer", | |
"zeek.ssl.client_issuer", | |
"zeek.ssl.validation_status", | |
"zeek.ssl.validation_code", | |
"zeek.ssl.subject", | |
"zeek.ssl.client_subject", | |
"zeek.ssl.last_alert", | |
"zeek.notice.connection_id", | |
"zeek.notice.icmp_id", | |
"zeek.notice.file.id", | |
"zeek.notice.file.parent_id", | |
"zeek.notice.file.source", | |
"zeek.notice.file.mime_type", | |
"zeek.notice.fuid", | |
"zeek.notice.note", | |
"zeek.notice.msg", | |
"zeek.notice.sub", | |
"zeek.notice.peer_name", | |
"zeek.notice.peer_descr", | |
"zeek.notice.actions", | |
"zeek.notice.email_body_sections", | |
"zeek.notice.email_delay_tokens", | |
"zeek.notice.identifier", | |
"fields.*" | |
] | |
} | |
} | |
}, | |
"mappings" : { | |
"_meta" : { | |
"beat" : "filebeat", | |
"version" : "7.5.0" | |
}, | |
"dynamic_templates" : [ | |
{ | |
"labels" : { | |
"path_match" : "labels.*", | |
"mapping" : { | |
"type" : "keyword" | |
}, | |
"match_mapping_type" : "string" | |
} | |
}, | |
{ | |
"container.labels" : { | |
"path_match" : "container.labels.*", | |
"mapping" : { | |
"type" : "keyword" | |
}, | |
"match_mapping_type" : "string" | |
} | |
}, | |
{ | |
"dns.answers" : { | |
"path_match" : "dns.answers.*", | |
"mapping" : { | |
"type" : "keyword" | |
}, | |
"match_mapping_type" : "string" | |
} | |
}, | |
{ | |
"fields" : { | |
"path_match" : "fields.*", | |
"mapping" : { | |
"type" : "keyword" | |
}, | |
"match_mapping_type" : "string" | |
} | |
}, | |
{ | |
"docker.container.labels" : { | |
"path_match" : "docker.container.labels.*", | |
"mapping" : { | |
"type" : "keyword" | |
}, | |
"match_mapping_type" : "string" | |
} | |
}, | |
{ | |
"kubernetes.labels.*" : { | |
"path_match" : "kubernetes.labels.*", | |
"mapping" : { | |
"type" : "keyword" | |
}, | |
"match_mapping_type" : "*" | |
} | |
}, | |
{ | |
"kubernetes.annotations.*" : { | |
"path_match" : "kubernetes.annotations.*", | |
"mapping" : { | |
"type" : "keyword" | |
}, | |
"match_mapping_type" : "*" | |
} | |
}, | |
{ | |
"docker.attrs" : { | |
"path_match" : "docker.attrs.*", | |
"mapping" : { | |
"type" : "keyword" | |
}, | |
"match_mapping_type" : "string" | |
} | |
}, | |
{ | |
"cef.extensions" : { | |
"path_match" : "cef.extensions.*", | |
"mapping" : { | |
"type" : "keyword" | |
}, | |
"match_mapping_type" : "string" | |
} | |
}, | |
{ | |
"kibana.log.meta" : { | |
"path_match" : "kibana.log.meta.*", | |
"mapping" : { | |
"type" : "keyword" | |
}, | |
"match_mapping_type" : "string" | |
} | |
}, | |
{ | |
"strings_as_keyword" : { | |
"mapping" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"match_mapping_type" : "string" | |
} | |
} | |
], | |
"date_detection" : false, | |
"properties" : { | |
"container" : { | |
"properties" : { | |
"image" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"tag" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"runtime" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"labels" : { | |
"type" : "object" | |
} | |
} | |
}, | |
"kubernetes" : { | |
"properties" : { | |
"container" : { | |
"properties" : { | |
"image" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"node" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"pod" : { | |
"properties" : { | |
"uid" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"statefulset" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"namespace" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"annotations" : { | |
"properties" : { | |
"*" : { | |
"type" : "object" | |
} | |
} | |
}, | |
"replicaset" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"labels" : { | |
"properties" : { | |
"*" : { | |
"type" : "object" | |
} | |
} | |
}, | |
"deployment" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"agent" : { | |
"properties" : { | |
"hostname" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"ephemeral_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"version" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"icinga" : { | |
"properties" : { | |
"debug" : { | |
"properties" : { | |
"facility" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"startup" : { | |
"properties" : { | |
"facility" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"main" : { | |
"properties" : { | |
"facility" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"source" : { | |
"properties" : { | |
"geo" : { | |
"properties" : { | |
"continent_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"region_iso_code" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"city_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"country_iso_code" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"country_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"location" : { | |
"type" : "geo_point" | |
}, | |
"region_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"nat" : { | |
"properties" : { | |
"port" : { | |
"type" : "long" | |
}, | |
"ip" : { | |
"type" : "ip" | |
} | |
} | |
}, | |
"as" : { | |
"properties" : { | |
"number" : { | |
"type" : "long" | |
}, | |
"organization" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"address" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"port" : { | |
"type" : "long" | |
}, | |
"service" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"bytes" : { | |
"type" : "long" | |
}, | |
"domain" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"ip" : { | |
"type" : "ip" | |
}, | |
"user" : { | |
"properties" : { | |
"full_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"domain" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"email" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"hash" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"group" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"mac" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"packets" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"icmp" : { | |
"properties" : { | |
"code" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"redis" : { | |
"properties" : { | |
"log" : { | |
"properties" : { | |
"role" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"slowlog" : { | |
"properties" : { | |
"args" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"duration" : { | |
"properties" : { | |
"us" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"cmd" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"type" : "long" | |
}, | |
"key" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"cloud" : { | |
"properties" : { | |
"image" : { | |
"properties" : { | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"availability_zone" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"instance" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"provider" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"machine" : { | |
"properties" : { | |
"type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"project" : { | |
"properties" : { | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"region" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"account" : { | |
"properties" : { | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"observer" : { | |
"properties" : { | |
"geo" : { | |
"properties" : { | |
"region_iso_code" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"continent_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"city_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"country_iso_code" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"country_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"region_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"location" : { | |
"type" : "geo_point" | |
} | |
} | |
}, | |
"hostname" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"product" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"os" : { | |
"properties" : { | |
"kernel" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"family" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"version" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"platform" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"full" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"vendor" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"ip" : { | |
"type" : "ip" | |
}, | |
"serial_number" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"version" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"mac" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"logstash" : { | |
"properties" : { | |
"log" : { | |
"properties" : { | |
"module" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"log_event" : { | |
"type" : "object" | |
}, | |
"thread" : { | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"norms" : false, | |
"type" : "text" | |
} | |
}, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"slowlog" : { | |
"properties" : { | |
"took_in_millis" : { | |
"type" : "long" | |
}, | |
"plugin_params" : { | |
"ignore_above" : 1024, | |
"type" : "keyword", | |
"fields" : { | |
"text" : { | |
"norms" : false, | |
"type" : "text" | |
} | |
} | |
}, | |
"module" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"plugin_type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"plugin_params_object" : { | |
"type" : "object" | |
}, | |
"thread" : { | |
"ignore_above" : 1024, | |
"type" : "keyword", | |
"fields" : { | |
"text" : { | |
"norms" : false, | |
"type" : "text" | |
} | |
} | |
}, | |
"event" : { | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"norms" : false, | |
"type" : "text" | |
} | |
}, | |
"type" : "keyword" | |
}, | |
"plugin_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"netflow" : { | |
"properties" : { | |
"information_element_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"next_header_ipv6" : { | |
"type" : "short" | |
}, | |
"class_id" : { | |
"type" : "short" | |
}, | |
"min_flow_start_milliseconds" : { | |
"type" : "date" | |
}, | |
"nat_event" : { | |
"type" : "short" | |
}, | |
"application_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"icmp_code_ipv6" : { | |
"type" : "short" | |
}, | |
"icmp_code_ipv4" : { | |
"type" : "short" | |
}, | |
"sampling_flow_spacing" : { | |
"type" : "long" | |
}, | |
"tcp_ack_total_count" : { | |
"type" : "long" | |
}, | |
"post_ip_diff_serv_code_point" : { | |
"type" : "short" | |
}, | |
"not_sent_packet_total_count" : { | |
"type" : "long" | |
}, | |
"mpls_label_stack_section10" : { | |
"type" : "short" | |
}, | |
"dropped_packet_total_count" : { | |
"type" : "long" | |
}, | |
"flow_start_sys_up_time" : { | |
"type" : "long" | |
}, | |
"mpls_label_stack_section5" : { | |
"type" : "short" | |
}, | |
"post_octet_delta_count" : { | |
"type" : "long" | |
}, | |
"pseudo_wire_control_word" : { | |
"type" : "long" | |
}, | |
"mpls_label_stack_section4" : { | |
"type" : "short" | |
}, | |
"mpls_label_stack_section3" : { | |
"type" : "short" | |
}, | |
"octet_delta_count" : { | |
"type" : "long" | |
}, | |
"mpls_label_stack_section2" : { | |
"type" : "short" | |
}, | |
"sampler_id" : { | |
"type" : "short" | |
}, | |
"initiator_octets" : { | |
"type" : "long" | |
}, | |
"dropped_octet_total_count" : { | |
"type" : "long" | |
}, | |
"mpls_label_stack_section9" : { | |
"type" : "short" | |
}, | |
"mpls_label_stack_section8" : { | |
"type" : "short" | |
}, | |
"mpls_label_stack_section7" : { | |
"type" : "short" | |
}, | |
"mpls_label_stack_section6" : { | |
"type" : "short" | |
}, | |
"metering_process_id" : { | |
"type" : "long" | |
}, | |
"address_pool_low_threshold" : { | |
"type" : "long" | |
}, | |
"source_ipv6_prefix" : { | |
"type" : "ip" | |
}, | |
"sta_ipv4_address" : { | |
"type" : "ip" | |
}, | |
"connection_sum_duration_seconds" : { | |
"type" : "long" | |
}, | |
"mib_module_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"http_reason_phrase" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"mobile_msisdn" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"mib_object_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"confidence_level" : { | |
"type" : "double" | |
}, | |
"hash_ip_payload_offset" : { | |
"type" : "long" | |
}, | |
"ignored_packet_total_count" : { | |
"type" : "long" | |
}, | |
"min_flow_start_nanoseconds" : { | |
"type" : "date" | |
}, | |
"tcp_options" : { | |
"type" : "long" | |
}, | |
"virtual_station_interface_id" : { | |
"type" : "short" | |
}, | |
"http_user_agent" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"post_ip_precedence" : { | |
"type" : "short" | |
}, | |
"sampling_size" : { | |
"type" : "long" | |
}, | |
"flow_sampling_time_spacing" : { | |
"type" : "long" | |
}, | |
"ip_version" : { | |
"type" : "short" | |
}, | |
"tcp_window_scale" : { | |
"type" : "long" | |
}, | |
"data_records_reliability" : { | |
"type" : "boolean" | |
}, | |
"ip_total_length" : { | |
"type" : "long" | |
}, | |
"post_mcast_octet_delta_count" : { | |
"type" : "long" | |
}, | |
"src_traffic_index" : { | |
"type" : "long" | |
}, | |
"ingress_physical_interface" : { | |
"type" : "long" | |
}, | |
"layer2_octet_total_sum_of_squares" : { | |
"type" : "long" | |
}, | |
"address_port_mapping_per_user_high_threshold" : { | |
"type" : "long" | |
}, | |
"sampling_time_interval" : { | |
"type" : "long" | |
}, | |
"ip_next_hop_ipv6_address" : { | |
"type" : "ip" | |
}, | |
"http_request_host" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"sampling_interval" : { | |
"type" : "long" | |
}, | |
"session_scope" : { | |
"type" : "short" | |
}, | |
"vr_fname" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"mpls_label_stack_depth" : { | |
"type" : "long" | |
}, | |
"sampling_flow_interval" : { | |
"type" : "long" | |
}, | |
"initiator_packets" : { | |
"type" : "long" | |
}, | |
"post_nat_destination_ipv6_address" : { | |
"type" : "ip" | |
}, | |
"destination_transport_port" : { | |
"type" : "long" | |
}, | |
"vpn_identifier" : { | |
"type" : "short" | |
}, | |
"tcp_fin_total_count" : { | |
"type" : "long" | |
}, | |
"distinct_count_of_destination_ip_address" : { | |
"type" : "long" | |
}, | |
"source_transport_ports_limit" : { | |
"type" : "long" | |
}, | |
"destination_ipv4_prefix" : { | |
"type" : "ip" | |
}, | |
"original_flows_completed" : { | |
"type" : "long" | |
}, | |
"nat_pool_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"total_length_ipv4" : { | |
"type" : "long" | |
}, | |
"data_link_frame_type" : { | |
"type" : "long" | |
}, | |
"post_ip_class_of_service" : { | |
"type" : "short" | |
}, | |
"nat_instance_id" : { | |
"type" : "long" | |
}, | |
"sampling_time_space" : { | |
"type" : "long" | |
}, | |
"application_category_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"ignored_layer2_frame_total_count" : { | |
"type" : "long" | |
}, | |
"port_range_step_size" : { | |
"type" : "long" | |
}, | |
"mib_capture_time_semantics" : { | |
"type" : "short" | |
}, | |
"sampling_packet_interval" : { | |
"type" : "long" | |
}, | |
"post_mcast_packet_delta_count" : { | |
"type" : "long" | |
}, | |
"selector_id" : { | |
"type" : "long" | |
}, | |
"ipv6_extension_headers" : { | |
"type" : "long" | |
}, | |
"dropped_layer2_octet_total_count" : { | |
"type" : "long" | |
}, | |
"not_sent_flow_total_count" : { | |
"type" : "long" | |
}, | |
"mib_object_value_ip_address" : { | |
"type" : "ip" | |
}, | |
"dot1q_customer_vlan_id" : { | |
"type" : "long" | |
}, | |
"tcp_urg_total_count" : { | |
"type" : "long" | |
}, | |
"mpls_top_label_type" : { | |
"type" : "short" | |
}, | |
"rtp_sequence_number" : { | |
"type" : "long" | |
}, | |
"section_exported_octets" : { | |
"type" : "long" | |
}, | |
"dst_traffic_index" : { | |
"type" : "long" | |
}, | |
"flow_duration_microseconds" : { | |
"type" : "long" | |
}, | |
"post_octet_total_count" : { | |
"type" : "long" | |
}, | |
"tcp_header_length" : { | |
"type" : "short" | |
}, | |
"mib_object_value_unsigned" : { | |
"type" : "long" | |
}, | |
"protocol_identifier" : { | |
"type" : "short" | |
}, | |
"metro_evc_type" : { | |
"type" : "short" | |
}, | |
"mpls_label_stack_section" : { | |
"type" : "short" | |
}, | |
"wlan_ssid" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"udp_destination_port" : { | |
"type" : "long" | |
}, | |
"max_fragments_pending_reassembly" : { | |
"type" : "long" | |
}, | |
"collector_ipv4_address" : { | |
"type" : "ip" | |
}, | |
"internal_address_realm" : { | |
"type" : "short" | |
}, | |
"flow_start_delta_microseconds" : { | |
"type" : "long" | |
}, | |
"information_element_range_begin" : { | |
"type" : "long" | |
}, | |
"payload_length_ipv6" : { | |
"type" : "long" | |
}, | |
"information_element_units" : { | |
"type" : "long" | |
}, | |
"ingress_interface" : { | |
"type" : "long" | |
}, | |
"observation_domain_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"mpls_top_label_ipv4_address" : { | |
"type" : "ip" | |
}, | |
"max_session_entries" : { | |
"type" : "long" | |
}, | |
"tcp_window_size" : { | |
"type" : "long" | |
}, | |
"biflow_direction" : { | |
"type" : "short" | |
}, | |
"post_nat_destination_ipv4_address" : { | |
"type" : "ip" | |
}, | |
"information_element_id" : { | |
"type" : "long" | |
}, | |
"bgp_source_as_number" : { | |
"type" : "long" | |
}, | |
"exporter_certificate" : { | |
"type" : "short" | |
}, | |
"sampler_mode" : { | |
"type" : "short" | |
}, | |
"flow_selected_octet_delta_count" : { | |
"type" : "long" | |
}, | |
"sta_mac_address" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"dropped_packet_delta_count" : { | |
"type" : "long" | |
}, | |
"mpls_top_label_stack_section" : { | |
"type" : "short" | |
}, | |
"nat_pool_id" : { | |
"type" : "long" | |
}, | |
"source_mac_address" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"ethernet_type" : { | |
"type" : "long" | |
}, | |
"multicast_replication_factor" : { | |
"type" : "long" | |
}, | |
"lower_ci_limit" : { | |
"type" : "double" | |
}, | |
"anonymization_technique" : { | |
"type" : "long" | |
}, | |
"destination_ipv6_prefix_length" : { | |
"type" : "short" | |
}, | |
"application_id" : { | |
"type" : "short" | |
}, | |
"transport_packet_delta_count" : { | |
"type" : "long" | |
}, | |
"original_exporter_ipv6_address" : { | |
"type" : "ip" | |
}, | |
"destination_ipv4_address" : { | |
"type" : "ip" | |
}, | |
"observation_domain_id" : { | |
"type" : "long" | |
}, | |
"digest_hash_value" : { | |
"type" : "long" | |
}, | |
"mpls_label_stack_length" : { | |
"type" : "long" | |
}, | |
"port_id" : { | |
"type" : "long" | |
}, | |
"post_layer2_octet_delta_count" : { | |
"type" : "long" | |
}, | |
"exporter_ipv4_address" : { | |
"type" : "ip" | |
}, | |
"dot1q_vlan_id" : { | |
"type" : "long" | |
}, | |
"hash_flow_domain" : { | |
"type" : "long" | |
}, | |
"external_address_realm" : { | |
"type" : "short" | |
}, | |
"data_link_frame_section" : { | |
"type" : "short" | |
}, | |
"egress_vrfid" : { | |
"type" : "long" | |
}, | |
"ip_diff_serv_code_point" : { | |
"type" : "short" | |
}, | |
"exported_flow_record_total_count" : { | |
"type" : "long" | |
}, | |
"original_flows_present" : { | |
"type" : "long" | |
}, | |
"application_description" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"opaque_octets" : { | |
"type" : "short" | |
}, | |
"selector_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"information_element_semantics" : { | |
"type" : "short" | |
}, | |
"export_interface" : { | |
"type" : "long" | |
}, | |
"post_source_mac_address" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"tcp_rst_total_count" : { | |
"type" : "long" | |
}, | |
"octet_total_sum_of_squares" : { | |
"type" : "long" | |
}, | |
"distinct_count_of_destination_ipv6_address" : { | |
"type" : "long" | |
}, | |
"hash_ip_payload_size" : { | |
"type" : "long" | |
}, | |
"classification_engine_id" : { | |
"type" : "short" | |
}, | |
"selector_id_total_pkts_observed" : { | |
"type" : "long" | |
}, | |
"information_element_description" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"selector_id_total_flows_observed" : { | |
"type" : "long" | |
}, | |
"intermediate_process_id" : { | |
"type" : "long" | |
}, | |
"flow_end_delta_microseconds" : { | |
"type" : "long" | |
}, | |
"post_mcast_octet_total_count" : { | |
"type" : "long" | |
}, | |
"flow_selector_algorithm" : { | |
"type" : "long" | |
}, | |
"delta_flow_count" : { | |
"type" : "long" | |
}, | |
"original_flows_initiated" : { | |
"type" : "long" | |
}, | |
"ingress_vrfid" : { | |
"type" : "long" | |
}, | |
"virtual_station_uuid" : { | |
"type" : "short" | |
}, | |
"gre_key" : { | |
"type" : "long" | |
}, | |
"fragment_offset" : { | |
"type" : "long" | |
}, | |
"tcp_source_port" : { | |
"type" : "long" | |
}, | |
"flow_end_seconds" : { | |
"type" : "date" | |
}, | |
"ipv4_ihl" : { | |
"type" : "short" | |
}, | |
"dot1q_priority" : { | |
"type" : "short" | |
}, | |
"source_ipv6_prefix_length" : { | |
"type" : "short" | |
}, | |
"max_entries_per_user" : { | |
"type" : "long" | |
}, | |
"post_destination_mac_address" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"value_distribution_method" : { | |
"type" : "short" | |
}, | |
"mib_object_value_oid" : { | |
"type" : "short" | |
}, | |
"observed_flow_total_count" : { | |
"type" : "long" | |
}, | |
"mib_object_identifier" : { | |
"type" : "short" | |
}, | |
"mib_object_value_gauge" : { | |
"type" : "long" | |
}, | |
"post_nat_source_ipv4_address" : { | |
"type" : "ip" | |
}, | |
"not_sent_layer2_octet_total_count" : { | |
"type" : "long" | |
}, | |
"udp_source_port" : { | |
"type" : "long" | |
}, | |
"hash_selected_range_max" : { | |
"type" : "long" | |
}, | |
"post_vlan_id" : { | |
"type" : "long" | |
}, | |
"packet_delta_count" : { | |
"type" : "long" | |
}, | |
"ipv4_router_sc" : { | |
"type" : "ip" | |
}, | |
"layer2_frame_total_count" : { | |
"type" : "long" | |
}, | |
"egress_interface_type" : { | |
"type" : "long" | |
}, | |
"bgp_next_hop_ipv4_address" : { | |
"type" : "ip" | |
}, | |
"sampler_random_interval" : { | |
"type" : "long" | |
}, | |
"dot1q_customer_dei" : { | |
"type" : "boolean" | |
}, | |
"layer2packet_section_offset" : { | |
"type" : "long" | |
}, | |
"post_packet_delta_count" : { | |
"type" : "long" | |
}, | |
"destination_ipv4_prefix_length" : { | |
"type" : "short" | |
}, | |
"sampling_probability" : { | |
"type" : "double" | |
}, | |
"source_ipv4_prefix_length" : { | |
"type" : "short" | |
}, | |
"upper_ci_limit" : { | |
"type" : "double" | |
}, | |
"dot1q_service_instance_id" : { | |
"type" : "long" | |
}, | |
"egress_interface" : { | |
"type" : "long" | |
}, | |
"observation_point_id" : { | |
"type" : "long" | |
}, | |
"tcp_urgent_pointer" : { | |
"type" : "long" | |
}, | |
"source_ipv6_address" : { | |
"type" : "ip" | |
}, | |
"bgp_prev_adjacent_as_number" : { | |
"type" : "long" | |
}, | |
"max_flow_end_microseconds" : { | |
"type" : "date" | |
}, | |
"export_sctp_stream_id" : { | |
"type" : "long" | |
}, | |
"selection_sequence_id" : { | |
"type" : "long" | |
}, | |
"tcp_acknowledgement_number" : { | |
"type" : "long" | |
}, | |
"encrypted_technology" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"mpls_top_label_prefix_length" : { | |
"type" : "short" | |
}, | |
"selector_id_total_flows_selected" : { | |
"type" : "long" | |
}, | |
"max_flow_end_seconds" : { | |
"type" : "date" | |
}, | |
"sampler_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"octet_delta_sum_of_squares" : { | |
"type" : "long" | |
}, | |
"observation_time_seconds" : { | |
"type" : "date" | |
}, | |
"sampling_population" : { | |
"type" : "long" | |
}, | |
"tcp_sequence_number" : { | |
"type" : "long" | |
}, | |
"min_flow_start_seconds" : { | |
"type" : "date" | |
}, | |
"monitoring_interval_end_milli_seconds" : { | |
"type" : "date" | |
}, | |
"flow_start_milliseconds" : { | |
"type" : "date" | |
}, | |
"pseudo_wire_destination_ipv4_address" : { | |
"type" : "ip" | |
}, | |
"minimum_ttl" : { | |
"type" : "short" | |
}, | |
"source_ipv4_prefix" : { | |
"type" : "ip" | |
}, | |
"wlan_channel_id" : { | |
"type" : "short" | |
}, | |
"distinct_count_of_source_ipv6_address" : { | |
"type" : "long" | |
}, | |
"post_dot1q_customer_vlan_id" : { | |
"type" : "long" | |
}, | |
"global_address_mapping_high_threshold" : { | |
"type" : "long" | |
}, | |
"new_connection_delta_count" : { | |
"type" : "long" | |
}, | |
"flow_sampling_time_interval" : { | |
"type" : "long" | |
}, | |
"mib_object_value_time_ticks" : { | |
"type" : "long" | |
}, | |
"nat_threshold_event" : { | |
"type" : "long" | |
}, | |
"ingress_interface_type" : { | |
"type" : "long" | |
}, | |
"icmp_type_code_ipv4" : { | |
"type" : "long" | |
}, | |
"post_layer2_octet_total_count" : { | |
"type" : "long" | |
}, | |
"mib_object_value_integer" : { | |
"type" : "long" | |
}, | |
"icmp_type_code_ipv6" : { | |
"type" : "long" | |
}, | |
"bgp_destination_as_number" : { | |
"type" : "long" | |
}, | |
"http_request_target" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"information_element_index" : { | |
"type" : "long" | |
}, | |
"mib_context_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"forwarding_status" : { | |
"type" : "short" | |
}, | |
"bgp_next_hop_ipv6_address" : { | |
"type" : "ip" | |
}, | |
"mpls_top_label_ipv6_address" : { | |
"type" : "ip" | |
}, | |
"fragment_identification" : { | |
"type" : "long" | |
}, | |
"user_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"port_range_num_ports" : { | |
"type" : "long" | |
}, | |
"hash_selected_range_min" : { | |
"type" : "long" | |
}, | |
"exporter" : { | |
"properties" : { | |
"uptime_millis" : { | |
"type" : "long" | |
}, | |
"address" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"source_id" : { | |
"type" : "long" | |
}, | |
"version" : { | |
"type" : "long" | |
}, | |
"timestamp" : { | |
"type" : "date" | |
} | |
} | |
}, | |
"hash_output_range_min" : { | |
"type" : "long" | |
}, | |
"http_content_type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"selector_algorithm" : { | |
"type" : "long" | |
}, | |
"address_port_mapping_high_threshold" : { | |
"type" : "long" | |
}, | |
"flow_start_seconds" : { | |
"type" : "date" | |
}, | |
"mobile_imsi" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"nat_originating_address_realm" : { | |
"type" : "short" | |
}, | |
"tcp_destination_port" : { | |
"type" : "long" | |
}, | |
"class_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"application_sub_category_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"responder_octets" : { | |
"type" : "long" | |
}, | |
"not_sent_octet_total_count" : { | |
"type" : "long" | |
}, | |
"layer2_octet_delta_count" : { | |
"type" : "long" | |
}, | |
"information_element_data_type" : { | |
"type" : "short" | |
}, | |
"hash_initialiser_value" : { | |
"type" : "long" | |
}, | |
"flow_start_nanoseconds" : { | |
"type" : "date" | |
}, | |
"bgp_validity_state" : { | |
"type" : "short" | |
}, | |
"engine_type" : { | |
"type" : "short" | |
}, | |
"flow_direction" : { | |
"type" : "short" | |
}, | |
"dot1q_customer_source_mac_address" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"wtp_mac_address" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"mpls_payload_length" : { | |
"type" : "long" | |
}, | |
"template_id" : { | |
"type" : "long" | |
}, | |
"dot1q_customer_destination_mac_address" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"pseudo_wire_type" : { | |
"type" : "long" | |
}, | |
"interface_description" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"pseudo_wire_id" : { | |
"type" : "long" | |
}, | |
"vlan_id" : { | |
"type" : "long" | |
}, | |
"hash_digest_output" : { | |
"type" : "boolean" | |
}, | |
"responder_packets" : { | |
"type" : "long" | |
}, | |
"ethernet_payload_length" : { | |
"type" : "long" | |
}, | |
"collector_certificate" : { | |
"type" : "short" | |
}, | |
"tcp_control_bits" : { | |
"type" : "long" | |
}, | |
"mpls_payload_packet_section" : { | |
"type" : "short" | |
}, | |
"anonymization_flags" : { | |
"type" : "long" | |
}, | |
"ingress_unicast_packet_total_count" : { | |
"type" : "long" | |
}, | |
"address_pool_high_threshold" : { | |
"type" : "long" | |
}, | |
"information_element_range_end" : { | |
"type" : "long" | |
}, | |
"observation_point_type" : { | |
"type" : "short" | |
}, | |
"ip_payload_packet_section" : { | |
"type" : "short" | |
}, | |
"http_status_code" : { | |
"type" : "long" | |
}, | |
"bgp_next_adjacent_as_number" : { | |
"type" : "long" | |
}, | |
"dropped_layer2_octet_delta_count" : { | |
"type" : "long" | |
}, | |
"destination_ipv6_prefix" : { | |
"type" : "ip" | |
}, | |
"common_properties_id" : { | |
"type" : "long" | |
}, | |
"maximum_ip_total_length" : { | |
"type" : "long" | |
}, | |
"exporter_ipv6_address" : { | |
"type" : "ip" | |
}, | |
"ip_class_of_service" : { | |
"type" : "short" | |
}, | |
"rfc3550_jitter_nanoseconds" : { | |
"type" : "long" | |
}, | |
"distinct_count_of_source_ip_address" : { | |
"type" : "long" | |
}, | |
"http_request_method" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"original_observation_domain_id" : { | |
"type" : "long" | |
}, | |
"is_multicast" : { | |
"type" : "short" | |
}, | |
"mib_object_value_counter" : { | |
"type" : "long" | |
}, | |
"mib_object_value_bits" : { | |
"type" : "short" | |
}, | |
"ip_header_packet_section" : { | |
"type" : "short" | |
}, | |
"post_mcast_layer2_octet_delta_count" : { | |
"type" : "long" | |
}, | |
"tunnel_technology" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"ingress_multicast_packet_total_count" : { | |
"type" : "long" | |
}, | |
"flow_idle_timeout" : { | |
"type" : "long" | |
}, | |
"exported_message_total_count" : { | |
"type" : "long" | |
}, | |
"minimum_ip_total_length" : { | |
"type" : "long" | |
}, | |
"max_export_seconds" : { | |
"type" : "date" | |
}, | |
"flow_end_nanoseconds" : { | |
"type" : "date" | |
}, | |
"layer2_segment_id" : { | |
"type" : "long" | |
}, | |
"ip_next_hop_ipv4_address" : { | |
"type" : "ip" | |
}, | |
"post_mcast_layer2_octet_total_count" : { | |
"type" : "long" | |
}, | |
"egress_physical_interface" : { | |
"type" : "long" | |
}, | |
"tcp_psh_total_count" : { | |
"type" : "long" | |
}, | |
"mib_index_indicator" : { | |
"type" : "long" | |
}, | |
"nat_type" : { | |
"type" : "short" | |
}, | |
"udp_message_length" : { | |
"type" : "long" | |
}, | |
"monitoring_interval_start_milli_seconds" : { | |
"type" : "date" | |
}, | |
"layer2packet_section_size" : { | |
"type" : "long" | |
}, | |
"port_range_start" : { | |
"type" : "long" | |
}, | |
"exported_octet_total_count" : { | |
"type" : "long" | |
}, | |
"type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"source_ipv4_address" : { | |
"type" : "ip" | |
}, | |
"post_napt_source_transport_port" : { | |
"type" : "long" | |
}, | |
"collector_transport_port" : { | |
"type" : "long" | |
}, | |
"post_dot1q_vlan_id" : { | |
"type" : "long" | |
}, | |
"observation_time_nanoseconds" : { | |
"type" : "date" | |
}, | |
"firewall_event" : { | |
"type" : "short" | |
}, | |
"dropped_octet_delta_count" : { | |
"type" : "long" | |
}, | |
"octet_total_count" : { | |
"type" : "long" | |
}, | |
"http_message_version" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"flow_selected_packet_delta_count" : { | |
"type" : "long" | |
}, | |
"post_mcast_packet_total_count" : { | |
"type" : "long" | |
}, | |
"flow_active_timeout" : { | |
"type" : "long" | |
}, | |
"maximum_ttl" : { | |
"type" : "short" | |
}, | |
"dot1q_customer_priority" : { | |
"type" : "short" | |
}, | |
"metro_evc_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"igmp_type" : { | |
"type" : "short" | |
}, | |
"destination_mac_address" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"flow_end_sys_up_time" : { | |
"type" : "long" | |
}, | |
"source_transport_port" : { | |
"type" : "long" | |
}, | |
"relative_error" : { | |
"type" : "double" | |
}, | |
"post_nat_source_ipv6_address" : { | |
"type" : "ip" | |
}, | |
"mib_object_value_octet_string" : { | |
"type" : "short" | |
}, | |
"export_protocol_version" : { | |
"type" : "short" | |
}, | |
"exporting_process_id" : { | |
"type" : "long" | |
}, | |
"hash_output_range_max" : { | |
"type" : "long" | |
}, | |
"max_subscribers" : { | |
"type" : "long" | |
}, | |
"dot1q_service_instance_priority" : { | |
"type" : "short" | |
}, | |
"ip_header_length" : { | |
"type" : "short" | |
}, | |
"sampling_algorithm" : { | |
"type" : "short" | |
}, | |
"ingress_broadcast_packet_total_count" : { | |
"type" : "long" | |
}, | |
"min_flow_start_microseconds" : { | |
"type" : "date" | |
}, | |
"ip_ttl" : { | |
"type" : "short" | |
}, | |
"layer2_octet_total_count" : { | |
"type" : "long" | |
}, | |
"mib_object_syntax" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"data_link_frame_size" : { | |
"type" : "long" | |
}, | |
"ignored_layer2_octet_total_count" : { | |
"type" : "long" | |
}, | |
"private_enterprise_number" : { | |
"type" : "long" | |
}, | |
"flow_start_microseconds" : { | |
"type" : "date" | |
}, | |
"address_port_mapping_low_threshold" : { | |
"type" : "long" | |
}, | |
"collector_ipv6_address" : { | |
"type" : "ip" | |
}, | |
"max_flow_end_milliseconds" : { | |
"type" : "date" | |
}, | |
"absolute_error" : { | |
"type" : "double" | |
}, | |
"observation_time_microseconds" : { | |
"type" : "date" | |
}, | |
"minimum_layer2_total_length" : { | |
"type" : "long" | |
}, | |
"padding_octets" : { | |
"type" : "short" | |
}, | |
"ethernet_total_length" : { | |
"type" : "long" | |
}, | |
"flow_end_microseconds" : { | |
"type" : "date" | |
}, | |
"layer2_octet_delta_sum_of_squares" : { | |
"type" : "long" | |
}, | |
"application_group_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"dot1q_dei" : { | |
"type" : "boolean" | |
}, | |
"mpls_top_label_exp" : { | |
"type" : "short" | |
}, | |
"virtual_station_interface_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"ipv4_options" : { | |
"type" : "long" | |
}, | |
"fragment_flags" : { | |
"type" : "short" | |
}, | |
"destination_ipv6_address" : { | |
"type" : "ip" | |
}, | |
"system_init_time_milliseconds" : { | |
"type" : "date" | |
}, | |
"message_scope" : { | |
"type" : "short" | |
}, | |
"connection_transaction_id" : { | |
"type" : "long" | |
}, | |
"ip_payload_length" : { | |
"type" : "long" | |
}, | |
"dot1q_service_instance_tag" : { | |
"type" : "short" | |
}, | |
"flow_end_reason" : { | |
"type" : "short" | |
}, | |
"selector_id_total_pkts_selected" : { | |
"type" : "long" | |
}, | |
"flow_duration_milliseconds" : { | |
"type" : "long" | |
}, | |
"original_exporter_ipv4_address" : { | |
"type" : "ip" | |
}, | |
"virtual_station_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"port_range_end" : { | |
"type" : "long" | |
}, | |
"flow_id" : { | |
"type" : "long" | |
}, | |
"post_mpls_top_label_exp" : { | |
"type" : "short" | |
}, | |
"ignored_data_record_total_count" : { | |
"type" : "long" | |
}, | |
"flow_selected_flow_delta_count" : { | |
"type" : "long" | |
}, | |
"tcp_syn_total_count" : { | |
"type" : "long" | |
}, | |
"ip_sec_spi" : { | |
"type" : "long" | |
}, | |
"export_transport_protocol" : { | |
"type" : "short" | |
}, | |
"rfc3550_jitter_milliseconds" : { | |
"type" : "long" | |
}, | |
"post_napt_destination_transport_port" : { | |
"type" : "long" | |
}, | |
"max_bib_entries" : { | |
"type" : "long" | |
}, | |
"maximum_layer2_total_length" : { | |
"type" : "long" | |
}, | |
"layer2packet_section_data" : { | |
"type" : "short" | |
}, | |
"egress_broadcast_packet_total_count" : { | |
"type" : "long" | |
}, | |
"transport_octet_delta_count" : { | |
"type" : "long" | |
}, | |
"rfc3550_jitter_microseconds" : { | |
"type" : "long" | |
}, | |
"line_card_id" : { | |
"type" : "long" | |
}, | |
"layer2_frame_delta_count" : { | |
"type" : "long" | |
}, | |
"ethernet_header_length" : { | |
"type" : "short" | |
}, | |
"flow_key_indicator" : { | |
"type" : "long" | |
}, | |
"interface_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"mpls_vpn_route_distinguisher" : { | |
"type" : "short" | |
}, | |
"icmp_type_ipv4" : { | |
"type" : "short" | |
}, | |
"message_md5_checksum" : { | |
"type" : "short" | |
}, | |
"icmp_type_ipv6" : { | |
"type" : "short" | |
}, | |
"flags_and_sampler_id" : { | |
"type" : "long" | |
}, | |
"distinct_count_of_source_ipv4_address" : { | |
"type" : "long" | |
}, | |
"packet_total_count" : { | |
"type" : "long" | |
}, | |
"mib_context_engine_id" : { | |
"type" : "short" | |
}, | |
"mib_sub_identifier" : { | |
"type" : "long" | |
}, | |
"post_packet_total_count" : { | |
"type" : "long" | |
}, | |
"sampling_packet_space" : { | |
"type" : "long" | |
}, | |
"p2p_technology" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"egress_unicast_packet_total_count" : { | |
"type" : "long" | |
}, | |
"min_export_seconds" : { | |
"type" : "date" | |
}, | |
"exporter_transport_port" : { | |
"type" : "long" | |
}, | |
"distinct_count_of_destination_ipv4_address" : { | |
"type" : "long" | |
}, | |
"ignored_octet_total_count" : { | |
"type" : "long" | |
}, | |
"flow_label_ipv6" : { | |
"type" : "long" | |
}, | |
"observation_time_milliseconds" : { | |
"type" : "date" | |
}, | |
"nat_quota_exceeded_event" : { | |
"type" : "long" | |
}, | |
"max_flow_end_nanoseconds" : { | |
"type" : "date" | |
}, | |
"mpls_top_label_ttl" : { | |
"type" : "short" | |
}, | |
"mib_object_description" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"engine_id" : { | |
"type" : "short" | |
}, | |
"section_offset" : { | |
"type" : "long" | |
}, | |
"ip_precedence" : { | |
"type" : "short" | |
}, | |
"flow_end_milliseconds" : { | |
"type" : "date" | |
}, | |
"collection_time_milliseconds" : { | |
"type" : "date" | |
} | |
} | |
}, | |
"apache" : { | |
"properties" : { | |
"access" : { | |
"properties" : { | |
"ssl" : { | |
"properties" : { | |
"cipher" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"protocol" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"error" : { | |
"properties" : { | |
"module" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"ecs" : { | |
"properties" : { | |
"version" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"timeseries" : { | |
"properties" : { | |
"instance" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"elasticsearch" : { | |
"properties" : { | |
"cluster" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"uuid" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"server" : { | |
"properties" : { | |
"stacktrace" : { | |
"ignore_above" : 1024, | |
"index" : false, | |
"type" : "keyword" | |
}, | |
"gc" : { | |
"properties" : { | |
"overhead_seq" : { | |
"type" : "long" | |
}, | |
"young" : { | |
"properties" : { | |
"one" : { | |
"type" : "long" | |
}, | |
"two" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"observation_duration" : { | |
"properties" : { | |
"ms" : { | |
"type" : "float" | |
} | |
} | |
}, | |
"collection_duration" : { | |
"properties" : { | |
"ms" : { | |
"type" : "float" | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"node" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"component" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"audit" : { | |
"properties" : { | |
"request" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"indices" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"event_type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"origin" : { | |
"properties" : { | |
"type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"action" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"realm" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"message" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"user" : { | |
"properties" : { | |
"roles" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"realm" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"url" : { | |
"properties" : { | |
"params" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"layer" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"slowlog" : { | |
"properties" : { | |
"total_shards" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"took" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"types" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"logger" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"source" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"search_type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"routing" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"source_query" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"total_hits" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"stats" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"extra_source" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"index" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"shard" : { | |
"properties" : { | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"gc" : { | |
"properties" : { | |
"phase" : { | |
"properties" : { | |
"cpu_time" : { | |
"properties" : { | |
"real_sec" : { | |
"type" : "float" | |
}, | |
"sys_sec" : { | |
"type" : "float" | |
}, | |
"user_sec" : { | |
"type" : "float" | |
} | |
} | |
}, | |
"scrub_symbol_table_time_sec" : { | |
"type" : "float" | |
}, | |
"scrub_string_table_time_sec" : { | |
"type" : "float" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"weak_refs_processing_time_sec" : { | |
"type" : "float" | |
}, | |
"parallel_rescan_time_sec" : { | |
"type" : "float" | |
}, | |
"duration_sec" : { | |
"type" : "float" | |
}, | |
"class_unload_time_sec" : { | |
"type" : "float" | |
} | |
} | |
}, | |
"jvm_runtime_sec" : { | |
"type" : "float" | |
}, | |
"stopping_threads_time_sec" : { | |
"type" : "float" | |
}, | |
"old_gen" : { | |
"properties" : { | |
"size_kb" : { | |
"type" : "long" | |
}, | |
"used_kb" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"young_gen" : { | |
"properties" : { | |
"size_kb" : { | |
"type" : "long" | |
}, | |
"used_kb" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"threads_total_stop_time_sec" : { | |
"type" : "float" | |
}, | |
"heap" : { | |
"properties" : { | |
"size_kb" : { | |
"type" : "long" | |
}, | |
"used_kb" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"tags" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"deprecation" : { | |
"properties" : { } | |
} | |
} | |
}, | |
"host" : { | |
"properties" : { | |
"geo" : { | |
"properties" : { | |
"region_iso_code" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"continent_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"city_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"country_iso_code" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"country_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"location" : { | |
"type" : "geo_point" | |
}, | |
"region_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"hostname" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"os" : { | |
"properties" : { | |
"build" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"kernel" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"codename" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"family" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"version" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"platform" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"full" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"ip" : { | |
"type" : "ip" | |
}, | |
"containerized" : { | |
"type" : "boolean" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"user" : { | |
"properties" : { | |
"full_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"domain" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"hash" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"email" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"group" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"mac" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"uptime" : { | |
"type" : "long" | |
}, | |
"architecture" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"mysql" : { | |
"properties" : { | |
"thread_id" : { | |
"type" : "long" | |
}, | |
"slowlog" : { | |
"properties" : { | |
"schema" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"tmp_table_sizes" : { | |
"type" : "long" | |
}, | |
"read_rnd_next" : { | |
"type" : "long" | |
}, | |
"read_last" : { | |
"type" : "long" | |
}, | |
"rows_examined" : { | |
"type" : "long" | |
}, | |
"bytes_received" : { | |
"type" : "long" | |
}, | |
"sort_merge_passes" : { | |
"type" : "long" | |
}, | |
"innodb" : { | |
"properties" : { | |
"trx_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"io_r_ops" : { | |
"type" : "long" | |
}, | |
"io_r_wait" : { | |
"properties" : { | |
"sec" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"io_r_bytes" : { | |
"type" : "long" | |
}, | |
"rec_lock_wait" : { | |
"properties" : { | |
"sec" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"queue_wait" : { | |
"properties" : { | |
"sec" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"pages_distinct" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"tmp_disk_tables" : { | |
"type" : "long" | |
}, | |
"sort_range_count" : { | |
"type" : "long" | |
}, | |
"sort_rows" : { | |
"type" : "long" | |
}, | |
"filesort_on_disk" : { | |
"type" : "boolean" | |
}, | |
"tmp_tables" : { | |
"type" : "long" | |
}, | |
"read_prev" : { | |
"type" : "long" | |
}, | |
"full_join" : { | |
"type" : "boolean" | |
}, | |
"current_user" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"log_slow_rate_limit" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"log_slow_rate_type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"read_next" : { | |
"type" : "long" | |
}, | |
"priority_queue" : { | |
"type" : "boolean" | |
}, | |
"read_first" : { | |
"type" : "long" | |
}, | |
"full_scan" : { | |
"type" : "boolean" | |
}, | |
"sort_scan_count" : { | |
"type" : "long" | |
}, | |
"query" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"merge_passes" : { | |
"type" : "long" | |
}, | |
"filesort" : { | |
"type" : "boolean" | |
}, | |
"killed" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"bytes_sent" : { | |
"type" : "long" | |
}, | |
"tmp_table" : { | |
"type" : "boolean" | |
}, | |
"read_rnd" : { | |
"type" : "long" | |
}, | |
"lock_time" : { | |
"properties" : { | |
"sec" : { | |
"type" : "float" | |
} | |
} | |
}, | |
"rows_sent" : { | |
"type" : "long" | |
}, | |
"rows_affected" : { | |
"type" : "long" | |
}, | |
"last_errno" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"read_key" : { | |
"type" : "long" | |
}, | |
"query_cache_hit" : { | |
"type" : "boolean" | |
}, | |
"tmp_table_on_disk" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"error" : { | |
"properties" : { } | |
} | |
} | |
}, | |
"kibana" : { | |
"properties" : { | |
"log" : { | |
"properties" : { | |
"meta" : { | |
"type" : "object" | |
}, | |
"state" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"tags" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"group" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"azure" : { | |
"properties" : { | |
"subscription_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"tenant_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"auditlogs" : { | |
"properties" : { | |
"tenant_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"operation_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"operation_version" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"result_signature" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"properties" : { | |
"properties" : { | |
"initiated_by" : { | |
"properties" : { | |
"app" : { | |
"properties" : { | |
"servicePrincipalName" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"displayName" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"appId" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"servicePrincipalId" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"user" : { | |
"properties" : { | |
"displayName" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"ipAddress" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"userPrincipalName" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"logged_by_service" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"result" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"activity_display_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"operation_type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"correlation_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"activityDateTime" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"target_resources" : { | |
"properties" : { | |
"user_principal_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"modified_properties" : { | |
"properties" : { | |
"newValue" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"displayName" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"oldValue" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"ip_address" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"display_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"category" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"result_reason" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"signinlogs" : { | |
"properties" : { | |
"operation_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"tenant_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"operation_version" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"identity" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"result_signature" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"properties" : { | |
"properties" : { | |
"risk_level_aggregated" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"client_app_used" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"is_interactive" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"service_principal_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"created_at" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"app_display_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"risk_level_during_signin" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"ip_address" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"device_detail" : { | |
"properties" : { | |
"device_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"browser" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"operating_system" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"trust_type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"display_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"risk_detail" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"token_issuer_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"resource_display_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"risk_state" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"user_principal_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"token_issuer_type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"processing_time_ms" : { | |
"type" : "float" | |
}, | |
"original_request_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"user_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"conditional_access_status" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"correlation_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"app_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"user_display_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"status" : { | |
"properties" : { | |
"additional_details" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"error_code" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"resource" : { | |
"properties" : { | |
"provider" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"namespace" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"group" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"correlation_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"activitylogs" : { | |
"properties" : { | |
"operation_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"identity" : { | |
"properties" : { | |
"authorization" : { | |
"properties" : { | |
"evidence" : { | |
"properties" : { | |
"role_definition_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"role" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"role_assignment_scope" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"role_assignment_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"principal_type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"principal_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"scope" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"action" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"claims_initiated_by_user" : { | |
"properties" : { | |
"schema" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"givenname" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"surname" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"fullname" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"result_signature" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"properties" : { | |
"properties" : { | |
"status_code" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"service_request_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"tracing" : { | |
"properties" : { | |
"trace" : { | |
"properties" : { | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"transaction" : { | |
"properties" : { | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"nginx" : { | |
"properties" : { | |
"access" : { | |
"properties" : { | |
"geoip" : { | |
"properties" : { } | |
}, | |
"user_agent" : { | |
"properties" : { } | |
} | |
} | |
}, | |
"error" : { | |
"properties" : { | |
"connection_id" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"bucket_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"dns" : { | |
"properties" : { | |
"op_code" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"resolved_ip" : { | |
"type" : "ip" | |
}, | |
"response_code" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"question" : { | |
"properties" : { | |
"registered_domain" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"class" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"answers" : { | |
"type" : "object", | |
"properties" : { | |
"data" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"ttl" : { | |
"type" : "long" | |
}, | |
"class" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"header_flags" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"zeek" : { | |
"properties" : { | |
"dns" : { | |
"properties" : { | |
"AA" : { | |
"type" : "boolean" | |
}, | |
"TTLs" : { | |
"type" : "double" | |
}, | |
"qclass_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"qtype_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"qtype" : { | |
"type" : "long" | |
}, | |
"rejected" : { | |
"type" : "boolean" | |
}, | |
"query" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"total_replies" : { | |
"type" : "long" | |
}, | |
"answers" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"rcode" : { | |
"type" : "long" | |
}, | |
"trans_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"rcode_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"TC" : { | |
"type" : "boolean" | |
}, | |
"RA" : { | |
"type" : "boolean" | |
}, | |
"saw_query" : { | |
"type" : "boolean" | |
}, | |
"RD" : { | |
"type" : "boolean" | |
}, | |
"rtt" : { | |
"type" : "double" | |
}, | |
"saw_reply" : { | |
"type" : "boolean" | |
}, | |
"total_answers" : { | |
"type" : "long" | |
}, | |
"qclass" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"http" : { | |
"properties" : { | |
"orig_mime_depth" : { | |
"type" : "long" | |
}, | |
"server_header_names" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"resp_mime_depth" : { | |
"type" : "long" | |
}, | |
"proxied" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"orig_mime_types" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"tags" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"info_msg" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"resp_mime_types" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"client_header_names" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"trans_depth" : { | |
"type" : "long" | |
}, | |
"password" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"orig_filenames" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"orig_fuids" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"range_request" : { | |
"type" : "boolean" | |
}, | |
"captured_password" : { | |
"type" : "boolean" | |
}, | |
"status_msg" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"resp_filenames" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"info_code" : { | |
"type" : "long" | |
}, | |
"resp_fuids" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"files" : { | |
"properties" : { | |
"timedout" : { | |
"type" : "boolean" | |
}, | |
"sha256" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"tx_host" : { | |
"type" : "ip" | |
}, | |
"source" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"extracted" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"duration" : { | |
"type" : "double" | |
}, | |
"entropy" : { | |
"type" : "double" | |
}, | |
"analyzers" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"total_bytes" : { | |
"type" : "long" | |
}, | |
"fuid" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"seen_bytes" : { | |
"type" : "long" | |
}, | |
"missing_bytes" : { | |
"type" : "long" | |
}, | |
"session_ids" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"parent_fuid" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"local_orig" : { | |
"type" : "boolean" | |
}, | |
"is_orig" : { | |
"type" : "boolean" | |
}, | |
"extracted_cutoff" : { | |
"type" : "boolean" | |
}, | |
"overflow_bytes" : { | |
"type" : "long" | |
}, | |
"sha1" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"filename" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"depth" : { | |
"type" : "long" | |
}, | |
"mime_type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"rx_host" : { | |
"type" : "ip" | |
}, | |
"md5" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"extracted_size" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"session_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"connection" : { | |
"properties" : { | |
"local_resp" : { | |
"type" : "boolean" | |
}, | |
"resp_l2_addr" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"vlan" : { | |
"type" : "long" | |
}, | |
"inner_vlan" : { | |
"type" : "long" | |
}, | |
"local_orig" : { | |
"type" : "boolean" | |
}, | |
"missed_bytes" : { | |
"type" : "long" | |
}, | |
"state" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"history" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"orig_l2_addr" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"ssl" : { | |
"properties" : { | |
"established" : { | |
"type" : "boolean" | |
}, | |
"cipher" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"server_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"client_cert_chain_fuids" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"curve" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"subject" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"cert_chain_fuids" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"next_protocol" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"version" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"issuer" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"client_subject" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"client_issuer" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"cert_chain" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"client_cert_chain" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"last_alert" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"validation_code" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"validation_status" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"resumed" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"fnotice" : { | |
"properties" : { | |
"file" : { | |
"properties" : { | |
"total_bytes" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"notice" : { | |
"properties" : { | |
"msg" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"suppress_for" : { | |
"type" : "double" | |
}, | |
"note" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"identifier" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"sub" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"email_delay_tokens" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"dropped" : { | |
"type" : "boolean" | |
}, | |
"n" : { | |
"type" : "long" | |
}, | |
"email_body_sections" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"peer_descr" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"icmp_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"file" : { | |
"properties" : { | |
"mime_type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"parent_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"source" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"is_orig" : { | |
"type" : "boolean" | |
}, | |
"seen_bytes" : { | |
"type" : "long" | |
}, | |
"missing_bytes" : { | |
"type" : "long" | |
}, | |
"overflow_bytes" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"connection_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"fuid" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"peer_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"actions" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"tags" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"labels" : { | |
"type" : "object" | |
}, | |
"input" : { | |
"properties" : { | |
"type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"as" : { | |
"properties" : { | |
"number" : { | |
"type" : "long" | |
}, | |
"organization" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"system" : { | |
"properties" : { | |
"auth" : { | |
"properties" : { | |
"ssh" : { | |
"properties" : { | |
"geoip" : { | |
"properties" : { } | |
}, | |
"dropped_ip" : { | |
"type" : "ip" | |
}, | |
"method" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"signature" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"event" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"sudo" : { | |
"properties" : { | |
"tty" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"error" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"pwd" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"user" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"command" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"useradd" : { | |
"properties" : { | |
"shell" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"home" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"groupadd" : { | |
"properties" : { } | |
} | |
} | |
}, | |
"syslog" : { | |
"properties" : { } | |
} | |
} | |
}, | |
"kafka" : { | |
"properties" : { | |
"partition" : { | |
"type" : "long" | |
}, | |
"offset" : { | |
"type" : "long" | |
}, | |
"log" : { | |
"properties" : { | |
"component" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"trace" : { | |
"properties" : { | |
"message" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"class" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"class" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"block_timestamp" : { | |
"type" : "date" | |
}, | |
"topic" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"key" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"http" : { | |
"properties" : { | |
"request" : { | |
"properties" : { | |
"referrer" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"method" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"bytes" : { | |
"type" : "long" | |
}, | |
"body" : { | |
"properties" : { | |
"bytes" : { | |
"type" : "long" | |
}, | |
"content" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"response" : { | |
"properties" : { | |
"status_code" : { | |
"type" : "long" | |
}, | |
"bytes" : { | |
"type" : "long" | |
}, | |
"body" : { | |
"properties" : { | |
"bytes" : { | |
"type" : "long" | |
}, | |
"content" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"version" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"suricata" : { | |
"properties" : { | |
"eve" : { | |
"properties" : { | |
"icmp_type" : { | |
"type" : "long" | |
}, | |
"flags" : { | |
"properties" : { } | |
}, | |
"ssh" : { | |
"properties" : { | |
"server" : { | |
"properties" : { | |
"proto_version" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"software_version" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"client" : { | |
"properties" : { | |
"proto_version" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"software_version" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"app_proto_orig" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"src_ip" : { | |
"path" : "source.ip", | |
"type" : "alias" | |
}, | |
"event_type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"alert" : { | |
"properties" : { | |
"severity" : { | |
"path" : "event.severity", | |
"type" : "alias" | |
}, | |
"rev" : { | |
"type" : "long" | |
}, | |
"signature_id" : { | |
"type" : "long" | |
}, | |
"gid" : { | |
"type" : "long" | |
}, | |
"signature" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"action" : { | |
"path" : "event.outcome", | |
"type" : "alias" | |
}, | |
"category" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"stats" : { | |
"properties" : { | |
"defrag" : { | |
"properties" : { | |
"max_frag_hits" : { | |
"type" : "long" | |
}, | |
"ipv4" : { | |
"properties" : { | |
"reassembled" : { | |
"type" : "long" | |
}, | |
"timeouts" : { | |
"type" : "long" | |
}, | |
"fragments" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"ipv6" : { | |
"properties" : { | |
"reassembled" : { | |
"type" : "long" | |
}, | |
"timeouts" : { | |
"type" : "long" | |
}, | |
"fragments" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"tcp" : { | |
"properties" : { | |
"invalid_checksum" : { | |
"type" : "long" | |
}, | |
"insert_data_overlap_fail" : { | |
"type" : "long" | |
}, | |
"ssn_memcap_drop" : { | |
"type" : "long" | |
}, | |
"sessions" : { | |
"type" : "long" | |
}, | |
"overlap_diff_data" : { | |
"type" : "long" | |
}, | |
"stream_depth_reached" : { | |
"type" : "long" | |
}, | |
"syn" : { | |
"type" : "long" | |
}, | |
"segment_memcap_drop" : { | |
"type" : "long" | |
}, | |
"no_flow" : { | |
"type" : "long" | |
}, | |
"memuse" : { | |
"type" : "long" | |
}, | |
"pseudo_failed" : { | |
"type" : "long" | |
}, | |
"rst" : { | |
"type" : "long" | |
}, | |
"reassembly_gap" : { | |
"type" : "long" | |
}, | |
"overlap" : { | |
"type" : "long" | |
}, | |
"insert_list_fail" : { | |
"type" : "long" | |
}, | |
"synack" : { | |
"type" : "long" | |
}, | |
"reassembly_memuse" : { | |
"type" : "long" | |
}, | |
"pseudo" : { | |
"type" : "long" | |
}, | |
"insert_data_normal_fail" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"app_layer" : { | |
"properties" : { | |
"tx" : { | |
"properties" : { | |
"dcerpc_udp" : { | |
"type" : "long" | |
}, | |
"dcerpc_tcp" : { | |
"type" : "long" | |
}, | |
"ftp" : { | |
"type" : "long" | |
}, | |
"smtp" : { | |
"type" : "long" | |
}, | |
"http" : { | |
"type" : "long" | |
}, | |
"smb" : { | |
"type" : "long" | |
}, | |
"ssh" : { | |
"type" : "long" | |
}, | |
"tls" : { | |
"type" : "long" | |
}, | |
"dns_tcp" : { | |
"type" : "long" | |
}, | |
"dns_udp" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"flow" : { | |
"properties" : { | |
"imap" : { | |
"type" : "long" | |
}, | |
"dcerpc_tcp" : { | |
"type" : "long" | |
}, | |
"dcerpc_udp" : { | |
"type" : "long" | |
}, | |
"ftp" : { | |
"type" : "long" | |
}, | |
"smtp" : { | |
"type" : "long" | |
}, | |
"msn" : { | |
"type" : "long" | |
}, | |
"smb" : { | |
"type" : "long" | |
}, | |
"ssh" : { | |
"type" : "long" | |
}, | |
"failed_udp" : { | |
"type" : "long" | |
}, | |
"failed_tcp" : { | |
"type" : "long" | |
}, | |
"dns_tcp" : { | |
"type" : "long" | |
}, | |
"dns_udp" : { | |
"type" : "long" | |
}, | |
"http" : { | |
"type" : "long" | |
}, | |
"tls" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"dns" : { | |
"properties" : { | |
"memuse" : { | |
"type" : "long" | |
}, | |
"memcap_state" : { | |
"type" : "long" | |
}, | |
"memcap_global" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"detect" : { | |
"properties" : { | |
"alert" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"capture" : { | |
"properties" : { | |
"kernel_drops" : { | |
"type" : "long" | |
}, | |
"kernel_ifdrops" : { | |
"type" : "long" | |
}, | |
"kernel_packets" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"http" : { | |
"properties" : { | |
"memuse" : { | |
"type" : "long" | |
}, | |
"memcap" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"flow_mgr" : { | |
"properties" : { | |
"bypassed_pruned" : { | |
"type" : "long" | |
}, | |
"closed_pruned" : { | |
"type" : "long" | |
}, | |
"rows_empty" : { | |
"type" : "long" | |
}, | |
"flows_notimeout" : { | |
"type" : "long" | |
}, | |
"rows_maxlen" : { | |
"type" : "long" | |
}, | |
"flows_timeout_inuse" : { | |
"type" : "long" | |
}, | |
"flows_checked" : { | |
"type" : "long" | |
}, | |
"flows_removed" : { | |
"type" : "long" | |
}, | |
"rows_checked" : { | |
"type" : "long" | |
}, | |
"flows_timeout" : { | |
"type" : "long" | |
}, | |
"rows_busy" : { | |
"type" : "long" | |
}, | |
"est_pruned" : { | |
"type" : "long" | |
}, | |
"new_pruned" : { | |
"type" : "long" | |
}, | |
"rows_skipped" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"decoder" : { | |
"properties" : { | |
"udp" : { | |
"type" : "long" | |
}, | |
"dce" : { | |
"properties" : { | |
"pkt_too_small" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"ieee8021ah" : { | |
"type" : "long" | |
}, | |
"pkts" : { | |
"type" : "long" | |
}, | |
"ipv4" : { | |
"type" : "long" | |
}, | |
"vlan" : { | |
"type" : "long" | |
}, | |
"ipv6" : { | |
"type" : "long" | |
}, | |
"pppoe" : { | |
"type" : "long" | |
}, | |
"teredo" : { | |
"type" : "long" | |
}, | |
"mpls" : { | |
"type" : "long" | |
}, | |
"gre" : { | |
"type" : "long" | |
}, | |
"max_pkt_size" : { | |
"type" : "long" | |
}, | |
"vlan_qinq" : { | |
"type" : "long" | |
}, | |
"ipraw" : { | |
"properties" : { | |
"invalid_ip_version" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"tcp" : { | |
"type" : "long" | |
}, | |
"erspan" : { | |
"type" : "long" | |
}, | |
"icmpv4" : { | |
"type" : "long" | |
}, | |
"raw" : { | |
"type" : "long" | |
}, | |
"ipv4_in_ipv6" : { | |
"type" : "long" | |
}, | |
"icmpv6" : { | |
"type" : "long" | |
}, | |
"ltnull" : { | |
"properties" : { | |
"unsupported_type" : { | |
"type" : "long" | |
}, | |
"pkt_too_small" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"ppp" : { | |
"type" : "long" | |
}, | |
"ethernet" : { | |
"type" : "long" | |
}, | |
"sll" : { | |
"type" : "long" | |
}, | |
"null" : { | |
"type" : "long" | |
}, | |
"bytes" : { | |
"type" : "long" | |
}, | |
"avg_pkt_size" : { | |
"type" : "long" | |
}, | |
"invalid" : { | |
"type" : "long" | |
}, | |
"sctp" : { | |
"type" : "long" | |
}, | |
"ipv6_in_ipv6" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"flow" : { | |
"properties" : { | |
"udp" : { | |
"type" : "long" | |
}, | |
"emerg_mode_entered" : { | |
"type" : "long" | |
}, | |
"memuse" : { | |
"type" : "long" | |
}, | |
"tcp" : { | |
"type" : "long" | |
}, | |
"tcp_reuse" : { | |
"type" : "long" | |
}, | |
"icmpv4" : { | |
"type" : "long" | |
}, | |
"emerg_mode_over" : { | |
"type" : "long" | |
}, | |
"icmpv6" : { | |
"type" : "long" | |
}, | |
"memcap" : { | |
"type" : "long" | |
}, | |
"spare" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"file_store" : { | |
"properties" : { | |
"open_files" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"uptime" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"flow_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"fileinfo" : { | |
"properties" : { | |
"sha1" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"filename" : { | |
"path" : "file.path", | |
"type" : "alias" | |
}, | |
"size" : { | |
"path" : "file.size", | |
"type" : "alias" | |
}, | |
"sha256" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"stored" : { | |
"type" : "boolean" | |
}, | |
"state" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"tx_id" : { | |
"type" : "long" | |
}, | |
"gaps" : { | |
"type" : "boolean" | |
}, | |
"md5" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"icmp_code" : { | |
"type" : "long" | |
}, | |
"dest_port" : { | |
"path" : "destination.port", | |
"type" : "alias" | |
}, | |
"email" : { | |
"properties" : { | |
"status" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"flow" : { | |
"properties" : { | |
"reason" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"pkts_toserver" : { | |
"path" : "source.packets", | |
"type" : "alias" | |
}, | |
"alerted" : { | |
"type" : "boolean" | |
}, | |
"start" : { | |
"path" : "event.start", | |
"type" : "alias" | |
}, | |
"end" : { | |
"type" : "date" | |
}, | |
"bytes_toclient" : { | |
"path" : "destination.bytes", | |
"type" : "alias" | |
}, | |
"state" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"bytes_toserver" : { | |
"path" : "source.bytes", | |
"type" : "alias" | |
}, | |
"pkts_toclient" : { | |
"path" : "destination.packets", | |
"type" : "alias" | |
}, | |
"age" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"timestamp" : { | |
"path" : "@timestamp", | |
"type" : "alias" | |
}, | |
"tcp" : { | |
"properties" : { | |
"rst" : { | |
"type" : "boolean" | |
}, | |
"tcp_flags_tc" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"tcp_flags_ts" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"psh" : { | |
"type" : "boolean" | |
}, | |
"tcp_flags" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"ack" : { | |
"type" : "boolean" | |
}, | |
"syn" : { | |
"type" : "boolean" | |
}, | |
"fin" : { | |
"type" : "boolean" | |
}, | |
"state" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"smtp" : { | |
"properties" : { | |
"helo" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"rcpt_to" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"mail_from" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"pcap_cnt" : { | |
"type" : "long" | |
}, | |
"dns" : { | |
"properties" : { | |
"rrname" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"rdata" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"rcode" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"type" : "long" | |
}, | |
"type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"tx_id" : { | |
"type" : "long" | |
}, | |
"ttl" : { | |
"type" : "long" | |
}, | |
"rrtype" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"app_proto_tc" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"tx_id" : { | |
"type" : "long" | |
}, | |
"app_proto" : { | |
"path" : "network.protocol", | |
"type" : "alias" | |
}, | |
"in_iface" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"src_port" : { | |
"path" : "source.port", | |
"type" : "alias" | |
}, | |
"app_proto_expected" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"dest_ip" : { | |
"path" : "destination.ip", | |
"type" : "alias" | |
}, | |
"proto" : { | |
"path" : "network.transport", | |
"type" : "alias" | |
}, | |
"http" : { | |
"properties" : { | |
"redirect" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"protocol" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"hostname" : { | |
"path" : "url.domain", | |
"type" : "alias" | |
}, | |
"http_method" : { | |
"path" : "http.request.method", | |
"type" : "alias" | |
}, | |
"http_content_type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"http_refer" : { | |
"path" : "http.request.referrer", | |
"type" : "alias" | |
}, | |
"length" : { | |
"path" : "http.response.body.bytes", | |
"type" : "alias" | |
}, | |
"url" : { | |
"path" : "url.original", | |
"type" : "alias" | |
}, | |
"http_user_agent" : { | |
"path" : "user_agent.original", | |
"type" : "alias" | |
}, | |
"status" : { | |
"path" : "http.response.status_code", | |
"type" : "alias" | |
} | |
} | |
}, | |
"tls" : { | |
"properties" : { | |
"notbefore" : { | |
"type" : "date" | |
}, | |
"serial" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"issuerdn" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"subject" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"notafter" : { | |
"type" : "date" | |
}, | |
"fingerprint" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"session_resumed" : { | |
"type" : "boolean" | |
}, | |
"version" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"sni" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"app_proto_ts" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"fields" : { | |
"type" : "object" | |
}, | |
"hash" : { | |
"properties" : { | |
"sha1" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"sha256" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"sha512" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"md5" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"iptables" : { | |
"properties" : { | |
"tcp" : { | |
"properties" : { | |
"reserved_bits" : { | |
"type" : "short" | |
}, | |
"flags" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"ack" : { | |
"type" : "long" | |
}, | |
"window" : { | |
"type" : "long" | |
}, | |
"seq" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"udp" : { | |
"properties" : { | |
"length" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"fragment_offset" : { | |
"type" : "long" | |
}, | |
"flow_label" : { | |
"type" : "long" | |
}, | |
"input_device" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"precedence_bits" : { | |
"type" : "short" | |
}, | |
"length" : { | |
"type" : "long" | |
}, | |
"fragment_flags" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"icmp" : { | |
"properties" : { | |
"redirect" : { | |
"type" : "ip" | |
}, | |
"code" : { | |
"type" : "long" | |
}, | |
"parameter" : { | |
"type" : "long" | |
}, | |
"id" : { | |
"type" : "long" | |
}, | |
"type" : { | |
"type" : "long" | |
}, | |
"seq" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"ttl" : { | |
"type" : "long" | |
}, | |
"ether_type" : { | |
"type" : "long" | |
}, | |
"ubiquiti" : { | |
"properties" : { | |
"output_zone" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"input_zone" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"rule_set" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"rule_number" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"tos" : { | |
"type" : "long" | |
}, | |
"output_device" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"type" : "long" | |
}, | |
"incomplete_bytes" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"nats" : { | |
"properties" : { | |
"log" : { | |
"properties" : { | |
"msg" : { | |
"properties" : { | |
"reply_to" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"max_messages" : { | |
"type" : "long" | |
}, | |
"bytes" : { | |
"type" : "long" | |
}, | |
"subject" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"error" : { | |
"properties" : { | |
"message" : { | |
"norms" : false, | |
"type" : "text" | |
} | |
} | |
}, | |
"type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"queue_group" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"sid" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"client" : { | |
"properties" : { | |
"id" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"server" : { | |
"properties" : { | |
"geo" : { | |
"properties" : { | |
"region_iso_code" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"continent_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"city_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"country_iso_code" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"country_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"location" : { | |
"type" : "geo_point" | |
}, | |
"region_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"nat" : { | |
"properties" : { | |
"port" : { | |
"type" : "long" | |
}, | |
"ip" : { | |
"type" : "ip" | |
} | |
} | |
}, | |
"as" : { | |
"properties" : { | |
"number" : { | |
"type" : "long" | |
}, | |
"organization" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"address" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"port" : { | |
"type" : "long" | |
}, | |
"bytes" : { | |
"type" : "long" | |
}, | |
"domain" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"ip" : { | |
"type" : "ip" | |
}, | |
"user" : { | |
"properties" : { | |
"full_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"domain" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"email" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"hash" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"group" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"packets" : { | |
"type" : "long" | |
}, | |
"mac" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"coredns" : { | |
"properties" : { | |
"response" : { | |
"properties" : { | |
"code" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"size" : { | |
"type" : "long" | |
}, | |
"flags" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"query" : { | |
"properties" : { | |
"size" : { | |
"type" : "long" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"class" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"dnssec_ok" : { | |
"type" : "boolean" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"object_key" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"apache2" : { | |
"properties" : { | |
"access" : { | |
"properties" : { | |
"geoip" : { | |
"properties" : { } | |
}, | |
"user_agent" : { | |
"properties" : { } | |
} | |
} | |
}, | |
"error" : { | |
"properties" : { } | |
} | |
} | |
}, | |
"log" : { | |
"properties" : { | |
"original" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"file" : { | |
"properties" : { | |
"path" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"offset" : { | |
"type" : "long" | |
}, | |
"level" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"logger" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"flags" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"source" : { | |
"properties" : { | |
"address" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"cef" : { | |
"properties" : { | |
"severity" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"extensions" : { | |
"type" : "object" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"version" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"device" : { | |
"properties" : { | |
"product" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"event_class_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"vendor" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"version" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"traefik" : { | |
"properties" : { | |
"access" : { | |
"properties" : { | |
"user_identifier" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"geoip" : { | |
"properties" : { | |
"continent_name" : { | |
"path" : "source.geo.continent_name", | |
"type" : "alias" | |
}, | |
"region_iso_code" : { | |
"path" : "source.geo.region_iso_code", | |
"type" : "alias" | |
}, | |
"city_name" : { | |
"path" : "source.geo.city_name", | |
"type" : "alias" | |
}, | |
"country_iso_code" : { | |
"path" : "source.geo.country_iso_code", | |
"type" : "alias" | |
}, | |
"location" : { | |
"path" : "source.geo.location", | |
"type" : "alias" | |
}, | |
"region_name" : { | |
"path" : "source.geo.region_name", | |
"type" : "alias" | |
} | |
} | |
}, | |
"frontend_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"backend_url" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"user_agent" : { | |
"properties" : { | |
"original" : { | |
"path" : "user_agent.original", | |
"type" : "alias" | |
}, | |
"os" : { | |
"path" : "user_agent.os.full_name", | |
"type" : "alias" | |
}, | |
"name" : { | |
"path" : "user_agent.name", | |
"type" : "alias" | |
}, | |
"os_name" : { | |
"path" : "user_agent.os.name", | |
"type" : "alias" | |
}, | |
"device" : { | |
"path" : "user_agent.device.name", | |
"type" : "alias" | |
} | |
} | |
}, | |
"request_count" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"certificate" : { | |
"properties" : { | |
"sha256" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"common_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"destination" : { | |
"properties" : { | |
"geo" : { | |
"properties" : { | |
"region_iso_code" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"continent_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"city_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"country_iso_code" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"country_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"location" : { | |
"type" : "geo_point" | |
}, | |
"region_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"nat" : { | |
"properties" : { | |
"port" : { | |
"type" : "long" | |
}, | |
"ip" : { | |
"type" : "ip" | |
} | |
} | |
}, | |
"as" : { | |
"properties" : { | |
"number" : { | |
"type" : "long" | |
}, | |
"organization" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"address" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"port" : { | |
"type" : "long" | |
}, | |
"bytes" : { | |
"type" : "long" | |
}, | |
"service" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"domain" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"ip" : { | |
"type" : "ip" | |
}, | |
"user" : { | |
"properties" : { | |
"full_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"domain" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"email" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"hash" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"group" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"mac" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"packets" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"misp" : { | |
"properties" : { | |
"attack_pattern" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"description" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"kill_chain_phases" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"note" : { | |
"properties" : { | |
"summary" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"description" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"object_refs" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"authors" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"intrusion_set" : { | |
"properties" : { | |
"aliases" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"first_seen" : { | |
"type" : "date" | |
}, | |
"primary_motivation" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"last_seen" : { | |
"type" : "date" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"description" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"resource_level" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"goals" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"secondary_motivations" : { | |
"norms" : false, | |
"type" : "text" | |
} | |
} | |
}, | |
"malware" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"description" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"kill_chain_phases" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"labels" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"vulnerability" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"description" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"tool" : { | |
"properties" : { | |
"tool_version" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"description" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"kill_chain_phases" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"labels" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"observed_data" : { | |
"properties" : { | |
"first_observed" : { | |
"type" : "date" | |
}, | |
"number_observed" : { | |
"type" : "long" | |
}, | |
"objects" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"last_observed" : { | |
"type" : "date" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"threat_actor" : { | |
"properties" : { | |
"personal_motivations" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"aliases" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"primary_motivation" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"sophistication" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"roles" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"description" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"resource_level" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"labels" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"goals" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"secondary_motivations" : { | |
"norms" : false, | |
"type" : "text" | |
} | |
} | |
}, | |
"course_of_action" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"description" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"identity" : { | |
"properties" : { | |
"identity_class" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"sectors" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"description" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"contact_information" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"labels" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"report" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"description" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"published" : { | |
"type" : "date" | |
}, | |
"object_refs" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"labels" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"threat_indicator" : { | |
"properties" : { | |
"severity" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"attack_pattern" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"intrusion_set" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"mitre_tactic" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"confidence" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"description" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"valid_from" : { | |
"type" : "date" | |
}, | |
"type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"version" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"labels" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"mitre_technique" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"feed" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"threat_actor" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"valid_until" : { | |
"type" : "date" | |
}, | |
"negate" : { | |
"type" : "boolean" | |
}, | |
"campaign" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"kill_chain_phases" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"campaign" : { | |
"properties" : { | |
"aliases" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"first_seen" : { | |
"type" : "date" | |
}, | |
"last_seen" : { | |
"type" : "date" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"description" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"objective" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"syslog" : { | |
"properties" : { | |
"priority" : { | |
"type" : "long" | |
}, | |
"facility" : { | |
"type" : "long" | |
}, | |
"severity_label" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"facility_label" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"error" : { | |
"properties" : { | |
"code" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"message" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"auditd" : { | |
"properties" : { | |
"log" : { | |
"properties" : { | |
"new_auid" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"new_ses" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"item" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"laddr" : { | |
"type" : "ip" | |
}, | |
"geoip" : { | |
"properties" : { } | |
}, | |
"old_ses" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"rport" : { | |
"type" : "long" | |
}, | |
"lport" : { | |
"type" : "long" | |
}, | |
"a0" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"sequence" : { | |
"type" : "long" | |
}, | |
"old_auid" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"tty" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"addr" : { | |
"type" : "ip" | |
}, | |
"items" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"panw" : { | |
"properties" : { | |
"panos" : { | |
"properties" : { | |
"sequence_number" : { | |
"type" : "long" | |
}, | |
"file" : { | |
"properties" : { | |
"hash" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"flow_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"ruleset" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"destination" : { | |
"properties" : { | |
"nat" : { | |
"properties" : { | |
"port" : { | |
"type" : "long" | |
}, | |
"ip" : { | |
"type" : "ip" | |
} | |
} | |
}, | |
"zone" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"interface" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"source" : { | |
"properties" : { | |
"nat" : { | |
"properties" : { | |
"port" : { | |
"type" : "long" | |
}, | |
"ip" : { | |
"type" : "ip" | |
} | |
} | |
}, | |
"zone" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"interface" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"threat" : { | |
"properties" : { | |
"resource" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"url" : { | |
"properties" : { | |
"category" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"network" : { | |
"properties" : { | |
"nat" : { | |
"properties" : { | |
"community_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"pcap_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"docker" : { | |
"properties" : { | |
"container" : { | |
"properties" : { | |
"labels" : { | |
"type" : "object" | |
} | |
} | |
}, | |
"attrs" : { | |
"type" : "object" | |
} | |
} | |
}, | |
"network" : { | |
"properties" : { | |
"community_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"forwarded_ip" : { | |
"type" : "ip" | |
}, | |
"protocol" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"application" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"bytes" : { | |
"type" : "long" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"transport" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"iana_number" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"packets" : { | |
"type" : "long" | |
}, | |
"direction" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"santa" : { | |
"properties" : { | |
"mode" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"reason" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"disk" : { | |
"properties" : { | |
"volume" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"bus" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"serial" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"bsdname" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"model" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"fs" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"mount" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"decision" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"action" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"geo" : { | |
"properties" : { | |
"region_iso_code" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"continent_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"city_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"country_iso_code" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"country_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"location" : { | |
"type" : "geo_point" | |
}, | |
"region_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"iis" : { | |
"properties" : { | |
"access" : { | |
"properties" : { | |
"site_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"server_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"geoip" : { | |
"properties" : { } | |
}, | |
"cookie" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"sub_status" : { | |
"type" : "long" | |
}, | |
"win32_status" : { | |
"type" : "long" | |
}, | |
"user_agent" : { | |
"properties" : { } | |
} | |
} | |
}, | |
"error" : { | |
"properties" : { | |
"queue_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"geoip" : { | |
"properties" : { } | |
}, | |
"reason_phrase" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"file" : { | |
"properties" : { | |
"owner" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"extension" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"gid" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"created" : { | |
"type" : "date" | |
}, | |
"accessed" : { | |
"type" : "date" | |
}, | |
"type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"mtime" : { | |
"type" : "date" | |
}, | |
"directory" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"target_path" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"inode" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"mode" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"uid" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"path" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"size" : { | |
"type" : "long" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"ctime" : { | |
"type" : "date" | |
}, | |
"device" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"hash" : { | |
"properties" : { | |
"sha1" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"sha256" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"sha512" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"md5" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"group" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"postgresql" : { | |
"properties" : { | |
"log" : { | |
"properties" : { | |
"database" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"core_id" : { | |
"type" : "long" | |
}, | |
"query_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"query" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"query_step" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"error" : { | |
"properties" : { | |
"code" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"timestamp" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"related" : { | |
"properties" : { | |
"ip" : { | |
"type" : "ip" | |
} | |
} | |
}, | |
"stream" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"client" : { | |
"properties" : { | |
"nat" : { | |
"properties" : { | |
"port" : { | |
"type" : "long" | |
}, | |
"ip" : { | |
"type" : "ip" | |
} | |
} | |
}, | |
"geo" : { | |
"properties" : { | |
"region_iso_code" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"continent_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"city_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"country_iso_code" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"country_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"region_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"location" : { | |
"type" : "geo_point" | |
} | |
} | |
}, | |
"as" : { | |
"properties" : { | |
"number" : { | |
"type" : "long" | |
}, | |
"organization" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"address" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"port" : { | |
"type" : "long" | |
}, | |
"bytes" : { | |
"type" : "long" | |
}, | |
"domain" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"ip" : { | |
"type" : "ip" | |
}, | |
"user" : { | |
"properties" : { | |
"full_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"domain" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"email" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"hash" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"group" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"packets" : { | |
"type" : "long" | |
}, | |
"mac" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"event" : { | |
"properties" : { | |
"severity" : { | |
"type" : "long" | |
}, | |
"original" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"code" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"risk_score" : { | |
"type" : "float" | |
}, | |
"kind" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"timezone" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"created" : { | |
"type" : "date" | |
}, | |
"module" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"start" : { | |
"type" : "date" | |
}, | |
"type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"duration" : { | |
"type" : "long" | |
}, | |
"sequence" : { | |
"type" : "long" | |
}, | |
"risk_score_norm" : { | |
"type" : "float" | |
}, | |
"provider" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"action" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"end" : { | |
"type" : "date" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"category" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"dataset" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"outcome" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"hash" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"mongodb" : { | |
"properties" : { | |
"log" : { | |
"properties" : { | |
"component" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"context" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"cisco" : { | |
"properties" : { | |
"ftd" : { | |
"properties" : { | |
"icmp_type" : { | |
"type" : "short" | |
}, | |
"threat_level" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"mapped_source_port" : { | |
"type" : "long" | |
}, | |
"mapped_destination_ip" : { | |
"type" : "ip" | |
}, | |
"rule_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"mapped_destination_port" : { | |
"type" : "long" | |
}, | |
"source_username" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"message_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"suffix" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"threat_category" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"destination_interface" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"security" : { | |
"type" : "object" | |
}, | |
"mapped_source_ip" : { | |
"type" : "ip" | |
}, | |
"connection_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"source_interface" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"icmp_code" : { | |
"type" : "short" | |
}, | |
"destination_username" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"ios" : { | |
"properties" : { | |
"access_list" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"facility" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"asa" : { | |
"properties" : { | |
"mapped_source_port" : { | |
"type" : "long" | |
}, | |
"threat_level" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"icmp_type" : { | |
"type" : "short" | |
}, | |
"mapped_destination_ip" : { | |
"type" : "ip" | |
}, | |
"rule_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"mapped_destination_port" : { | |
"type" : "long" | |
}, | |
"source_username" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"message_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"suffix" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"threat_category" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"destination_interface" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"mapped_source_ip" : { | |
"type" : "ip" | |
}, | |
"connection_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"source_interface" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"icmp_code" : { | |
"type" : "short" | |
}, | |
"destination_username" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"googlecloud" : { | |
"properties" : { | |
"vpcflow" : { | |
"properties" : { | |
"rtt" : { | |
"properties" : { | |
"ms" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"destination" : { | |
"properties" : { | |
"instance" : { | |
"properties" : { | |
"zone" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"project_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"region" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"vpc" : { | |
"properties" : { | |
"vpc_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"project_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"subnetwork_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"reporter" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"source" : { | |
"properties" : { | |
"instance" : { | |
"properties" : { | |
"zone" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"project_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"region" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"vpc" : { | |
"properties" : { | |
"vpc_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"project_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"subnetwork_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"mssql" : { | |
"properties" : { | |
"log" : { | |
"properties" : { | |
"origin" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"user_agent" : { | |
"properties" : { | |
"original" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"os" : { | |
"properties" : { | |
"full_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"kernel" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"family" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"version" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"platform" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"full" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"device" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"version" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"jolokia" : { | |
"properties" : { | |
"server" : { | |
"properties" : { | |
"product" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"vendor" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"version" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"agent" : { | |
"properties" : { | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"version" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"secured" : { | |
"type" : "boolean" | |
}, | |
"url" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"process" : { | |
"properties" : { | |
"pgid" : { | |
"type" : "long" | |
}, | |
"start" : { | |
"type" : "date" | |
}, | |
"working_directory" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"pid" : { | |
"type" : "long" | |
}, | |
"thread" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"program" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"title" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"executable" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"uptime" : { | |
"type" : "long" | |
}, | |
"ppid" : { | |
"type" : "long" | |
}, | |
"args" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"hash" : { | |
"properties" : { | |
"sha1" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"sha256" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"sha512" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"md5" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"os" : { | |
"properties" : { | |
"kernel" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"family" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"version" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"platform" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"full" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"osquery" : { | |
"properties" : { | |
"result" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"unix_time" : { | |
"type" : "long" | |
}, | |
"action" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"calendar_time" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"host_identifier" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"fileset" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"message" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"rabbitmq" : { | |
"properties" : { | |
"log" : { | |
"properties" : { | |
"pid" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"ibmmq" : { | |
"properties" : { | |
"errorlog" : { | |
"properties" : { | |
"qmgr" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"errordescription" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"code" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"commentinsert" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"installation" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"action" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"arithinsert" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"explanation" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"envoyproxy" : { | |
"properties" : { | |
"response_flags" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"log_type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"authority" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"upstream_service_time" : { | |
"type" : "long" | |
}, | |
"request_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"proxy_type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"url" : { | |
"properties" : { | |
"path" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"password" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"fragment" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"original" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"scheme" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"port" : { | |
"type" : "long" | |
}, | |
"domain" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"query" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"full" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"username" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"igmp" : { | |
"properties" : { | |
"type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"@timestamp" : { | |
"type" : "date" | |
}, | |
"service" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"state" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"ephemeral_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"version" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"organization" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"haproxy" : { | |
"properties" : { | |
"tcp" : { | |
"properties" : { | |
"connection_waiting_time_ms" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"error_message" : { | |
"norms" : false, | |
"type" : "text" | |
}, | |
"server_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"geoip" : { | |
"properties" : { } | |
}, | |
"bind_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"total_waiting_time_ms" : { | |
"type" : "long" | |
}, | |
"termination_state" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"time_queue" : { | |
"type" : "long" | |
}, | |
"connection_wait_time_ms" : { | |
"type" : "long" | |
}, | |
"destination" : { | |
"properties" : { } | |
}, | |
"bytes_read" : { | |
"type" : "long" | |
}, | |
"source" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"mode" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"backend_queue" : { | |
"type" : "long" | |
}, | |
"backend_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"client" : { | |
"properties" : { } | |
}, | |
"http" : { | |
"properties" : { | |
"request" : { | |
"properties" : { | |
"captured_cookie" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"raw_request_line" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"captured_headers" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"time_wait_ms" : { | |
"type" : "long" | |
}, | |
"time_wait_without_data_ms" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"response" : { | |
"properties" : { | |
"captured_cookie" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"captured_headers" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"frontend_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"server_queue" : { | |
"type" : "long" | |
}, | |
"time_backend_connect" : { | |
"type" : "long" | |
}, | |
"connections" : { | |
"properties" : { | |
"server" : { | |
"type" : "long" | |
}, | |
"retries" : { | |
"type" : "long" | |
}, | |
"active" : { | |
"type" : "long" | |
}, | |
"backend" : { | |
"type" : "long" | |
}, | |
"frontend" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"aws" : { | |
"properties" : { | |
"s3access" : { | |
"properties" : { | |
"requester" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"version_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"signature_version" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"tls_version" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"turn_around_time" : { | |
"type" : "long" | |
}, | |
"bytes_sent" : { | |
"type" : "long" | |
}, | |
"authentication_type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"request_uri" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"host_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"host_header" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"bucket" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"referrer" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"remote_ip" : { | |
"type" : "ip" | |
}, | |
"cipher_suite" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"http_status" : { | |
"type" : "long" | |
}, | |
"error_code" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"bucket_owner" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"total_time" : { | |
"type" : "long" | |
}, | |
"request_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"operation" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"key" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"user_agent" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"object_size" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"elb" : { | |
"properties" : { | |
"trace_id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"matched_rule_priority" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"incoming_tls_alert" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"listener" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"ssl_cipher" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"type" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"error" : { | |
"properties" : { | |
"reason" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"request_processing_time" : { | |
"properties" : { | |
"sec" : { | |
"type" : "float" | |
} | |
} | |
}, | |
"response_processing_time" : { | |
"properties" : { | |
"sec" : { | |
"type" : "float" | |
} | |
} | |
}, | |
"tls_named_group" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"connection_time" : { | |
"properties" : { | |
"ms" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"protocol" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"tls_handshake_time" : { | |
"properties" : { | |
"ms" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"backend" : { | |
"properties" : { | |
"port" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"ip" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"http" : { | |
"properties" : { | |
"response" : { | |
"properties" : { | |
"status_code" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"target_group" : { | |
"properties" : { | |
"arn" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"redirect_url" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"backend_processing_time" : { | |
"properties" : { | |
"sec" : { | |
"type" : "float" | |
} | |
} | |
}, | |
"ssl_protocol" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"chosen_cert" : { | |
"properties" : { | |
"serial" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"arn" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
}, | |
"action_executed" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"user" : { | |
"properties" : { | |
"owner" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"group" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"saved" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"group" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"terminal" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"filesystem" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"group" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"effective" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"group" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"full_name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"audit" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"group" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"domain" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"hash" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"email" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"group" : { | |
"properties" : { | |
"name" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
}, | |
"id" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"aliases" : { } | |
}, | |
".monitoring-beats" : { | |
"order" : 0, | |
"version" : 7000199, | |
"index_patterns" : [ | |
".monitoring-beats-7-*" | |
], | |
"settings" : { | |
"index" : { | |
"format" : "7", | |
"codec" : "best_compression", | |
"number_of_shards" : "1", | |
"auto_expand_replicas" : "0-1", | |
"number_of_replicas" : "0" | |
} | |
}, | |
"mappings" : { | |
"dynamic" : false, | |
"properties" : { | |
"beats_state" : { | |
"properties" : { | |
"beat" : { | |
"properties" : { | |
"host" : { | |
"type" : "keyword" | |
}, | |
"name" : { | |
"type" : "keyword" | |
}, | |
"type" : { | |
"type" : "keyword" | |
}, | |
"uuid" : { | |
"type" : "keyword" | |
}, | |
"version" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
"state" : { | |
"properties" : { | |
"beat" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
"host" : { | |
"properties" : { | |
"architecture" : { | |
"type" : "keyword" | |
}, | |
"name" : { | |
"type" : "keyword" | |
}, | |
"hostname" : { | |
"type" : "keyword" | |
}, | |
"os" : { | |
"properties" : { | |
"build" : { | |
"type" : "keyword" | |
}, | |
"family" : { | |
"type" : "keyword" | |
}, | |
"platform" : { | |
"type" : "keyword" | |
}, | |
"version" : { | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"input" : { | |
"properties" : { | |
"count" : { | |
"type" : "long" | |
}, | |
"names" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
"module" : { | |
"properties" : { | |
"count" : { | |
"type" : "long" | |
}, | |
"names" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
"output" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
"service" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword" | |
}, | |
"name" : { | |
"type" : "keyword" | |
}, | |
"version" : { | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"timestamp" : { | |
"format" : "date_time", | |
"type" : "date" | |
} | |
} | |
}, | |
"beats_stats" : { | |
"properties" : { | |
"beat" : { | |
"properties" : { | |
"host" : { | |
"type" : "keyword" | |
}, | |
"name" : { | |
"type" : "keyword" | |
}, | |
"type" : { | |
"type" : "keyword" | |
}, | |
"uuid" : { | |
"type" : "keyword" | |
}, | |
"version" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
"metrics" : { | |
"properties" : { | |
"beat" : { | |
"properties" : { | |
"cpu" : { | |
"properties" : { | |
"system" : { | |
"properties" : { | |
"ticks" : { | |
"type" : "long" | |
}, | |
"time" : { | |
"properties" : { | |
"ms" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"total" : { | |
"properties" : { | |
"value" : { | |
"type" : "long" | |
}, | |
"ticks" : { | |
"type" : "long" | |
}, | |
"time" : { | |
"properties" : { | |
"ms" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"user" : { | |
"properties" : { | |
"ticks" : { | |
"type" : "long" | |
}, | |
"time" : { | |
"properties" : { | |
"ms" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"info" : { | |
"properties" : { | |
"ephemeral_id" : { | |
"type" : "keyword" | |
}, | |
"uptime" : { | |
"properties" : { | |
"ms" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"memstats" : { | |
"properties" : { | |
"gc_next" : { | |
"type" : "long" | |
}, | |
"memory_alloc" : { | |
"type" : "long" | |
}, | |
"memory_total" : { | |
"type" : "long" | |
}, | |
"rss" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"handles" : { | |
"properties" : { | |
"open" : { | |
"type" : "long" | |
}, | |
"limit" : { | |
"properties" : { | |
"hard" : { | |
"type" : "long" | |
}, | |
"soft" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"apm-server" : { | |
"properties" : { | |
"server" : { | |
"properties" : { | |
"request" : { | |
"properties" : { | |
"count" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"concurrent" : { | |
"properties" : { | |
"wait" : { | |
"properties" : { | |
"ms" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"response" : { | |
"properties" : { | |
"count" : { | |
"type" : "long" | |
}, | |
"errors" : { | |
"properties" : { | |
"count" : { | |
"type" : "long" | |
}, | |
"toolarge" : { | |
"type" : "long" | |
}, | |
"validate" : { | |
"type" : "long" | |
}, | |
"ratelimit" : { | |
"type" : "long" | |
}, | |
"queue" : { | |
"type" : "long" | |
}, | |
"closed" : { | |
"type" : "long" | |
}, | |
"forbidden" : { | |
"type" : "long" | |
}, | |
"concurrency" : { | |
"type" : "long" | |
}, | |
"unauthorized" : { | |
"type" : "long" | |
}, | |
"internal" : { | |
"type" : "long" | |
}, | |
"decode" : { | |
"type" : "long" | |
}, | |
"method" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"valid" : { | |
"properties" : { | |
"ok" : { | |
"type" : "long" | |
}, | |
"accepted" : { | |
"type" : "long" | |
}, | |
"count" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"decoder" : { | |
"properties" : { | |
"deflate" : { | |
"properties" : { | |
"content-length" : { | |
"type" : "long" | |
}, | |
"count" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"gzip" : { | |
"properties" : { | |
"content-length" : { | |
"type" : "long" | |
}, | |
"count" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"uncompressed" : { | |
"properties" : { | |
"content-length" : { | |
"type" : "long" | |
}, | |
"count" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"reader" : { | |
"properties" : { | |
"size" : { | |
"type" : "long" | |
}, | |
"count" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"missing-content-length" : { | |
"properties" : { | |
"count" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"processor" : { | |
"properties" : { | |
"metric" : { | |
"properties" : { | |
"decoding" : { | |
"properties" : { | |
"errors" : { | |
"type" : "long" | |
}, | |
"count" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"validation" : { | |
"properties" : { | |
"errors" : { | |
"type" : "long" | |
}, | |
"count" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"transformations" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"sourcemap" : { | |
"properties" : { | |
"counter" : { | |
"type" : "long" | |
}, | |
"decoding" : { | |
"properties" : { | |
"errors" : { | |
"type" : "long" | |
}, | |
"count" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"validation" : { | |
"properties" : { | |
"errors" : { | |
"type" : "long" | |
}, | |
"count" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"transaction" : { | |
"properties" : { | |
"decoding" : { | |
"properties" : { | |
"errors" : { | |
"type" : "long" | |
}, | |
"count" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"validation" : { | |
"properties" : { | |
"errors" : { | |
"type" : "long" | |
}, | |
"count" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"transformations" : { | |
"type" : "long" | |
}, | |
"transactions" : { | |
"type" : "long" | |
}, | |
"spans" : { | |
"type" : "long" | |
}, | |
"stacktraces" : { | |
"type" : "long" | |
}, | |
"frames" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"error" : { | |
"properties" : { | |
"decoding" : { | |
"properties" : { | |
"errors" : { | |
"type" : "long" | |
}, | |
"count" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"validation" : { | |
"properties" : { | |
"errors" : { | |
"type" : "long" | |
}, | |
"count" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"transformations" : { | |
"type" : "long" | |
}, | |
"errors" : { | |
"type" : "long" | |
}, | |
"stacktraces" : { | |
"type" : "long" | |
}, | |
"frames" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"span" : { | |
"properties" : { | |
"transformations" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"libbeat" : { | |
"properties" : { | |
"config" : { | |
"properties" : { | |
"module" : { | |
"properties" : { | |
"running" : { | |
"type" : "long" | |
}, | |
"starts" : { | |
"type" : "long" | |
}, | |
"stops" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"reloads" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"output" : { | |
"properties" : { | |
"events" : { | |
"properties" : { | |
"acked" : { | |
"type" : "long" | |
}, | |
"active" : { | |
"type" : "long" | |
}, | |
"batches" : { | |
"type" : "long" | |
}, | |
"dropped" : { | |
"type" : "long" | |
}, | |
"duplicates" : { | |
"type" : "long" | |
}, | |
"failed" : { | |
"type" : "long" | |
}, | |
"total" : { | |
"type" : "long" | |
}, | |
"toomany" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"read" : { | |
"properties" : { | |
"bytes" : { | |
"type" : "long" | |
}, | |
"errors" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"type" : { | |
"type" : "keyword" | |
}, | |
"write" : { | |
"properties" : { | |
"bytes" : { | |
"type" : "long" | |
}, | |
"errors" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"pipeline" : { | |
"properties" : { | |
"clients" : { | |
"type" : "long" | |
}, | |
"events" : { | |
"properties" : { | |
"active" : { | |
"type" : "long" | |
}, | |
"dropped" : { | |
"type" : "long" | |
}, | |
"failed" : { | |
"type" : "long" | |
}, | |
"filtered" : { | |
"type" : "long" | |
}, | |
"published" : { | |
"type" : "long" | |
}, | |
"retry" : { | |
"type" : "long" | |
}, | |
"total" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"queue" : { | |
"properties" : { | |
"acked" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"system" : { | |
"properties" : { | |
"load" : { | |
"properties" : { | |
"1" : { | |
"type" : "double" | |
}, | |
"15" : { | |
"type" : "double" | |
}, | |
"5" : { | |
"type" : "double" | |
}, | |
"norm" : { | |
"properties" : { | |
"1" : { | |
"type" : "double" | |
}, | |
"15" : { | |
"type" : "double" | |
}, | |
"5" : { | |
"type" : "double" | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"tags" : { | |
"type" : "keyword" | |
}, | |
"timestamp" : { | |
"format" : "date_time", | |
"type" : "date" | |
} | |
} | |
}, | |
"cluster_uuid" : { | |
"type" : "keyword" | |
}, | |
"interval_ms" : { | |
"type" : "long" | |
}, | |
"source_node" : { | |
"properties" : { | |
"host" : { | |
"type" : "keyword" | |
}, | |
"ip" : { | |
"type" : "keyword" | |
}, | |
"name" : { | |
"type" : "keyword" | |
}, | |
"transport_address" : { | |
"type" : "keyword" | |
}, | |
"uuid" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
"timestamp" : { | |
"format" : "date_time", | |
"type" : "date" | |
}, | |
"type" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
"aliases" : { } | |
}, | |
".ml-meta" : { | |
"order" : 0, | |
"version" : 7050099, | |
"index_patterns" : [ | |
".ml-meta" | |
], | |
"settings" : { | |
"index" : { | |
"number_of_shards" : "1", | |
"auto_expand_replicas" : "0-1", | |
"unassigned" : { | |
"node_left" : { | |
"delayed_timeout" : "1m" | |
} | |
} | |
} | |
}, | |
"mappings" : { | |
"_meta" : { | |
"version" : "7.5.0" | |
}, | |
"dynamic_templates" : [ | |
{ | |
"strings_as_keywords" : { | |
"match" : "*", | |
"mapping" : { | |
"type" : "keyword" | |
} | |
} | |
} | |
], | |
"properties" : { | |
"calendar_id" : { | |
"type" : "keyword" | |
}, | |
"job_ids" : { | |
"type" : "keyword" | |
}, | |
"description" : { | |
"type" : "keyword" | |
}, | |
"start_time" : { | |
"type" : "date" | |
}, | |
"end_time" : { | |
"type" : "date" | |
} | |
} | |
}, | |
"aliases" : { } | |
}, | |
".slm-history" : { | |
"order" : 2147483647, | |
"index_patterns" : [ | |
".slm-history-1*" | |
], | |
"settings" : { | |
"index" : { | |
"format" : "1", | |
"lifecycle" : { | |
"name" : "slm-history-ilm-policy", | |
"rollover_alias" : ".slm-history-1" | |
}, | |
"number_of_shards" : "1", | |
"auto_expand_replicas" : "0-1", | |
"number_of_replicas" : "0" | |
} | |
}, | |
"mappings" : { | |
"dynamic" : false, | |
"properties" : { | |
"@timestamp" : { | |
"type" : "date", | |
"format" : "epoch_millis" | |
}, | |
"policy" : { | |
"type" : "keyword" | |
}, | |
"repository" : { | |
"type" : "keyword" | |
}, | |
"snapshot_name" : { | |
"type" : "keyword" | |
}, | |
"operation" : { | |
"type" : "keyword" | |
}, | |
"success" : { | |
"type" : "boolean" | |
}, | |
"configuration" : { | |
"type" : "object", | |
"dynamic" : false, | |
"properties" : { | |
"indices" : { | |
"type" : "keyword" | |
}, | |
"partial" : { | |
"type" : "boolean" | |
}, | |
"include_global_state" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"error_details" : { | |
"type" : "text", | |
"index" : false | |
} | |
} | |
}, | |
"aliases" : { } | |
}, | |
".watch-history-10" : { | |
"order" : 2147483647, | |
"index_patterns" : [ | |
".watcher-history-10*" | |
], | |
"settings" : { | |
"index" : { | |
"format" : "6", | |
"lifecycle" : { | |
"name" : "watch-history-ilm-policy" | |
}, | |
"number_of_shards" : "1", | |
"auto_expand_replicas" : "0-1", | |
"number_of_replicas" : "0" | |
} | |
}, | |
"mappings" : { | |
"_meta" : { | |
"watcher-history-version" : "10" | |
}, | |
"dynamic_templates" : [ | |
{ | |
"disabled_payload_fields" : { | |
"path_match" : """result\.(input(\..+)*|(transform(\..+)*)|(actions\.transform(\..+)*))\.payload""", | |
"match_pattern" : "regex", | |
"mapping" : { | |
"type" : "object", | |
"enabled" : false | |
} | |
} | |
}, | |
{ | |
"disabled_search_request_body_fields" : { | |
"path_match" : """result\.(input(\..+)*|(transform(\..+)*)|(actions\.transform(\..+)*))\.search\.request\.(body|template)""", | |
"match_pattern" : "regex", | |
"mapping" : { | |
"type" : "object", | |
"enabled" : false | |
} | |
} | |
}, | |
{ | |
"disabled_exception_fields" : { | |
"path_match" : """result\.(input(\..+)*|(transform(\..+)*)|(actions\.transform(\..+)*)|actions)\.error""", | |
"match_pattern" : "regex", | |
"mapping" : { | |
"type" : "object", | |
"enabled" : false | |
} | |
} | |
}, | |
{ | |
"disabled_jira_custom_fields" : { | |
"path_match" : "result.actions.jira.fields.customfield_*", | |
"mapping" : { | |
"type" : "object", | |
"enabled" : false | |
} | |
} | |
} | |
], | |
"dynamic" : false, | |
"properties" : { | |
"watch_id" : { | |
"type" : "keyword" | |
}, | |
"node" : { | |
"type" : "keyword" | |
}, | |
"trigger_event" : { | |
"type" : "object", | |
"dynamic" : true, | |
"properties" : { | |
"type" : { | |
"type" : "keyword" | |
}, | |
"triggered_time" : { | |
"type" : "date" | |
}, | |
"manual" : { | |
"type" : "object", | |
"dynamic" : true, | |
"properties" : { | |
"schedule" : { | |
"type" : "object", | |
"dynamic" : true, | |
"properties" : { | |
"scheduled_time" : { | |
"type" : "date" | |
} | |
} | |
} | |
} | |
}, | |
"schedule" : { | |
"type" : "object", | |
"dynamic" : true, | |
"properties" : { | |
"scheduled_time" : { | |
"type" : "date" | |
} | |
} | |
} | |
} | |
}, | |
"vars" : { | |
"type" : "object", | |
"enabled" : false | |
}, | |
"input" : { | |
"type" : "object", | |
"enabled" : false | |
}, | |
"condition" : { | |
"type" : "object", | |
"enabled" : false | |
}, | |
"state" : { | |
"type" : "keyword" | |
}, | |
"status" : { | |
"type" : "object", | |
"enabled" : false, | |
"dynamic" : true | |
}, | |
"messages" : { | |
"type" : "text" | |
}, | |
"user" : { | |
"type" : "text" | |
}, | |
"exception" : { | |
"type" : "object", | |
"enabled" : false | |
}, | |
"result" : { | |
"type" : "object", | |
"dynamic" : true, | |
"properties" : { | |
"execution_time" : { | |
"type" : "date" | |
}, | |
"execution_duration" : { | |
"type" : "long" | |
}, | |
"input" : { | |
"type" : "object", | |
"dynamic" : true, | |
"properties" : { | |
"type" : { | |
"type" : "keyword" | |
}, | |
"status" : { | |
"type" : "keyword" | |
}, | |
"payload" : { | |
"type" : "object", | |
"enabled" : false | |
}, | |
"search" : { | |
"type" : "object", | |
"dynamic" : true, | |
"properties" : { | |
"request" : { | |
"type" : "object", | |
"dynamic" : true, | |
"properties" : { | |
"search_type" : { | |
"type" : "keyword" | |
}, | |
"indices" : { | |
"type" : "keyword" | |
}, | |
"types" : { | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"http" : { | |
"type" : "object", | |
"dynamic" : true, | |
"properties" : { | |
"request" : { | |
"type" : "object", | |
"dynamic" : true, | |
"properties" : { | |
"path" : { | |
"type" : "keyword" | |
}, | |
"host" : { | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"condition" : { | |
"type" : "object", | |
"dynamic" : true, | |
"properties" : { | |
"type" : { | |
"type" : "keyword" | |
}, | |
"status" : { | |
"type" : "keyword" | |
}, | |
"met" : { | |
"type" : "boolean" | |
}, | |
"compare" : { | |
"type" : "object", | |
"enabled" : false | |
}, | |
"array_compare" : { | |
"type" : "object", | |
"enabled" : false | |
}, | |
"script" : { | |
"type" : "object", | |
"enabled" : false | |
} | |
} | |
}, | |
"transform" : { | |
"type" : "object", | |
"dynamic" : true, | |
"properties" : { | |
"type" : { | |
"type" : "keyword" | |
}, | |
"search" : { | |
"type" : "object", | |
"dynamic" : true, | |
"properties" : { | |
"request" : { | |
"type" : "object", | |
"dynamic" : true, | |
"properties" : { | |
"indices" : { | |
"type" : "keyword" | |
}, | |
"types" : { | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"actions" : { | |
"type" : "nested", | |
"include_in_parent" : true, | |
"dynamic" : true, | |
"properties" : { | |
"id" : { | |
"type" : "keyword" | |
}, | |
"type" : { | |
"type" : "keyword" | |
}, | |
"status" : { | |
"type" : "keyword" | |
}, | |
"reason" : { | |
"type" : "keyword" | |
}, | |
"number_of_actions_executed" : { | |
"type" : "integer" | |
}, | |
"foreach" : { | |
"type" : "object", | |
"enabled" : false | |
}, | |
"email" : { | |
"type" : "object", | |
"dynamic" : true, | |
"properties" : { | |
"message" : { | |
"type" : "object", | |
"dynamic" : true, | |
"properties" : { | |
"id" : { | |
"type" : "keyword" | |
}, | |
"from" : { | |
"type" : "keyword" | |
}, | |
"reply_to" : { | |
"type" : "keyword" | |
}, | |
"to" : { | |
"type" : "keyword" | |
}, | |
"cc" : { | |
"type" : "keyword" | |
}, | |
"bcc" : { | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"webhook" : { | |
"type" : "object", | |
"dynamic" : true, | |
"properties" : { | |
"request" : { | |
"type" : "object", | |
"dynamic" : true, | |
"properties" : { | |
"path" : { | |
"type" : "keyword" | |
}, | |
"host" : { | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"index" : { | |
"type" : "object", | |
"dynamic" : true, | |
"properties" : { | |
"response" : { | |
"type" : "object", | |
"dynamic" : true, | |
"properties" : { | |
"index" : { | |
"type" : "keyword" | |
}, | |
"type" : { | |
"type" : "keyword" | |
}, | |
"id" : { | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"jira" : { | |
"type" : "object", | |
"dynamic" : true, | |
"properties" : { | |
"account" : { | |
"type" : "keyword" | |
}, | |
"reason" : { | |
"type" : "text" | |
}, | |
"request" : { | |
"type" : "object", | |
"enabled" : false | |
}, | |
"response" : { | |
"type" : "object", | |
"enabled" : false | |
}, | |
"fields" : { | |
"type" : "object", | |
"dynamic" : true, | |
"properties" : { | |
"summary" : { | |
"type" : "text" | |
}, | |
"description" : { | |
"type" : "text" | |
}, | |
"labels" : { | |
"type" : "text" | |
}, | |
"project" : { | |
"type" : "object", | |
"dynamic" : true, | |
"properties" : { | |
"key" : { | |
"type" : "keyword" | |
}, | |
"id" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
"issuetype" : { | |
"type" : "object", | |
"dynamic" : true, | |
"properties" : { | |
"name" : { | |
"type" : "keyword" | |
}, | |
"id" : { | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"result" : { | |
"type" : "object", | |
"dynamic" : true, | |
"properties" : { | |
"id" : { | |
"type" : "keyword" | |
}, | |
"key" : { | |
"type" : "keyword" | |
}, | |
"self" : { | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"slack" : { | |
"type" : "object", | |
"dynamic" : true, | |
"properties" : { | |
"account" : { | |
"type" : "keyword" | |
}, | |
"sent_messages" : { | |
"type" : "nested", | |
"include_in_parent" : true, | |
"dynamic" : true, | |
"properties" : { | |
"status" : { | |
"type" : "keyword" | |
}, | |
"reason" : { | |
"type" : "text" | |
}, | |
"request" : { | |
"type" : "object", | |
"enabled" : false | |
}, | |
"response" : { | |
"type" : "object", | |
"enabled" : false | |
}, | |
"to" : { | |
"type" : "keyword" | |
}, | |
"message" : { | |
"type" : "object", | |
"dynamic" : true, | |
"properties" : { | |
"from" : { | |
"type" : "text" | |
}, | |
"icon" : { | |
"type" : "keyword" | |
}, | |
"text" : { | |
"type" : "text" | |
}, | |
"attachments" : { | |
"type" : "nested", | |
"include_in_parent" : true, | |
"dynamic" : true, | |
"properties" : { | |
"color" : { | |
"type" : "keyword" | |
}, | |
"fields" : { | |
"properties" : { | |
"value" : { | |
"type" : "text" | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"pagerduty" : { | |
"type" : "object", | |
"dynamic" : true, | |
"properties" : { | |
"account" : { | |
"type" : "keyword" | |
}, | |
"sent_event" : { | |
"type" : "nested", | |
"include_in_parent" : true, | |
"dynamic" : true, | |
"properties" : { | |
"reason" : { | |
"type" : "text" | |
}, | |
"request" : { | |
"type" : "object", | |
"enabled" : false | |
}, | |
"response" : { | |
"type" : "object", | |
"enabled" : false | |
}, | |
"event" : { | |
"type" : "object", | |
"dynamic" : true, | |
"properties" : { | |
"type" : { | |
"type" : "keyword" | |
}, | |
"client" : { | |
"type" : "text" | |
}, | |
"client_url" : { | |
"type" : "keyword" | |
}, | |
"account" : { | |
"type" : "keyword" | |
}, | |
"attach_payload" : { | |
"type" : "boolean" | |
}, | |
"incident_key" : { | |
"type" : "keyword" | |
}, | |
"description" : { | |
"type" : "text" | |
}, | |
"context" : { | |
"type" : "nested", | |
"include_in_parent" : true, | |
"dynamic" : true, | |
"properties" : { | |
"type" : { | |
"type" : "keyword" | |
}, | |
"href" : { | |
"type" : "keyword" | |
}, | |
"src" : { | |
"type" : "keyword" | |
}, | |
"alt" : { | |
"type" : "text" | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"metadata" : { | |
"type" : "object", | |
"dynamic" : true | |
} | |
} | |
}, | |
"aliases" : { } | |
}, | |
".management-beats" : { | |
"order" : 0, | |
"version" : 70000, | |
"index_patterns" : [ | |
".management-beats" | |
], | |
"settings" : { | |
"index" : { | |
"number_of_shards" : "1", | |
"auto_expand_replicas" : "0-1", | |
"codec" : "best_compression" | |
} | |
}, | |
"mappings" : { | |
"dynamic" : "strict", | |
"properties" : { | |
"beat" : { | |
"properties" : { | |
"host_ip" : { | |
"type" : "ip" | |
}, | |
"metadata" : { | |
"dynamic" : "true", | |
"type" : "object" | |
}, | |
"active" : { | |
"type" : "boolean" | |
}, | |
"verified_on" : { | |
"type" : "date" | |
}, | |
"last_checkin" : { | |
"type" : "date" | |
}, | |
"type" : { | |
"type" : "keyword" | |
}, | |
"version" : { | |
"type" : "keyword" | |
}, | |
"tags" : { | |
"type" : "keyword" | |
}, | |
"access_token" : { | |
"type" : "keyword" | |
}, | |
"name" : { | |
"type" : "keyword" | |
}, | |
"id" : { | |
"type" : "keyword" | |
}, | |
"ephemeral_id" : { | |
"type" : "keyword" | |
}, | |
"host_name" : { | |
"type" : "keyword" | |
}, | |
"status" : { | |
"properties" : { | |
"type" : { | |
"type" : "keyword" | |
}, | |
"event" : { | |
"properties" : { | |
"type" : { | |
"type" : "keyword" | |
}, | |
"message" : { | |
"type" : "text" | |
}, | |
"uuid" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
"timestamp" : { | |
"type" : "date" | |
} | |
} | |
}, | |
"enrollment_token" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
"configuration_block" : { | |
"properties" : { | |
"last_updated" : { | |
"type" : "date" | |
}, | |
"description" : { | |
"type" : "text" | |
}, | |
"id" : { | |
"type" : "keyword" | |
}, | |
"tag" : { | |
"type" : "keyword" | |
}, | |
"type" : { | |
"type" : "keyword" | |
}, | |
"config" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
"tag" : { | |
"properties" : { | |
"color" : { | |
"type" : "keyword" | |
}, | |
"name" : { | |
"type" : "keyword" | |
}, | |
"id" : { | |
"type" : "keyword" | |
}, | |
"hasConfigurationBlocksTypes" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
"type" : { | |
"type" : "keyword" | |
}, | |
"enrollment_token" : { | |
"properties" : { | |
"expires_on" : { | |
"type" : "date" | |
}, | |
"token" : { | |
"type" : "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"aliases" : { } | |
}, | |
".transform-internal-003" : { | |
"order" : 0, | |
"version" : 7050099, | |
"index_patterns" : [ | |
".transform-internal-003" | |
], | |
"settings" : { | |
"index" : { | |
"number_of_shards" : "1", | |
"auto_expand_replicas" : "0-1" | |
} | |
}, | |
"mappings" : { | |
"_meta" : { | |
"version" : "7.5.0" | |
}, | |
"dynamic" : "false", | |
"properties" : { | |
"doc_type" : { | |
"type" : "keyword" | |
}, | |
"id" : { | |
"type" : "keyword" | |
}, | |
"source" : { | |
"properties" : { | |
"index" : { | |
"type" : "keyword" | |
}, | |
"query" : { | |
"enabled" : "false" | |
} | |
} | |
}, | |
"dest" : { | |
"properties" : { | |
"index" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
"description" : { | |
"type" : "text" | |
}, | |
"version" : { | |
"type" : "keyword" | |
}, | |
"create_time" : { | |
"type" : "date" | |
}, | |
"state" : { | |
"properties" : { | |
"task_state" : { | |
"type" : "keyword" | |
}, | |
"indexer_state" : { | |
"type" : "keyword" | |
}, | |
"current_position" : { | |
"enabled" : false | |
}, | |
"checkpoint" : { | |
"type" : "long" | |
}, | |
"reason" : { | |
"type" : "keyword" | |
}, | |
"progress" : { | |
"properties" : { | |
"total_docs" : { | |
"type" : "long" | |
}, | |
"docs_remaining" : { | |
"type" : "long" | |
}, | |
"percent_complete" : { | |
"type" : "float" | |
}, | |
"docs_indexed" : { | |
"type" : "long" | |
}, | |
"docs_processed" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"stats" : { | |
"properties" : { | |
"pages_processed" : { | |
"type" : "long" | |
}, | |
"documents_processed" : { | |
"type" : "long" | |
}, | |
"documents_indexed" : { | |
"type" : "long" | |
}, | |
"trigger_count" : { | |
"type" : "long" | |
}, | |
"index_time_in_ms" : { | |
"type" : "long" | |
}, | |
"search_time_in_ms" : { | |
"type" : "long" | |
}, | |
"index_total" : { | |
"type" : "long" | |
}, | |
"search_total" : { | |
"type" : "long" | |
}, | |
"search_failures" : { | |
"type" : "long" | |
}, | |
"index_failures" : { | |
"type" : "long" | |
}, | |
"exponential_avg_checkpoint_duration_ms" : { | |
"type" : "double" | |
}, | |
"exponential_avg_documents_indexed" : { | |
"type" : "double" | |
}, | |
"exponential_avg_documents_processed" : { | |
"type" : "double" | |
} | |
} | |
}, | |
"timestamp_millis" : { | |
"type" : "date" | |
}, | |
"time_upper_bound_millis" : { | |
"type" : "date" | |
} | |
} | |
}, | |
"aliases" : { | |
".data-frame-internal-3" : { } | |
} | |
}, | |
".ml-config" : { | |
"order" : 0, | |
"version" : 7050099, | |
"index_patterns" : [ | |
".ml-config" | |
], | |
"settings" : { | |
"index" : { | |
"max_result_window" : "10000", | |
"unassigned" : { | |
"node_left" : { | |
"delayed_timeout" : "1m" | |
} | |
}, | |
"number_of_shards" : "1", | |
"auto_expand_replicas" : "0-1" | |
} | |
}, | |
"mappings" : { | |
"_meta" : { | |
"version" : "7.5.0" | |
}, | |
"dynamic_templates" : [ | |
{ | |
"strings_as_keywords" : { | |
"match" : "*", | |
"mapping" : { | |
"type" : "keyword" | |
} | |
} | |
} | |
], | |
"properties" : { | |
"config_type" : { | |
"type" : "keyword" | |
}, | |
"job_id" : { | |
"type" : "keyword" | |
}, | |
"job_type" : { | |
"type" : "keyword" | |
}, | |
"job_version" : { | |
"type" : "keyword" | |
}, | |
"groups" : { | |
"type" : "keyword" | |
}, | |
"analysis_config" : { | |
"properties" : { | |
"bucket_span" : { | |
"type" : "keyword" | |
}, | |
"categorization_field_name" : { | |
"type" : "keyword" | |
}, | |
"categorization_filters" : { | |
"type" : "keyword" | |
}, | |
"categorization_analyzer" : { | |
"enabled" : false | |
}, | |
"latency" : { | |
"type" : "keyword" | |
}, | |
"summary_count_field_name" : { | |
"type" : "keyword" | |
}, | |
"detectors" : { | |
"properties" : { | |
"detector_description" : { | |
"type" : "text" | |
}, | |
"function" : { | |
"type" : "keyword" | |
}, | |
"field_name" : { | |
"type" : "keyword" | |
}, | |
"by_field_name" : { | |
"type" : "keyword" | |
}, | |
"over_field_name" : { | |
"type" : "keyword" | |
}, | |
"partition_field_name" : { | |
"type" : "keyword" | |
}, | |
"use_null" : { | |
"type" : "boolean" | |
}, | |
"exclude_frequent" : { | |
"type" : "keyword" | |
}, | |
"custom_rules" : { | |
"type" : "nested", | |
"properties" : { | |
"actions" : { | |
"type" : "keyword" | |
}, | |
"scope" : { | |
"enabled" : false | |
}, | |
"conditions" : { | |
"type" : "nested", | |
"properties" : { | |
"applies_to" : { | |
"type" : "keyword" | |
}, | |
"operator" : { | |
"type" : "keyword" | |
}, | |
"value" : { | |
"type" : "double" | |
} | |
} | |
} | |
} | |
}, | |
"detector_index" : { | |
"type" : "integer" | |
} | |
} | |
}, | |
"influencers" : { | |
"type" : "keyword" | |
}, | |
"multivariate_by_fields" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"analysis_limits" : { | |
"properties" : { | |
"model_memory_limit" : { | |
"type" : "keyword" | |
}, | |
"categorization_examples_limit" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"create_time" : { | |
"type" : "date" | |
}, | |
"custom_settings" : { | |
"enabled" : false | |
}, | |
"data_description" : { | |
"properties" : { | |
"format" : { | |
"type" : "keyword" | |
}, | |
"time_field" : { | |
"type" : "keyword" | |
}, | |
"time_format" : { | |
"type" : "keyword" | |
}, | |
"field_delimiter" : { | |
"type" : "keyword" | |
}, | |
"quote_character" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
"description" : { | |
"type" : "text" | |
}, | |
"finished_time" : { | |
"type" : "date" | |
}, | |
"model_plot_config" : { | |
"properties" : { | |
"enabled" : { | |
"type" : "boolean" | |
}, | |
"terms" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
"renormalization_window_days" : { | |
"type" : "long" | |
}, | |
"background_persist_interval" : { | |
"type" : "keyword" | |
}, | |
"model_snapshot_retention_days" : { | |
"type" : "long" | |
}, | |
"results_retention_days" : { | |
"type" : "long" | |
}, | |
"model_snapshot_id" : { | |
"type" : "keyword" | |
}, | |
"model_snapshot_min_version" : { | |
"type" : "keyword" | |
}, | |
"results_index_name" : { | |
"type" : "keyword" | |
}, | |
"datafeed_id" : { | |
"type" : "keyword" | |
}, | |
"query_delay" : { | |
"type" : "keyword" | |
}, | |
"frequency" : { | |
"type" : "keyword" | |
}, | |
"indices" : { | |
"type" : "keyword" | |
}, | |
"query" : { | |
"enabled" : false | |
}, | |
"scroll_size" : { | |
"type" : "long" | |
}, | |
"aggregations" : { | |
"enabled" : false | |
}, | |
"script_fields" : { | |
"enabled" : false | |
}, | |
"chunking_config" : { | |
"properties" : { | |
"mode" : { | |
"type" : "keyword" | |
}, | |
"time_span" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
"delayed_data_check_config" : { | |
"properties" : { | |
"enabled" : { | |
"type" : "boolean" | |
}, | |
"check_window" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
"headers" : { | |
"enabled" : false | |
}, | |
"id" : { | |
"type" : "keyword" | |
}, | |
"source" : { | |
"properties" : { | |
"index" : { | |
"type" : "keyword" | |
}, | |
"query" : { | |
"enabled" : false | |
} | |
} | |
}, | |
"dest" : { | |
"properties" : { | |
"index" : { | |
"type" : "keyword" | |
}, | |
"results_field" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
"analyzed_fields" : { | |
"enabled" : false | |
}, | |
"analysis" : { | |
"properties" : { | |
"outlier_detection" : { | |
"properties" : { | |
"n_neighbors" : { | |
"type" : "integer" | |
}, | |
"method" : { | |
"type" : "keyword" | |
}, | |
"feature_influence_threshold" : { | |
"type" : "double" | |
} | |
} | |
}, | |
"regression" : { | |
"properties" : { | |
"dependent_variable" : { | |
"type" : "keyword" | |
}, | |
"lambda" : { | |
"type" : "double" | |
}, | |
"gamma" : { | |
"type" : "double" | |
}, | |
"eta" : { | |
"type" : "double" | |
}, | |
"maximum_number_trees" : { | |
"type" : "integer" | |
}, | |
"feature_bag_fraction" : { | |
"type" : "double" | |
}, | |
"prediction_field_name" : { | |
"type" : "keyword" | |
}, | |
"training_percent" : { | |
"type" : "double" | |
} | |
} | |
}, | |
"classification" : { | |
"properties" : { | |
"dependent_variable" : { | |
"type" : "keyword" | |
}, | |
"lambda" : { | |
"type" : "double" | |
}, | |
"gamma" : { | |
"type" : "double" | |
}, | |
"eta" : { | |
"type" : "double" | |
}, | |
"maximum_number_trees" : { | |
"type" : "integer" | |
}, | |
"feature_bag_fraction" : { | |
"type" : "double" | |
}, | |
"prediction_field_name" : { | |
"type" : "keyword" | |
}, | |
"num_top_classes" : { | |
"type" : "integer" | |
}, | |
"training_percent" : { | |
"type" : "double" | |
} | |
} | |
} | |
} | |
}, | |
"version" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
"aliases" : { } | |
}, | |
".ml-state" : { | |
"order" : 0, | |
"version" : 7050099, | |
"index_patterns" : [ | |
".ml-state*" | |
], | |
"settings" : { | |
"index" : { | |
"auto_expand_replicas" : "0-1", | |
"unassigned" : { | |
"node_left" : { | |
"delayed_timeout" : "1m" | |
} | |
} | |
} | |
}, | |
"mappings" : { | |
"_meta" : { | |
"version" : "7.5.0" | |
}, | |
"enabled" : false | |
}, | |
"aliases" : { } | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment