Skip to content

Instantly share code, notes, and snippets.

@xemoe

xemoe/fastalert-mapping.sh

Created May 16, 2014 02:58
Show Gist options
  • Save xemoe/c48fd1f51a27cf222a35 to your computer and use it in GitHub Desktop.
Save xemoe/c48fd1f51a27cf222a35 to your computer and use it in GitHub Desktop.
Download ZIP
Fastalert mapping
Raw
fastalert-mapping.sh
#!/bin/bash
curl -XPUT http://localhost:9200/_template/fastalert -d '
{
"template": "fastalert*",
"mappings": {
"fastalert": {
"properties": {
"@timestamp": {
"type": "date"
},
"id_1": {
"type": "long"
},
"id_2": {
"type": "long"
},
"id_3": {
"type": "long"
},
"ids_alert": {
"type": "string",
"index": "not_analyzed",
"omit_norms": true,
"index_options": "docs"
},
"ids_classification": {
"type": "string",
"index": "not_analyzed",
"omit_norms": true,
"index_options": "docs"
},
"ids_priority": {
"type": "long"
},
"sp": {
"type": "long"
},
"srcip": {
"type": "ip"
},
"copy_srcip": {
"type": "string"
},
"dp": {
"type": "long"
},
"dstip": {
"type": "ip"
},
"copy_dstip": {
"type": "string"
},
"ids_alert_proto": {
"type": "string"
},
"timestamp": {
"type": "string"
},
"geoip": {
"properties": {
"area_code": {
"type": "long"
},
"city_name": {
"type": "string",
"index": "not_analyzed"
},
"continent_code": {
"type": "string"
},
"coordinates": {
"type": "string"
},
"country_code2": {
"type": "string"
},
"country_code3": {
"type": "string"
},
"country_name": {
"type": "string",
"index": "not_analyzed"
},
"dma_code": {
"type": "long"
},
"ip": {
"type": "string"
},
"latitude": {
"type": "double"
},
"longitude": {
"type": "double"
},
"postal_code": {
"type": "string"
},
"real_region_name": {
"type": "string",
"index": "not_analyzed"
},
"region_name": {
"type": "string",
"index": "not_analyzed"
},
"timezone": {
"type": "string"
}
}
}
}
}
}
}'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment