elasticmachine
commented
5 years ago Pinging @elastic/infra-logs-ui
Closed simianhacker closed 5 years ago
elasticmachine
commented
5 years ago Pinging @elastic/infra-logs-ui
weltenwort
commented
5 years ago Could you provide more details in regard to which field contains the message and what its mapping is?
simianhacker
commented
5 years ago I just tried again to highlight with GET as the keyword. The field is message and the mapping is below.
{
"_index" : "filebeat-2019.07.08",
"_type" : "_doc",
"_id" : "a1Hs0WsBnebwGpFMBjo8",
"_version" : 1,
"_seq_no" : 63,
"_primary_term" : 1,
"found" : true,
"_source" : {
"@timestamp" : "2019-07-08T14:10:30.368Z",
"agent" : {
"hostname" : "filebeat-9tf4m",
"id" : "61f79e41-1f84-4470-a150-1c77bdab61d7",
"version" : "7.0.0",
"type" : "filebeat",
"ephemeral_id" : "57f2ff8f-8f10-444a-b8de-1667bcb55340"
},
"message" : """10.8.46.144 - - [08/Jul/2019:14:10:30 +0000] "GET /info/refs?service=git-upload-pack HTTP/1.1" 404 191 "-" "git/2.17.1" "142.93.104.20"""",
"input" : {
"type" : "docker"
},
"host" : {
"name" : "filebeat-9tf4m"
},
"kubernetes" : {
"namespace" : "infra",
"replicaset" : {
"name" : "helm-charts-79f84cb858"
},
"labels" : {
"app" : "helm-charts",
"pod-template-hash" : "3594076414"
},
"pod" : {
"uid" : "fcbba16b-ecc7-11e8-a824-42010a80021a",
"name" : "helm-charts-79f84cb858-6k5jr"
},
"node" : {
"name" : "gke-apps-n1-standard-4-7dfc0b22-bnx9"
},
"container" : {
"name" : "nginx"
}
},
"log" : {
"offset" : 5191342,
"file" : {
"path" : "/var/lib/docker/containers/66b1e31aa269d234a43b651e1cd5164dc3f432d81adffa332f94958fe31ac74c/66b1e31aa269d234a43b651e1cd5164dc3f432d81adffa332f94958fe31ac74c-json.log"
}
},
"stream" : "stdout",
"fields" : {
"cluster" : "elastic-apps"
},
"ecs" : {
"version" : "1.0.0"
}
}
}{
"filebeat-2019.07.08" : {
"mappings" : {
"_meta" : {
"beat" : "filebeat",
"version" : "7.0.0"
},
"dynamic_templates" : [
{
"labels" : {
"path_match" : "labels.*",
"match_mapping_type" : "string",
"mapping" : {
"type" : "keyword"
}
}
},
{
"container.labels" : {
"path_match" : "container.labels.*",
"match_mapping_type" : "string",
"mapping" : {
"type" : "keyword"
}
}
},
{
"fields" : {
"path_match" : "fields.*",
"match_mapping_type" : "string",
"mapping" : {
"type" : "keyword"
}
}
},
{
"docker.container.labels" : {
"path_match" : "docker.container.labels.*",
"match_mapping_type" : "string",
"mapping" : {
"type" : "keyword"
}
}
},
{
"kibana.log.meta" : {
"path_match" : "kibana.log.meta.*",
"match_mapping_type" : "string",
"mapping" : {
"type" : "keyword"
}
}
},
{
"strings_as_keyword" : {
"match_mapping_type" : "string",
"mapping" : {
"ignore_above" : 1024,
"type" : "keyword"
}
}
}
],
"date_detection" : false,
"properties" : {
"@timestamp" : {
"type" : "date"
},
"agent" : {
"properties" : {
"ephemeral_id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"hostname" : {
"type" : "keyword",
"ignore_above" : 1024
},
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"type" : {
"type" : "keyword",
"ignore_above" : 1024
},
"version" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"apache" : {
"properties" : {
"access" : {
"properties" : {
"ssl" : {
"properties" : {
"cipher" : {
"type" : "keyword",
"ignore_above" : 1024
},
"protocol" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
}
}
},
"error" : {
"properties" : {
"module" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
}
}
},
"apache2" : {
"properties" : {
"access" : {
"properties" : {
"geoip" : {
"type" : "object"
},
"user_agent" : {
"type" : "object"
}
}
},
"error" : {
"type" : "object"
}
}
},
"auditd" : {
"properties" : {
"log" : {
"properties" : {
"a0" : {
"type" : "keyword",
"ignore_above" : 1024
},
"addr" : {
"type" : "ip"
},
"geoip" : {
"type" : "object"
},
"item" : {
"type" : "keyword",
"ignore_above" : 1024
},
"items" : {
"type" : "keyword",
"ignore_above" : 1024
},
"laddr" : {
"type" : "ip"
},
"lport" : {
"type" : "long"
},
"new_auid" : {
"type" : "keyword",
"ignore_above" : 1024
},
"new_ses" : {
"type" : "keyword",
"ignore_above" : 1024
},
"old_auid" : {
"type" : "keyword",
"ignore_above" : 1024
},
"old_ses" : {
"type" : "keyword",
"ignore_above" : 1024
},
"rport" : {
"type" : "long"
},
"sequence" : {
"type" : "long"
},
"tty" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
}
}
},
"certificate" : {
"properties" : {
"common_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"sha256" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"client" : {
"properties" : {
"address" : {
"type" : "keyword",
"ignore_above" : 1024
},
"bytes" : {
"type" : "long"
},
"domain" : {
"type" : "keyword",
"ignore_above" : 1024
},
"geo" : {
"properties" : {
"city_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"continent_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"country_iso_code" : {
"type" : "keyword",
"ignore_above" : 1024
},
"country_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"location" : {
"type" : "geo_point"
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"region_iso_code" : {
"type" : "keyword",
"ignore_above" : 1024
},
"region_name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"ip" : {
"type" : "ip"
},
"mac" : {
"type" : "keyword",
"ignore_above" : 1024
},
"packets" : {
"type" : "long"
},
"port" : {
"type" : "long"
},
"user" : {
"properties" : {
"email" : {
"type" : "keyword",
"ignore_above" : 1024
},
"full_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"group" : {
"properties" : {
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"hash" : {
"type" : "keyword",
"ignore_above" : 1024
},
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
}
}
},
"cloud" : {
"properties" : {
"account" : {
"properties" : {
"id" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"availability_zone" : {
"type" : "keyword",
"ignore_above" : 1024
},
"instance" : {
"properties" : {
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"machine" : {
"properties" : {
"type" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"project" : {
"properties" : {
"id" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"provider" : {
"type" : "keyword",
"ignore_above" : 1024
},
"region" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"container" : {
"properties" : {
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"image" : {
"properties" : {
"name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"tag" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"labels" : {
"type" : "object"
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"runtime" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"destination" : {
"properties" : {
"address" : {
"type" : "keyword",
"ignore_above" : 1024
},
"bytes" : {
"type" : "long"
},
"domain" : {
"type" : "keyword",
"ignore_above" : 1024
},
"geo" : {
"properties" : {
"city_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"continent_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"country_iso_code" : {
"type" : "keyword",
"ignore_above" : 1024
},
"country_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"location" : {
"type" : "geo_point"
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"region_iso_code" : {
"type" : "keyword",
"ignore_above" : 1024
},
"region_name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"ip" : {
"type" : "ip"
},
"mac" : {
"type" : "keyword",
"ignore_above" : 1024
},
"packets" : {
"type" : "long"
},
"port" : {
"type" : "long"
},
"user" : {
"properties" : {
"email" : {
"type" : "keyword",
"ignore_above" : 1024
},
"full_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"group" : {
"properties" : {
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"hash" : {
"type" : "keyword",
"ignore_above" : 1024
},
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
}
}
},
"docker" : {
"properties" : {
"container" : {
"properties" : {
"labels" : {
"type" : "object"
}
}
}
}
},
"ecs" : {
"properties" : {
"version" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"elasticsearch" : {
"properties" : {
"audit" : {
"properties" : {
"action" : {
"type" : "keyword",
"ignore_above" : 1024
},
"event_type" : {
"type" : "keyword",
"ignore_above" : 1024
},
"indices" : {
"type" : "keyword",
"ignore_above" : 1024
},
"layer" : {
"type" : "keyword",
"ignore_above" : 1024
},
"origin" : {
"properties" : {
"type" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"realm" : {
"type" : "keyword",
"ignore_above" : 1024
},
"request" : {
"properties" : {
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"url" : {
"properties" : {
"params" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"user" : {
"properties" : {
"realm" : {
"type" : "keyword",
"ignore_above" : 1024
},
"roles" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
}
}
},
"cluster" : {
"properties" : {
"name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"uuid" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"component" : {
"type" : "keyword",
"ignore_above" : 1024
},
"deprecation" : {
"type" : "object"
},
"gc" : {
"properties" : {
"heap" : {
"properties" : {
"size_kb" : {
"type" : "long"
},
"used_kb" : {
"type" : "long"
}
}
},
"jvm_runtime_sec" : {
"type" : "float"
},
"old_gen" : {
"properties" : {
"size_kb" : {
"type" : "long"
},
"used_kb" : {
"type" : "long"
}
}
},
"phase" : {
"properties" : {
"class_unload_time_sec" : {
"type" : "float"
},
"cpu_time" : {
"properties" : {
"real_sec" : {
"type" : "float"
},
"sys_sec" : {
"type" : "float"
},
"user_sec" : {
"type" : "float"
}
}
},
"duration_sec" : {
"type" : "float"
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"parallel_rescan_time_sec" : {
"type" : "float"
},
"scrub_string_table_time_sec" : {
"type" : "float"
},
"scrub_symbol_table_time_sec" : {
"type" : "float"
},
"weak_refs_processing_time_sec" : {
"type" : "float"
}
}
},
"stopping_threads_time_sec" : {
"type" : "float"
},
"tags" : {
"type" : "keyword",
"ignore_above" : 1024
},
"threads_total_stop_time_sec" : {
"type" : "float"
},
"young_gen" : {
"properties" : {
"size_kb" : {
"type" : "long"
},
"used_kb" : {
"type" : "long"
}
}
}
}
},
"index" : {
"properties" : {
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"node" : {
"properties" : {
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"server" : {
"properties" : {
"gc" : {
"properties" : {
"collection_duration" : {
"properties" : {
"ms" : {
"type" : "float"
}
}
},
"observation_duration" : {
"properties" : {
"ms" : {
"type" : "float"
}
}
},
"overhead_seq" : {
"type" : "long"
},
"young" : {
"properties" : {
"one" : {
"type" : "long"
},
"two" : {
"type" : "long"
}
}
}
}
},
"stacktrace" : {
"type" : "keyword",
"index" : false,
"ignore_above" : 1024
}
}
},
"shard" : {
"properties" : {
"id" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"slowlog" : {
"properties" : {
"extra_source" : {
"type" : "keyword",
"ignore_above" : 1024
},
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"logger" : {
"type" : "keyword",
"ignore_above" : 1024
},
"routing" : {
"type" : "keyword",
"ignore_above" : 1024
},
"search_type" : {
"type" : "keyword",
"ignore_above" : 1024
},
"source_query" : {
"type" : "keyword",
"ignore_above" : 1024
},
"stats" : {
"type" : "keyword",
"ignore_above" : 1024
},
"took" : {
"type" : "keyword",
"ignore_above" : 1024
},
"total_hits" : {
"type" : "keyword",
"ignore_above" : 1024
},
"total_shards" : {
"type" : "keyword",
"ignore_above" : 1024
},
"type" : {
"type" : "keyword",
"ignore_above" : 1024
},
"types" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
}
}
},
"error" : {
"properties" : {
"code" : {
"type" : "keyword",
"ignore_above" : 1024
},
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"message" : {
"type" : "text",
"norms" : false
},
"type" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"event" : {
"properties" : {
"action" : {
"type" : "keyword",
"ignore_above" : 1024
},
"category" : {
"type" : "keyword",
"ignore_above" : 1024
},
"created" : {
"type" : "date"
},
"dataset" : {
"type" : "keyword",
"ignore_above" : 1024
},
"duration" : {
"type" : "long"
},
"end" : {
"type" : "date"
},
"hash" : {
"type" : "keyword",
"ignore_above" : 1024
},
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"kind" : {
"type" : "keyword",
"ignore_above" : 1024
},
"module" : {
"type" : "keyword",
"ignore_above" : 1024
},
"original" : {
"type" : "keyword",
"ignore_above" : 1024
},
"outcome" : {
"type" : "keyword",
"ignore_above" : 1024
},
"risk_score" : {
"type" : "float"
},
"risk_score_norm" : {
"type" : "float"
},
"severity" : {
"type" : "long"
},
"start" : {
"type" : "date"
},
"timezone" : {
"type" : "keyword",
"ignore_above" : 1024
},
"type" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"fields" : {
"properties" : {
"cluster" : {
"type" : "keyword"
}
}
},
"file" : {
"properties" : {
"ctime" : {
"type" : "date"
},
"device" : {
"type" : "keyword",
"ignore_above" : 1024
},
"extension" : {
"type" : "keyword",
"ignore_above" : 1024
},
"gid" : {
"type" : "keyword",
"ignore_above" : 1024
},
"group" : {
"type" : "keyword",
"ignore_above" : 1024
},
"inode" : {
"type" : "keyword",
"ignore_above" : 1024
},
"mode" : {
"type" : "keyword",
"ignore_above" : 1024
},
"mtime" : {
"type" : "date"
},
"owner" : {
"type" : "keyword",
"ignore_above" : 1024
},
"path" : {
"type" : "keyword",
"ignore_above" : 1024
},
"size" : {
"type" : "long"
},
"target_path" : {
"type" : "keyword",
"ignore_above" : 1024
},
"type" : {
"type" : "keyword",
"ignore_above" : 1024
},
"uid" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"fileset" : {
"properties" : {
"name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"geo" : {
"properties" : {
"city_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"continent_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"country_iso_code" : {
"type" : "keyword",
"ignore_above" : 1024
},
"country_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"location" : {
"type" : "geo_point"
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"region_iso_code" : {
"type" : "keyword",
"ignore_above" : 1024
},
"region_name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"group" : {
"properties" : {
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"haproxy" : {
"properties" : {
"backend_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"backend_queue" : {
"type" : "long"
},
"bind_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"bytes_read" : {
"type" : "long"
},
"client" : {
"type" : "object"
},
"connection_wait_time_ms" : {
"type" : "long"
},
"connections" : {
"properties" : {
"active" : {
"type" : "long"
},
"backend" : {
"type" : "long"
},
"frontend" : {
"type" : "long"
},
"retries" : {
"type" : "long"
},
"server" : {
"type" : "long"
}
}
},
"destination" : {
"type" : "object"
},
"error_message" : {
"type" : "text",
"norms" : false
},
"frontend_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"geoip" : {
"type" : "object"
},
"http" : {
"properties" : {
"request" : {
"properties" : {
"captured_cookie" : {
"type" : "keyword",
"ignore_above" : 1024
},
"captured_headers" : {
"type" : "keyword",
"ignore_above" : 1024
},
"raw_request_line" : {
"type" : "keyword",
"ignore_above" : 1024
},
"time_wait_ms" : {
"type" : "long"
},
"time_wait_without_data_ms" : {
"type" : "long"
}
}
},
"response" : {
"properties" : {
"captured_cookie" : {
"type" : "keyword",
"ignore_above" : 1024
},
"captured_headers" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
}
}
},
"mode" : {
"type" : "keyword",
"ignore_above" : 1024
},
"server_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"server_queue" : {
"type" : "long"
},
"source" : {
"type" : "keyword",
"ignore_above" : 1024
},
"tcp" : {
"properties" : {
"connection_waiting_time_ms" : {
"type" : "long"
}
}
},
"termination_state" : {
"type" : "keyword",
"ignore_above" : 1024
},
"time_backend_connect" : {
"type" : "long"
},
"time_queue" : {
"type" : "long"
},
"total_waiting_time_ms" : {
"type" : "long"
}
}
},
"hash" : {
"properties" : {
"sha256" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"host" : {
"properties" : {
"architecture" : {
"type" : "keyword",
"ignore_above" : 1024
},
"containerized" : {
"type" : "boolean"
},
"geo" : {
"properties" : {
"city_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"continent_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"country_iso_code" : {
"type" : "keyword",
"ignore_above" : 1024
},
"country_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"location" : {
"type" : "geo_point"
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"region_iso_code" : {
"type" : "keyword",
"ignore_above" : 1024
},
"region_name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"hostname" : {
"type" : "keyword",
"ignore_above" : 1024
},
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"ip" : {
"type" : "ip"
},
"mac" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"os" : {
"properties" : {
"build" : {
"type" : "keyword",
"ignore_above" : 1024
},
"family" : {
"type" : "keyword",
"ignore_above" : 1024
},
"full" : {
"type" : "keyword",
"ignore_above" : 1024
},
"kernel" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"platform" : {
"type" : "keyword",
"ignore_above" : 1024
},
"version" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"type" : {
"type" : "keyword",
"ignore_above" : 1024
},
"user" : {
"properties" : {
"email" : {
"type" : "keyword",
"ignore_above" : 1024
},
"full_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"group" : {
"properties" : {
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"hash" : {
"type" : "keyword",
"ignore_above" : 1024
},
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
}
}
},
"http" : {
"properties" : {
"request" : {
"properties" : {
"body" : {
"properties" : {
"bytes" : {
"type" : "long"
},
"content" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"bytes" : {
"type" : "long"
},
"method" : {
"type" : "keyword",
"ignore_above" : 1024
},
"referrer" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"response" : {
"properties" : {
"body" : {
"properties" : {
"bytes" : {
"type" : "long"
},
"content" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"bytes" : {
"type" : "long"
},
"status_code" : {
"type" : "long"
}
}
},
"version" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"icinga" : {
"properties" : {
"debug" : {
"properties" : {
"facility" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"main" : {
"properties" : {
"facility" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"startup" : {
"properties" : {
"facility" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
}
}
},
"iis" : {
"properties" : {
"access" : {
"properties" : {
"cookie" : {
"type" : "keyword",
"ignore_above" : 1024
},
"geoip" : {
"type" : "object"
},
"server_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"site_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"sub_status" : {
"type" : "long"
},
"user_agent" : {
"type" : "object"
},
"win32_status" : {
"type" : "long"
}
}
},
"error" : {
"properties" : {
"geoip" : {
"type" : "object"
},
"queue_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"reason_phrase" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
}
}
},
"input" : {
"properties" : {
"type" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"iptables" : {
"properties" : {
"ether_type" : {
"type" : "long"
},
"flow_label" : {
"type" : "long"
},
"fragment_flags" : {
"type" : "keyword",
"ignore_above" : 1024
},
"fragment_offset" : {
"type" : "long"
},
"icmp" : {
"properties" : {
"code" : {
"type" : "long"
},
"id" : {
"type" : "long"
},
"parameter" : {
"type" : "long"
},
"redirect" : {
"type" : "ip"
},
"seq" : {
"type" : "long"
},
"type" : {
"type" : "long"
}
}
},
"id" : {
"type" : "long"
},
"incomplete_bytes" : {
"type" : "long"
},
"input_device" : {
"type" : "keyword",
"ignore_above" : 1024
},
"length" : {
"type" : "long"
},
"output_device" : {
"type" : "keyword",
"ignore_above" : 1024
},
"precedence_bits" : {
"type" : "short"
},
"tcp" : {
"properties" : {
"ack" : {
"type" : "long"
},
"flags" : {
"type" : "keyword",
"ignore_above" : 1024
},
"reserved_bits" : {
"type" : "short"
},
"seq" : {
"type" : "long"
},
"window" : {
"type" : "long"
}
}
},
"tos" : {
"type" : "long"
},
"ttl" : {
"type" : "long"
},
"ubiquiti" : {
"properties" : {
"input_zone" : {
"type" : "keyword",
"ignore_above" : 1024
},
"output_zone" : {
"type" : "keyword",
"ignore_above" : 1024
},
"rule_number" : {
"type" : "keyword",
"ignore_above" : 1024
},
"rule_set" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"udp" : {
"properties" : {
"length" : {
"type" : "long"
}
}
}
}
},
"json" : {
"properties" : {
"age" : {
"type" : "long"
},
"attempts" : {
"type" : "long"
},
"error" : {
"type" : "keyword",
"ignore_above" : 1024
},
"gcpInstances" : {
"type" : "long"
},
"id" : {
"type" : "long"
},
"idle" : {
"type" : "boolean"
},
"image" : {
"type" : "keyword",
"ignore_above" : 1024
},
"immutableWorkers" : {
"type" : "long"
},
"instanceType" : {
"type" : "keyword",
"ignore_above" : 1024
},
"jenkinsQueueLength" : {
"type" : "long"
},
"job" : {
"type" : "keyword",
"ignore_above" : 1024
},
"label" : {
"type" : "keyword",
"ignore_above" : 1024
},
"level" : {
"type" : "keyword",
"ignore_above" : 1024
},
"message" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"old" : {
"type" : "boolean"
},
"online" : {
"type" : "boolean"
},
"project" : {
"type" : "keyword",
"ignore_above" : 1024
},
"region" : {
"type" : "keyword",
"ignore_above" : 1024
},
"time" : {
"type" : "keyword",
"ignore_above" : 1024
},
"type" : {
"type" : "keyword",
"ignore_above" : 1024
},
"url" : {
"type" : "keyword",
"ignore_above" : 1024
},
"worker" : {
"type" : "keyword",
"ignore_above" : 1024
},
"workerCount" : {
"type" : "long"
},
"workerLimit" : {
"type" : "long"
},
"zone" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"kafka" : {
"properties" : {
"log" : {
"properties" : {
"class" : {
"type" : "keyword",
"ignore_above" : 1024
},
"component" : {
"type" : "keyword",
"ignore_above" : 1024
},
"trace" : {
"properties" : {
"class" : {
"type" : "keyword",
"ignore_above" : 1024
},
"message" : {
"type" : "text",
"norms" : false
}
}
}
}
}
}
},
"kibana" : {
"properties" : {
"log" : {
"properties" : {
"meta" : {
"type" : "object"
},
"state" : {
"type" : "keyword",
"ignore_above" : 1024
},
"tags" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
}
}
},
"kubernetes" : {
"properties" : {
"annotations" : {
"type" : "object"
},
"container" : {
"properties" : {
"image" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"labels" : {
"properties" : {
"app" : {
"type" : "keyword",
"ignore_above" : 1024
},
"app_kubernetes_io/instance" : {
"type" : "keyword",
"ignore_above" : 1024
},
"app_kubernetes_io/name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"chart" : {
"type" : "keyword",
"ignore_above" : 1024
},
"component" : {
"type" : "keyword",
"ignore_above" : 1024
},
"controller-revision-hash" : {
"type" : "keyword",
"ignore_above" : 1024
},
"controller-uid" : {
"type" : "keyword",
"ignore_above" : 1024
},
"heritage" : {
"type" : "keyword",
"ignore_above" : 1024
},
"job-name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"k8s-app" : {
"type" : "keyword",
"ignore_above" : 1024
},
"kubernetes_io/cluster-service" : {
"type" : "keyword",
"ignore_above" : 1024
},
"logtype" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"pod-template-generation" : {
"type" : "keyword",
"ignore_above" : 1024
},
"pod-template-hash" : {
"type" : "keyword",
"ignore_above" : 1024
},
"release" : {
"type" : "keyword",
"ignore_above" : 1024
},
"statefulset_kubernetes_io/pod-name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"tier" : {
"type" : "keyword",
"ignore_above" : 1024
},
"version" : {
"type" : "keyword",
"ignore_above" : 1024
},
"watcher" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"namespace" : {
"type" : "keyword",
"ignore_above" : 1024
},
"node" : {
"properties" : {
"name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"pod" : {
"properties" : {
"name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"uid" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"replicaset" : {
"properties" : {
"name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"statefulset" : {
"properties" : {
"name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
}
}
},
"labels" : {
"type" : "object"
},
"log" : {
"properties" : {
"file" : {
"properties" : {
"path" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"flags" : {
"type" : "keyword",
"ignore_above" : 1024
},
"level" : {
"type" : "keyword",
"ignore_above" : 1024
},
"offset" : {
"type" : "long"
},
"original" : {
"type" : "keyword",
"ignore_above" : 1024
},
"source" : {
"properties" : {
"address" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
}
}
},
"logstash" : {
"properties" : {
"log" : {
"properties" : {
"log_event" : {
"type" : "object"
},
"module" : {
"type" : "keyword",
"ignore_above" : 1024
},
"thread" : {
"type" : "keyword",
"fields" : {
"text" : {
"type" : "text",
"norms" : false
}
},
"ignore_above" : 1024
}
}
},
"slowlog" : {
"properties" : {
"event" : {
"type" : "keyword",
"fields" : {
"text" : {
"type" : "text",
"norms" : false
}
},
"ignore_above" : 1024
},
"module" : {
"type" : "keyword",
"ignore_above" : 1024
},
"plugin_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"plugin_params" : {
"type" : "keyword",
"fields" : {
"text" : {
"type" : "text",
"norms" : false
}
},
"ignore_above" : 1024
},
"plugin_params_object" : {
"type" : "object"
},
"plugin_type" : {
"type" : "keyword",
"ignore_above" : 1024
},
"thread" : {
"type" : "keyword",
"fields" : {
"text" : {
"type" : "text",
"norms" : false
}
},
"ignore_above" : 1024
},
"took_in_millis" : {
"type" : "long"
}
}
}
}
},
"message" : {
"type" : "text",
"norms" : false
},
"mongodb" : {
"properties" : {
"log" : {
"properties" : {
"component" : {
"type" : "keyword",
"ignore_above" : 1024
},
"context" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
}
}
},
"mysql" : {
"properties" : {
"error" : {
"type" : "object"
},
"slowlog" : {
"properties" : {
"bytes_sent" : {
"type" : "long"
},
"current_user" : {
"type" : "keyword",
"ignore_above" : 1024
},
"filesort" : {
"type" : "boolean"
},
"filesort_on_disk" : {
"type" : "boolean"
},
"full_join" : {
"type" : "boolean"
},
"full_scan" : {
"type" : "boolean"
},
"innodb" : {
"properties" : {
"io_r_bytes" : {
"type" : "long"
},
"io_r_ops" : {
"type" : "long"
},
"io_r_wait" : {
"properties" : {
"sec" : {
"type" : "long"
}
}
},
"pages_distinct" : {
"type" : "long"
},
"queue_wait" : {
"properties" : {
"sec" : {
"type" : "long"
}
}
},
"rec_lock_wait" : {
"properties" : {
"sec" : {
"type" : "long"
}
}
},
"trx_id" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"killed" : {
"type" : "keyword",
"ignore_above" : 1024
},
"last_errno" : {
"type" : "keyword",
"ignore_above" : 1024
},
"lock_time" : {
"properties" : {
"sec" : {
"type" : "float"
}
}
},
"log_slow_rate_limit" : {
"type" : "keyword",
"ignore_above" : 1024
},
"log_slow_rate_type" : {
"type" : "keyword",
"ignore_above" : 1024
},
"merge_passes" : {
"type" : "long"
},
"priority_queue" : {
"type" : "boolean"
},
"query" : {
"type" : "keyword",
"ignore_above" : 1024
},
"query_cache_hit" : {
"type" : "boolean"
},
"rows_affected" : {
"type" : "long"
},
"rows_examined" : {
"type" : "long"
},
"rows_sent" : {
"type" : "long"
},
"schema" : {
"type" : "keyword",
"ignore_above" : 1024
},
"tmp_disk_tables" : {
"type" : "long"
},
"tmp_table" : {
"type" : "boolean"
},
"tmp_table_on_disk" : {
"type" : "boolean"
},
"tmp_table_sizes" : {
"type" : "long"
},
"tmp_tables" : {
"type" : "long"
}
}
},
"thread_id" : {
"type" : "long"
}
}
},
"netflow" : {
"properties" : {
"absolute_error" : {
"type" : "double"
},
"address_pool_high_threshold" : {
"type" : "long"
},
"address_pool_low_threshold" : {
"type" : "long"
},
"address_port_mapping_high_threshold" : {
"type" : "long"
},
"address_port_mapping_low_threshold" : {
"type" : "long"
},
"address_port_mapping_per_user_high_threshold" : {
"type" : "long"
},
"anonymization_flags" : {
"type" : "long"
},
"anonymization_technique" : {
"type" : "long"
},
"application_category_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"application_description" : {
"type" : "keyword",
"ignore_above" : 1024
},
"application_group_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"application_id" : {
"type" : "short"
},
"application_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"application_sub_category_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"bgp_destination_as_number" : {
"type" : "long"
},
"bgp_next_adjacent_as_number" : {
"type" : "long"
},
"bgp_next_hop_ipv4_address" : {
"type" : "ip"
},
"bgp_next_hop_ipv6_address" : {
"type" : "ip"
},
"bgp_prev_adjacent_as_number" : {
"type" : "long"
},
"bgp_source_as_number" : {
"type" : "long"
},
"bgp_validity_state" : {
"type" : "short"
},
"biflow_direction" : {
"type" : "short"
},
"class_id" : {
"type" : "short"
},
"class_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"classification_engine_id" : {
"type" : "short"
},
"collection_time_milliseconds" : {
"type" : "date"
},
"collector_certificate" : {
"type" : "short"
},
"collector_ipv4_address" : {
"type" : "ip"
},
"collector_ipv6_address" : {
"type" : "ip"
},
"collector_transport_port" : {
"type" : "long"
},
"common_properties_id" : {
"type" : "long"
},
"confidence_level" : {
"type" : "double"
},
"connection_sum_duration_seconds" : {
"type" : "long"
},
"connection_transaction_id" : {
"type" : "long"
},
"data_link_frame_section" : {
"type" : "short"
},
"data_link_frame_size" : {
"type" : "long"
},
"data_link_frame_type" : {
"type" : "long"
},
"data_records_reliability" : {
"type" : "boolean"
},
"delta_flow_count" : {
"type" : "long"
},
"destination_ipv4_address" : {
"type" : "ip"
},
"destination_ipv4_prefix" : {
"type" : "ip"
},
"destination_ipv4_prefix_length" : {
"type" : "short"
},
"destination_ipv6_address" : {
"type" : "ip"
},
"destination_ipv6_prefix" : {
"type" : "ip"
},
"destination_ipv6_prefix_length" : {
"type" : "short"
},
"destination_mac_address" : {
"type" : "keyword",
"ignore_above" : 1024
},
"destination_transport_port" : {
"type" : "long"
},
"digest_hash_value" : {
"type" : "long"
},
"distinct_count_of_destinatio_nipa_ddress" : {
"type" : "long"
},
"distinct_count_of_destination_ipv4_address" : {
"type" : "long"
},
"distinct_count_of_destination_ipv6_address" : {
"type" : "long"
},
"distinct_count_of_sourc_eipa_ddress" : {
"type" : "long"
},
"distinct_count_of_source_ipv4_address" : {
"type" : "long"
},
"distinct_count_of_source_ipv6_address" : {
"type" : "long"
},
"dot1q_customer_dei" : {
"type" : "boolean"
},
"dot1q_customer_destination_mac_address" : {
"type" : "keyword",
"ignore_above" : 1024
},
"dot1q_customer_priority" : {
"type" : "short"
},
"dot1q_customer_source_mac_address" : {
"type" : "keyword",
"ignore_above" : 1024
},
"dot1q_customer_vlan_id" : {
"type" : "long"
},
"dot1q_dei" : {
"type" : "boolean"
},
"dot1q_priority" : {
"type" : "short"
},
"dot1q_service_instance_id" : {
"type" : "long"
},
"dot1q_service_instance_priority" : {
"type" : "short"
},
"dot1q_service_instance_tag" : {
"type" : "short"
},
"dot1q_vlan_id" : {
"type" : "long"
},
"dropped_layer2_octet_delta_count" : {
"type" : "long"
},
"dropped_layer2_octet_total_count" : {
"type" : "long"
},
"dropped_octet_delta_count" : {
"type" : "long"
},
"dropped_octet_total_count" : {
"type" : "long"
},
"dropped_packet_delta_count" : {
"type" : "long"
},
"dropped_packet_total_count" : {
"type" : "long"
},
"dst_traffic_index" : {
"type" : "long"
},
"egress_broadcast_packet_total_count" : {
"type" : "long"
},
"egress_interface" : {
"type" : "long"
},
"egress_interface_type" : {
"type" : "long"
},
"egress_physical_interface" : {
"type" : "long"
},
"egress_unicast_packet_total_count" : {
"type" : "long"
},
"egress_vrfid" : {
"type" : "long"
},
"encrypted_technology" : {
"type" : "keyword",
"ignore_above" : 1024
},
"engine_id" : {
"type" : "short"
},
"engine_type" : {
"type" : "short"
},
"ethernet_header_length" : {
"type" : "short"
},
"ethernet_payload_length" : {
"type" : "long"
},
"ethernet_total_length" : {
"type" : "long"
},
"ethernet_type" : {
"type" : "long"
},
"export_interface" : {
"type" : "long"
},
"export_protocol_version" : {
"type" : "short"
},
"export_sctp_stream_id" : {
"type" : "long"
},
"export_transport_protocol" : {
"type" : "short"
},
"exported_flow_record_total_count" : {
"type" : "long"
},
"exported_message_total_count" : {
"type" : "long"
},
"exported_octet_total_count" : {
"type" : "long"
},
"exporter" : {
"properties" : {
"address" : {
"type" : "keyword",
"ignore_above" : 1024
},
"source_id" : {
"type" : "long"
},
"timestamp" : {
"type" : "date"
},
"uptime_millis" : {
"type" : "long"
},
"version" : {
"type" : "long"
}
}
},
"exporter_certificate" : {
"type" : "short"
},
"exporter_ipv4_address" : {
"type" : "ip"
},
"exporter_ipv6_address" : {
"type" : "ip"
},
"exporter_transport_port" : {
"type" : "long"
},
"exporting_process_id" : {
"type" : "long"
},
"external_address_realm" : {
"type" : "short"
},
"firewall_event" : {
"type" : "short"
},
"flags_and_sampler_id" : {
"type" : "long"
},
"flow_active_timeout" : {
"type" : "long"
},
"flow_direction" : {
"type" : "short"
},
"flow_duration_microseconds" : {
"type" : "long"
},
"flow_duration_milliseconds" : {
"type" : "long"
},
"flow_end_delta_microseconds" : {
"type" : "long"
},
"flow_end_microseconds" : {
"type" : "date"
},
"flow_end_milliseconds" : {
"type" : "date"
},
"flow_end_nanoseconds" : {
"type" : "date"
},
"flow_end_reason" : {
"type" : "short"
},
"flow_end_seconds" : {
"type" : "date"
},
"flow_end_sys_up_time" : {
"type" : "long"
},
"flow_id" : {
"type" : "long"
},
"flow_idle_timeout" : {
"type" : "long"
},
"flow_key_indicator" : {
"type" : "long"
},
"flow_label_ipv6" : {
"type" : "long"
},
"flow_sampling_time_interval" : {
"type" : "long"
},
"flow_sampling_time_spacing" : {
"type" : "long"
},
"flow_selected_flow_delta_count" : {
"type" : "long"
},
"flow_selected_octet_delta_count" : {
"type" : "long"
},
"flow_selected_packet_delta_count" : {
"type" : "long"
},
"flow_selector_algorithm" : {
"type" : "long"
},
"flow_start_delta_microseconds" : {
"type" : "long"
},
"flow_start_microseconds" : {
"type" : "date"
},
"flow_start_milliseconds" : {
"type" : "date"
},
"flow_start_nanoseconds" : {
"type" : "date"
},
"flow_start_seconds" : {
"type" : "date"
},
"flow_start_sys_up_time" : {
"type" : "long"
},
"forwarding_status" : {
"type" : "short"
},
"fragment_flags" : {
"type" : "short"
},
"fragment_identification" : {
"type" : "long"
},
"fragment_offset" : {
"type" : "long"
},
"global_address_mapping_high_threshold" : {
"type" : "long"
},
"gre_key" : {
"type" : "long"
},
"hash_digest_output" : {
"type" : "boolean"
},
"hash_flow_domain" : {
"type" : "long"
},
"hash_initialiser_value" : {
"type" : "long"
},
"hash_ipp_ayload_offset" : {
"type" : "long"
},
"hash_ipp_ayload_size" : {
"type" : "long"
},
"hash_output_range_max" : {
"type" : "long"
},
"hash_output_range_min" : {
"type" : "long"
},
"hash_selected_range_max" : {
"type" : "long"
},
"hash_selected_range_min" : {
"type" : "long"
},
"http_content_type" : {
"type" : "keyword",
"ignore_above" : 1024
},
"http_message_version" : {
"type" : "keyword",
"ignore_above" : 1024
},
"http_reason_phrase" : {
"type" : "keyword",
"ignore_above" : 1024
},
"http_request_host" : {
"type" : "keyword",
"ignore_above" : 1024
},
"http_request_method" : {
"type" : "keyword",
"ignore_above" : 1024
},
"http_request_target" : {
"type" : "keyword",
"ignore_above" : 1024
},
"http_status_code" : {
"type" : "long"
},
"http_user_agent" : {
"type" : "keyword",
"ignore_above" : 1024
},
"icmp_code_ipv4" : {
"type" : "short"
},
"icmp_code_ipv6" : {
"type" : "short"
},
"icmp_type_code_ipv4" : {
"type" : "long"
},
"icmp_type_code_ipv6" : {
"type" : "long"
},
"icmp_type_ipv4" : {
"type" : "short"
},
"icmp_type_ipv6" : {
"type" : "short"
},
"igmp_type" : {
"type" : "short"
},
"ignored_data_record_total_count" : {
"type" : "long"
},
"ignored_layer2_frame_total_count" : {
"type" : "long"
},
"ignored_layer2_octet_total_count" : {
"type" : "long"
},
"ignored_octet_total_count" : {
"type" : "long"
},
"ignored_packet_total_count" : {
"type" : "long"
},
"information_element_data_type" : {
"type" : "short"
},
"information_element_description" : {
"type" : "keyword",
"ignore_above" : 1024
},
"information_element_id" : {
"type" : "long"
},
"information_element_index" : {
"type" : "long"
},
"information_element_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"information_element_range_begin" : {
"type" : "long"
},
"information_element_range_end" : {
"type" : "long"
},
"information_element_semantics" : {
"type" : "short"
},
"information_element_units" : {
"type" : "long"
},
"ingress_broadcast_packet_total_count" : {
"type" : "long"
},
"ingress_interface" : {
"type" : "long"
},
"ingress_interface_type" : {
"type" : "long"
},
"ingress_multicast_packet_total_count" : {
"type" : "long"
},
"ingress_physical_interface" : {
"type" : "long"
},
"ingress_unicast_packet_total_count" : {
"type" : "long"
},
"ingress_vrfid" : {
"type" : "long"
},
"initiator_octets" : {
"type" : "long"
},
"initiator_packets" : {
"type" : "long"
},
"interface_description" : {
"type" : "keyword",
"ignore_above" : 1024
},
"interface_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"intermediate_process_id" : {
"type" : "long"
},
"internal_address_realm" : {
"type" : "short"
},
"ip_class_of_service" : {
"type" : "short"
},
"ip_diff_serv_code_point" : {
"type" : "short"
},
"ip_header_length" : {
"type" : "short"
},
"ip_header_packet_section" : {
"type" : "short"
},
"ip_next_hop_ipv4_address" : {
"type" : "ip"
},
"ip_next_hop_ipv6_address" : {
"type" : "ip"
},
"ip_payload_length" : {
"type" : "long"
},
"ip_payload_packet_section" : {
"type" : "short"
},
"ip_precedence" : {
"type" : "short"
},
"ip_sec_spi" : {
"type" : "long"
},
"ip_total_length" : {
"type" : "long"
},
"ip_ttl" : {
"type" : "short"
},
"ip_version" : {
"type" : "short"
},
"ipv4_ihl" : {
"type" : "short"
},
"ipv4_options" : {
"type" : "long"
},
"ipv4_router_sc" : {
"type" : "ip"
},
"ipv6_extension_headers" : {
"type" : "long"
},
"is_multicast" : {
"type" : "short"
},
"layer2_frame_delta_count" : {
"type" : "long"
},
"layer2_frame_total_count" : {
"type" : "long"
},
"layer2_octet_delta_count" : {
"type" : "long"
},
"layer2_octet_delta_sum_of_squares" : {
"type" : "long"
},
"layer2_octet_total_count" : {
"type" : "long"
},
"layer2_octet_total_sum_of_squares" : {
"type" : "long"
},
"layer2_segment_id" : {
"type" : "long"
},
"layer2packet_section_data" : {
"type" : "short"
},
"layer2packet_section_offset" : {
"type" : "long"
},
"layer2packet_section_size" : {
"type" : "long"
},
"line_card_id" : {
"type" : "long"
},
"lower_cli_imit" : {
"type" : "double"
},
"max_bieb_ntries" : {
"type" : "long"
},
"max_entries_per_user" : {
"type" : "long"
},
"max_export_seconds" : {
"type" : "date"
},
"max_flow_end_microseconds" : {
"type" : "date"
},
"max_flow_end_milliseconds" : {
"type" : "date"
},
"max_flow_end_nanoseconds" : {
"type" : "date"
},
"max_flow_end_seconds" : {
"type" : "date"
},
"max_fragments_pending_reassembly" : {
"type" : "long"
},
"max_session_entries" : {
"type" : "long"
},
"max_subscribers" : {
"type" : "long"
},
"maximum_ip_total_length" : {
"type" : "long"
},
"maximum_layer2_total_length" : {
"type" : "long"
},
"maximum_ttl" : {
"type" : "short"
},
"message_md5_checksum" : {
"type" : "short"
},
"message_scope" : {
"type" : "short"
},
"metering_process_id" : {
"type" : "long"
},
"metro_evc_id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"metro_evc_type" : {
"type" : "short"
},
"mib_capture_time_semantics" : {
"type" : "short"
},
"mib_context_engine_id" : {
"type" : "short"
},
"mib_context_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"mib_index_indicator" : {
"type" : "long"
},
"mib_module_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"mib_object_description" : {
"type" : "keyword",
"ignore_above" : 1024
},
"mib_object_identifier" : {
"type" : "short"
},
"mib_object_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"mib_object_syntax" : {
"type" : "keyword",
"ignore_above" : 1024
},
"mib_object_value_bits" : {
"type" : "short"
},
"mib_object_value_counter" : {
"type" : "long"
},
"mib_object_value_gauge" : {
"type" : "long"
},
"mib_object_value_integer" : {
"type" : "long"
},
"mib_object_value_octet_string" : {
"type" : "short"
},
"mib_object_value_oid" : {
"type" : "short"
},
"mib_object_value_time_ticks" : {
"type" : "long"
},
"mib_object_value_unsigned" : {
"type" : "long"
},
"mib_object_valuei_pa_ddress" : {
"type" : "ip"
},
"mib_sub_identifier" : {
"type" : "long"
},
"min_export_seconds" : {
"type" : "date"
},
"min_flow_start_microseconds" : {
"type" : "date"
},
"min_flow_start_milliseconds" : {
"type" : "date"
},
"min_flow_start_nanoseconds" : {
"type" : "date"
},
"min_flow_start_seconds" : {
"type" : "date"
},
"minimum_ip_total_length" : {
"type" : "long"
},
"minimum_layer2_total_length" : {
"type" : "long"
},
"minimum_ttl" : {
"type" : "short"
},
"mobile_imsi" : {
"type" : "keyword",
"ignore_above" : 1024
},
"mobile_msisdn" : {
"type" : "keyword",
"ignore_above" : 1024
},
"monitoring_interval_end_milli_seconds" : {
"type" : "date"
},
"monitoring_interval_start_milli_seconds" : {
"type" : "date"
},
"mpls_label_stack_depth" : {
"type" : "long"
},
"mpls_label_stack_length" : {
"type" : "long"
},
"mpls_label_stack_section" : {
"type" : "short"
},
"mpls_label_stack_section10" : {
"type" : "short"
},
"mpls_label_stack_section2" : {
"type" : "short"
},
"mpls_label_stack_section3" : {
"type" : "short"
},
"mpls_label_stack_section4" : {
"type" : "short"
},
"mpls_label_stack_section5" : {
"type" : "short"
},
"mpls_label_stack_section6" : {
"type" : "short"
},
"mpls_label_stack_section7" : {
"type" : "short"
},
"mpls_label_stack_section8" : {
"type" : "short"
},
"mpls_label_stack_section9" : {
"type" : "short"
},
"mpls_payload_length" : {
"type" : "long"
},
"mpls_payload_packet_section" : {
"type" : "short"
},
"mpls_top_label_exp" : {
"type" : "short"
},
"mpls_top_label_ipv4_address" : {
"type" : "ip"
},
"mpls_top_label_ipv6_address" : {
"type" : "ip"
},
"mpls_top_label_prefix_length" : {
"type" : "short"
},
"mpls_top_label_stack_section" : {
"type" : "short"
},
"mpls_top_label_ttl" : {
"type" : "short"
},
"mpls_top_label_type" : {
"type" : "short"
},
"mpls_vpn_route_distinguisher" : {
"type" : "short"
},
"multicast_replication_factor" : {
"type" : "long"
},
"nat_event" : {
"type" : "short"
},
"nat_instance_id" : {
"type" : "long"
},
"nat_originating_address_realm" : {
"type" : "short"
},
"nat_pool_id" : {
"type" : "long"
},
"nat_pool_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"nat_quota_exceeded_event" : {
"type" : "long"
},
"nat_threshold_event" : {
"type" : "long"
},
"nat_type" : {
"type" : "short"
},
"new_connection_delta_count" : {
"type" : "long"
},
"next_header_ipv6" : {
"type" : "short"
},
"not_sent_flow_total_count" : {
"type" : "long"
},
"not_sent_layer2_octet_total_count" : {
"type" : "long"
},
"not_sent_octet_total_count" : {
"type" : "long"
},
"not_sent_packet_total_count" : {
"type" : "long"
},
"observation_domain_id" : {
"type" : "long"
},
"observation_domain_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"observation_point_id" : {
"type" : "long"
},
"observation_point_type" : {
"type" : "short"
},
"observation_time_microseconds" : {
"type" : "date"
},
"observation_time_milliseconds" : {
"type" : "date"
},
"observation_time_nanoseconds" : {
"type" : "date"
},
"observation_time_seconds" : {
"type" : "date"
},
"observed_flow_total_count" : {
"type" : "long"
},
"octet_delta_count" : {
"type" : "long"
},
"octet_delta_sum_of_squares" : {
"type" : "long"
},
"octet_total_count" : {
"type" : "long"
},
"octet_total_sum_of_squares" : {
"type" : "long"
},
"opaque_octets" : {
"type" : "short"
},
"original_exporter_ipv4_address" : {
"type" : "ip"
},
"original_exporter_ipv6_address" : {
"type" : "ip"
},
"original_flows_completed" : {
"type" : "long"
},
"original_flows_initiated" : {
"type" : "long"
},
"original_flows_present" : {
"type" : "long"
},
"original_observation_domain_id" : {
"type" : "long"
},
"p2p_technology" : {
"type" : "keyword",
"ignore_above" : 1024
},
"packet_delta_count" : {
"type" : "long"
},
"packet_total_count" : {
"type" : "long"
},
"padding_octets" : {
"type" : "short"
},
"payload_length_ipv6" : {
"type" : "long"
},
"port_id" : {
"type" : "long"
},
"port_range_end" : {
"type" : "long"
},
"port_range_num_ports" : {
"type" : "long"
},
"port_range_start" : {
"type" : "long"
},
"port_range_step_size" : {
"type" : "long"
},
"post_destination_mac_address" : {
"type" : "keyword",
"ignore_above" : 1024
},
"post_dot1q_customer_vlan_id" : {
"type" : "long"
},
"post_dot1q_vlan_id" : {
"type" : "long"
},
"post_ip_class_of_service" : {
"type" : "short"
},
"post_ip_diff_serv_code_point" : {
"type" : "short"
},
"post_ip_precedence" : {
"type" : "short"
},
"post_layer2_octet_delta_count" : {
"type" : "long"
},
"post_layer2_octet_total_count" : {
"type" : "long"
},
"post_mcast_layer2_octet_delta_count" : {
"type" : "long"
},
"post_mcast_layer2_octet_total_count" : {
"type" : "long"
},
"post_mcast_octet_delta_count" : {
"type" : "long"
},
"post_mcast_octet_total_count" : {
"type" : "long"
},
"post_mcast_packet_delta_count" : {
"type" : "long"
},
"post_mcast_packet_total_count" : {
"type" : "long"
},
"post_mpls_top_label_exp" : {
"type" : "short"
},
"post_nadt_estination_ipv4_address" : {
"type" : "ip"
},
"post_nadt_estination_ipv6_address" : {
"type" : "ip"
},
"post_napdt_estination_transport_port" : {
"type" : "long"
},
"post_napst_ource_transport_port" : {
"type" : "long"
},
"post_nast_ource_ipv4_address" : {
"type" : "ip"
},
"post_nast_ource_ipv6_address" : {
"type" : "ip"
},
"post_octet_delta_count" : {
"type" : "long"
},
"post_octet_total_count" : {
"type" : "long"
},
"post_packet_delta_count" : {
"type" : "long"
},
"post_packet_total_count" : {
"type" : "long"
},
"post_source_mac_address" : {
"type" : "keyword",
"ignore_above" : 1024
},
"post_vlan_id" : {
"type" : "long"
},
"private_enterprise_number" : {
"type" : "long"
},
"protocol_identifier" : {
"type" : "short"
},
"pseudo_wire_control_word" : {
"type" : "long"
},
"pseudo_wire_destination_ipv4_address" : {
"type" : "ip"
},
"pseudo_wire_id" : {
"type" : "long"
},
"pseudo_wire_type" : {
"type" : "long"
},
"relative_error" : {
"type" : "double"
},
"responder_octets" : {
"type" : "long"
},
"responder_packets" : {
"type" : "long"
},
"rfc3550_jitter_microseconds" : {
"type" : "long"
},
"rfc3550_jitter_milliseconds" : {
"type" : "long"
},
"rfc3550_jitter_nanoseconds" : {
"type" : "long"
},
"rtp_sequence_number" : {
"type" : "long"
},
"sampler_id" : {
"type" : "short"
},
"sampler_mode" : {
"type" : "short"
},
"sampler_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"sampler_random_interval" : {
"type" : "long"
},
"sampling_algorithm" : {
"type" : "short"
},
"sampling_flow_interval" : {
"type" : "long"
},
"sampling_flow_spacing" : {
"type" : "long"
},
"sampling_interval" : {
"type" : "long"
},
"sampling_packet_interval" : {
"type" : "long"
},
"sampling_packet_space" : {
"type" : "long"
},
"sampling_population" : {
"type" : "long"
},
"sampling_probability" : {
"type" : "double"
},
"sampling_size" : {
"type" : "long"
},
"sampling_time_interval" : {
"type" : "long"
},
"sampling_time_space" : {
"type" : "long"
},
"section_exported_octets" : {
"type" : "long"
},
"section_offset" : {
"type" : "long"
},
"selection_sequence_id" : {
"type" : "long"
},
"selector_algorithm" : {
"type" : "long"
},
"selector_id" : {
"type" : "long"
},
"selector_id_total_pkts_observed" : {
"type" : "long"
},
"selector_id_total_pkts_selected" : {
"type" : "long"
},
"selector_itd_otal_flows_observed" : {
"type" : "long"
},
"selector_itd_otal_flows_selected" : {
"type" : "long"
},
"selector_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"session_scope" : {
"type" : "short"
},
"source_ipv4_address" : {
"type" : "ip"
},
"source_ipv4_prefix" : {
"type" : "ip"
},
"source_ipv4_prefix_length" : {
"type" : "short"
},
"source_ipv6_address" : {
"type" : "ip"
},
"source_ipv6_prefix" : {
"type" : "ip"
},
"source_ipv6_prefix_length" : {
"type" : "short"
},
"source_mac_address" : {
"type" : "keyword",
"ignore_above" : 1024
},
"source_transport_port" : {
"type" : "long"
},
"source_transport_ports_limit" : {
"type" : "long"
},
"src_traffic_index" : {
"type" : "long"
},
"sta_ipv4_address" : {
"type" : "ip"
},
"sta_mac_address" : {
"type" : "keyword",
"ignore_above" : 1024
},
"system_init_time_milliseconds" : {
"type" : "date"
},
"tcp_ack_total_count" : {
"type" : "long"
},
"tcp_acknowledgement_number" : {
"type" : "long"
},
"tcp_control_bits" : {
"type" : "long"
},
"tcp_destination_port" : {
"type" : "long"
},
"tcp_fin_total_count" : {
"type" : "long"
},
"tcp_header_length" : {
"type" : "short"
},
"tcp_options" : {
"type" : "long"
},
"tcp_psh_total_count" : {
"type" : "long"
},
"tcp_rst_total_count" : {
"type" : "long"
},
"tcp_sequence_number" : {
"type" : "long"
},
"tcp_source_port" : {
"type" : "long"
},
"tcp_syn_total_count" : {
"type" : "long"
},
"tcp_urg_total_count" : {
"type" : "long"
},
"tcp_urgent_pointer" : {
"type" : "long"
},
"tcp_window_scale" : {
"type" : "long"
},
"tcp_window_size" : {
"type" : "long"
},
"template_id" : {
"type" : "long"
},
"total_length_ipv4" : {
"type" : "long"
},
"transport_octet_delta_count" : {
"type" : "long"
},
"transport_packet_delta_count" : {
"type" : "long"
},
"tunnel_technology" : {
"type" : "keyword",
"ignore_above" : 1024
},
"type" : {
"type" : "keyword",
"ignore_above" : 1024
},
"udp_destination_port" : {
"type" : "long"
},
"udp_message_length" : {
"type" : "long"
},
"udp_source_port" : {
"type" : "long"
},
"upper_cli_imit" : {
"type" : "double"
},
"user_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"value_distribution_method" : {
"type" : "short"
},
"virtual_station_interface_id" : {
"type" : "short"
},
"virtual_station_interface_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"virtual_station_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"virtual_station_uuid" : {
"type" : "short"
},
"vlan_id" : {
"type" : "long"
},
"vpn_identifier" : {
"type" : "short"
},
"vr_fname" : {
"type" : "keyword",
"ignore_above" : 1024
},
"wlan_channel_id" : {
"type" : "short"
},
"wlan_ssid" : {
"type" : "keyword",
"ignore_above" : 1024
},
"wtp_mac_address" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"network" : {
"properties" : {
"application" : {
"type" : "keyword",
"ignore_above" : 1024
},
"bytes" : {
"type" : "long"
},
"community_id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"direction" : {
"type" : "keyword",
"ignore_above" : 1024
},
"forwarded_ip" : {
"type" : "ip"
},
"iana_number" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"packets" : {
"type" : "long"
},
"protocol" : {
"type" : "keyword",
"ignore_above" : 1024
},
"transport" : {
"type" : "keyword",
"ignore_above" : 1024
},
"type" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"nginx" : {
"properties" : {
"access" : {
"properties" : {
"geoip" : {
"type" : "object"
},
"user_agent" : {
"type" : "object"
}
}
},
"error" : {
"properties" : {
"connection_id" : {
"type" : "long"
}
}
}
}
},
"observer" : {
"properties" : {
"geo" : {
"properties" : {
"city_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"continent_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"country_iso_code" : {
"type" : "keyword",
"ignore_above" : 1024
},
"country_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"location" : {
"type" : "geo_point"
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"region_iso_code" : {
"type" : "keyword",
"ignore_above" : 1024
},
"region_name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"hostname" : {
"type" : "keyword",
"ignore_above" : 1024
},
"ip" : {
"type" : "ip"
},
"mac" : {
"type" : "keyword",
"ignore_above" : 1024
},
"os" : {
"properties" : {
"family" : {
"type" : "keyword",
"ignore_above" : 1024
},
"full" : {
"type" : "keyword",
"ignore_above" : 1024
},
"kernel" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"platform" : {
"type" : "keyword",
"ignore_above" : 1024
},
"version" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"serial_number" : {
"type" : "keyword",
"ignore_above" : 1024
},
"type" : {
"type" : "keyword",
"ignore_above" : 1024
},
"vendor" : {
"type" : "keyword",
"ignore_above" : 1024
},
"version" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"organization" : {
"properties" : {
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"os" : {
"properties" : {
"family" : {
"type" : "keyword",
"ignore_above" : 1024
},
"full" : {
"type" : "keyword",
"ignore_above" : 1024
},
"kernel" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"platform" : {
"type" : "keyword",
"ignore_above" : 1024
},
"version" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"osquery" : {
"properties" : {
"result" : {
"properties" : {
"action" : {
"type" : "keyword",
"ignore_above" : 1024
},
"calendar_time" : {
"type" : "keyword",
"ignore_above" : 1024
},
"host_identifier" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"unix_time" : {
"type" : "long"
}
}
}
}
},
"postgresql" : {
"properties" : {
"log" : {
"properties" : {
"core_id" : {
"type" : "long"
},
"database" : {
"type" : "keyword",
"ignore_above" : 1024
},
"query" : {
"type" : "keyword",
"ignore_above" : 1024
},
"timestamp" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
}
}
},
"process" : {
"properties" : {
"args" : {
"type" : "keyword",
"ignore_above" : 1024
},
"executable" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"pid" : {
"type" : "long"
},
"ppid" : {
"type" : "long"
},
"program" : {
"type" : "keyword",
"ignore_above" : 1024
},
"start" : {
"type" : "date"
},
"thread" : {
"properties" : {
"id" : {
"type" : "long"
}
}
},
"title" : {
"type" : "keyword",
"ignore_above" : 1024
},
"working_directory" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"redis" : {
"properties" : {
"log" : {
"properties" : {
"role" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"slowlog" : {
"properties" : {
"args" : {
"type" : "keyword",
"ignore_above" : 1024
},
"cmd" : {
"type" : "keyword",
"ignore_above" : 1024
},
"duration" : {
"properties" : {
"us" : {
"type" : "long"
}
}
},
"id" : {
"type" : "long"
},
"key" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
}
}
},
"related" : {
"properties" : {
"ip" : {
"type" : "ip"
}
}
},
"santa" : {
"properties" : {
"action" : {
"type" : "keyword",
"ignore_above" : 1024
},
"decision" : {
"type" : "keyword",
"ignore_above" : 1024
},
"disk" : {
"properties" : {
"bsdname" : {
"type" : "keyword",
"ignore_above" : 1024
},
"bus" : {
"type" : "keyword",
"ignore_above" : 1024
},
"fs" : {
"type" : "keyword",
"ignore_above" : 1024
},
"model" : {
"type" : "keyword",
"ignore_above" : 1024
},
"mount" : {
"type" : "keyword",
"ignore_above" : 1024
},
"serial" : {
"type" : "keyword",
"ignore_above" : 1024
},
"volume" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"mode" : {
"type" : "keyword",
"ignore_above" : 1024
},
"reason" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"server" : {
"properties" : {
"address" : {
"type" : "keyword",
"ignore_above" : 1024
},
"bytes" : {
"type" : "long"
},
"domain" : {
"type" : "keyword",
"ignore_above" : 1024
},
"geo" : {
"properties" : {
"city_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"continent_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"country_iso_code" : {
"type" : "keyword",
"ignore_above" : 1024
},
"country_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"location" : {
"type" : "geo_point"
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"region_iso_code" : {
"type" : "keyword",
"ignore_above" : 1024
},
"region_name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"ip" : {
"type" : "ip"
},
"mac" : {
"type" : "keyword",
"ignore_above" : 1024
},
"packets" : {
"type" : "long"
},
"port" : {
"type" : "long"
},
"user" : {
"properties" : {
"email" : {
"type" : "keyword",
"ignore_above" : 1024
},
"full_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"group" : {
"properties" : {
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"hash" : {
"type" : "keyword",
"ignore_above" : 1024
},
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
}
}
},
"service" : {
"properties" : {
"ephemeral_id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"state" : {
"type" : "keyword",
"ignore_above" : 1024
},
"type" : {
"type" : "keyword",
"ignore_above" : 1024
},
"version" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"source" : {
"properties" : {
"address" : {
"type" : "keyword",
"ignore_above" : 1024
},
"bytes" : {
"type" : "long"
},
"domain" : {
"type" : "keyword",
"ignore_above" : 1024
},
"geo" : {
"properties" : {
"city_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"continent_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"country_iso_code" : {
"type" : "keyword",
"ignore_above" : 1024
},
"country_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"location" : {
"type" : "geo_point"
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"region_iso_code" : {
"type" : "keyword",
"ignore_above" : 1024
},
"region_name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"ip" : {
"type" : "ip"
},
"mac" : {
"type" : "keyword",
"ignore_above" : 1024
},
"packets" : {
"type" : "long"
},
"port" : {
"type" : "long"
},
"user" : {
"properties" : {
"email" : {
"type" : "keyword",
"ignore_above" : 1024
},
"full_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"group" : {
"properties" : {
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"hash" : {
"type" : "keyword",
"ignore_above" : 1024
},
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
}
}
},
"stream" : {
"type" : "keyword",
"ignore_above" : 1024
},
"suricata" : {
"properties" : {
"eve" : {
"properties" : {
"alert" : {
"properties" : {
"action" : {
"type" : "alias",
"path" : "event.outcome"
},
"category" : {
"type" : "keyword",
"ignore_above" : 1024
},
"gid" : {
"type" : "long"
},
"rev" : {
"type" : "long"
},
"severity" : {
"type" : "alias",
"path" : "event.severity"
},
"signature" : {
"type" : "keyword",
"ignore_above" : 1024
},
"signature_id" : {
"type" : "long"
}
}
},
"app_proto" : {
"type" : "alias",
"path" : "network.protocol"
},
"app_proto_expected" : {
"type" : "keyword",
"ignore_above" : 1024
},
"app_proto_orig" : {
"type" : "keyword",
"ignore_above" : 1024
},
"app_proto_tc" : {
"type" : "keyword",
"ignore_above" : 1024
},
"app_proto_ts" : {
"type" : "keyword",
"ignore_above" : 1024
},
"dest_ip" : {
"type" : "alias",
"path" : "destination.ip"
},
"dest_port" : {
"type" : "alias",
"path" : "destination.port"
},
"dns" : {
"properties" : {
"id" : {
"type" : "long"
},
"rcode" : {
"type" : "keyword",
"ignore_above" : 1024
},
"rdata" : {
"type" : "keyword",
"ignore_above" : 1024
},
"rrname" : {
"type" : "keyword",
"ignore_above" : 1024
},
"rrtype" : {
"type" : "keyword",
"ignore_above" : 1024
},
"ttl" : {
"type" : "long"
},
"tx_id" : {
"type" : "long"
},
"type" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"email" : {
"properties" : {
"status" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"event_type" : {
"type" : "keyword",
"ignore_above" : 1024
},
"fileinfo" : {
"properties" : {
"filename" : {
"type" : "alias",
"path" : "file.path"
},
"gaps" : {
"type" : "boolean"
},
"md5" : {
"type" : "keyword",
"ignore_above" : 1024
},
"sha1" : {
"type" : "keyword",
"ignore_above" : 1024
},
"sha256" : {
"type" : "keyword",
"ignore_above" : 1024
},
"size" : {
"type" : "alias",
"path" : "file.size"
},
"state" : {
"type" : "keyword",
"ignore_above" : 1024
},
"stored" : {
"type" : "boolean"
},
"tx_id" : {
"type" : "long"
}
}
},
"flags" : {
"type" : "object"
},
"flow" : {
"properties" : {
"age" : {
"type" : "long"
},
"alerted" : {
"type" : "boolean"
},
"bytes_toclient" : {
"type" : "alias",
"path" : "destination.bytes"
},
"bytes_toserver" : {
"type" : "alias",
"path" : "source.bytes"
},
"end" : {
"type" : "date"
},
"pkts_toclient" : {
"type" : "alias",
"path" : "destination.packets"
},
"pkts_toserver" : {
"type" : "alias",
"path" : "source.packets"
},
"reason" : {
"type" : "keyword",
"ignore_above" : 1024
},
"start" : {
"type" : "alias",
"path" : "event.start"
},
"state" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"flow_id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"http" : {
"properties" : {
"hostname" : {
"type" : "alias",
"path" : "url.domain"
},
"http_content_type" : {
"type" : "keyword",
"ignore_above" : 1024
},
"http_method" : {
"type" : "alias",
"path" : "http.request.method"
},
"http_refer" : {
"type" : "alias",
"path" : "http.request.referrer"
},
"http_user_agent" : {
"type" : "alias",
"path" : "user_agent.original"
},
"length" : {
"type" : "alias",
"path" : "http.response.body.bytes"
},
"protocol" : {
"type" : "keyword",
"ignore_above" : 1024
},
"redirect" : {
"type" : "keyword",
"ignore_above" : 1024
},
"status" : {
"type" : "alias",
"path" : "http.response.status_code"
},
"url" : {
"type" : "alias",
"path" : "url.original"
}
}
},
"icmp_code" : {
"type" : "long"
},
"icmp_type" : {
"type" : "long"
},
"in_iface" : {
"type" : "keyword",
"ignore_above" : 1024
},
"pcap_cnt" : {
"type" : "long"
},
"proto" : {
"type" : "alias",
"path" : "network.transport"
},
"smtp" : {
"properties" : {
"helo" : {
"type" : "keyword",
"ignore_above" : 1024
},
"mail_from" : {
"type" : "keyword",
"ignore_above" : 1024
},
"rcpt_to" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"src_ip" : {
"type" : "alias",
"path" : "source.ip"
},
"src_port" : {
"type" : "alias",
"path" : "source.port"
},
"ssh" : {
"properties" : {
"client" : {
"properties" : {
"proto_version" : {
"type" : "keyword",
"ignore_above" : 1024
},
"software_version" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"server" : {
"properties" : {
"proto_version" : {
"type" : "keyword",
"ignore_above" : 1024
},
"software_version" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
}
}
},
"stats" : {
"properties" : {
"app_layer" : {
"properties" : {
"flow" : {
"properties" : {
"dcerpc_tcp" : {
"type" : "long"
},
"dcerpc_udp" : {
"type" : "long"
},
"dns_tcp" : {
"type" : "long"
},
"dns_udp" : {
"type" : "long"
},
"failed_tcp" : {
"type" : "long"
},
"failed_udp" : {
"type" : "long"
},
"ftp" : {
"type" : "long"
},
"http" : {
"type" : "long"
},
"imap" : {
"type" : "long"
},
"msn" : {
"type" : "long"
},
"smb" : {
"type" : "long"
},
"smtp" : {
"type" : "long"
},
"ssh" : {
"type" : "long"
},
"tls" : {
"type" : "long"
}
}
},
"tx" : {
"properties" : {
"dcerpc_tcp" : {
"type" : "long"
},
"dcerpc_udp" : {
"type" : "long"
},
"dns_tcp" : {
"type" : "long"
},
"dns_udp" : {
"type" : "long"
},
"ftp" : {
"type" : "long"
},
"http" : {
"type" : "long"
},
"smb" : {
"type" : "long"
},
"smtp" : {
"type" : "long"
},
"ssh" : {
"type" : "long"
},
"tls" : {
"type" : "long"
}
}
}
}
},
"capture" : {
"properties" : {
"kernel_drops" : {
"type" : "long"
},
"kernel_ifdrops" : {
"type" : "long"
},
"kernel_packets" : {
"type" : "long"
}
}
},
"decoder" : {
"properties" : {
"avg_pkt_size" : {
"type" : "long"
},
"bytes" : {
"type" : "long"
},
"dce" : {
"properties" : {
"pkt_too_small" : {
"type" : "long"
}
}
},
"erspan" : {
"type" : "long"
},
"ethernet" : {
"type" : "long"
},
"gre" : {
"type" : "long"
},
"icmpv4" : {
"type" : "long"
},
"icmpv6" : {
"type" : "long"
},
"ieee8021ah" : {
"type" : "long"
},
"invalid" : {
"type" : "long"
},
"ipraw" : {
"properties" : {
"invalid_ip_version" : {
"type" : "long"
}
}
},
"ipv4" : {
"type" : "long"
},
"ipv4_in_ipv6" : {
"type" : "long"
},
"ipv6" : {
"type" : "long"
},
"ipv6_in_ipv6" : {
"type" : "long"
},
"ltnull" : {
"properties" : {
"pkt_too_small" : {
"type" : "long"
},
"unsupported_type" : {
"type" : "long"
}
}
},
"max_pkt_size" : {
"type" : "long"
},
"mpls" : {
"type" : "long"
},
"null" : {
"type" : "long"
},
"pkts" : {
"type" : "long"
},
"ppp" : {
"type" : "long"
},
"pppoe" : {
"type" : "long"
},
"raw" : {
"type" : "long"
},
"sctp" : {
"type" : "long"
},
"sll" : {
"type" : "long"
},
"tcp" : {
"type" : "long"
},
"teredo" : {
"type" : "long"
},
"udp" : {
"type" : "long"
},
"vlan" : {
"type" : "long"
},
"vlan_qinq" : {
"type" : "long"
}
}
},
"defrag" : {
"properties" : {
"ipv4" : {
"properties" : {
"fragments" : {
"type" : "long"
},
"reassembled" : {
"type" : "long"
},
"timeouts" : {
"type" : "long"
}
}
},
"ipv6" : {
"properties" : {
"fragments" : {
"type" : "long"
},
"reassembled" : {
"type" : "long"
},
"timeouts" : {
"type" : "long"
}
}
},
"max_frag_hits" : {
"type" : "long"
}
}
},
"detect" : {
"properties" : {
"alert" : {
"type" : "long"
}
}
},
"dns" : {
"properties" : {
"memcap_global" : {
"type" : "long"
},
"memcap_state" : {
"type" : "long"
},
"memuse" : {
"type" : "long"
}
}
},
"file_store" : {
"properties" : {
"open_files" : {
"type" : "long"
}
}
},
"flow" : {
"properties" : {
"emerg_mode_entered" : {
"type" : "long"
},
"emerg_mode_over" : {
"type" : "long"
},
"icmpv4" : {
"type" : "long"
},
"icmpv6" : {
"type" : "long"
},
"memcap" : {
"type" : "long"
},
"memuse" : {
"type" : "long"
},
"spare" : {
"type" : "long"
},
"tcp" : {
"type" : "long"
},
"tcp_reuse" : {
"type" : "long"
},
"udp" : {
"type" : "long"
}
}
},
"flow_mgr" : {
"properties" : {
"bypassed_pruned" : {
"type" : "long"
},
"closed_pruned" : {
"type" : "long"
},
"est_pruned" : {
"type" : "long"
},
"flows_checked" : {
"type" : "long"
},
"flows_notimeout" : {
"type" : "long"
},
"flows_removed" : {
"type" : "long"
},
"flows_timeout" : {
"type" : "long"
},
"flows_timeout_inuse" : {
"type" : "long"
},
"new_pruned" : {
"type" : "long"
},
"rows_busy" : {
"type" : "long"
},
"rows_checked" : {
"type" : "long"
},
"rows_empty" : {
"type" : "long"
},
"rows_maxlen" : {
"type" : "long"
},
"rows_skipped" : {
"type" : "long"
}
}
},
"http" : {
"properties" : {
"memcap" : {
"type" : "long"
},
"memuse" : {
"type" : "long"
}
}
},
"tcp" : {
"properties" : {
"insert_data_normal_fail" : {
"type" : "long"
},
"insert_data_overlap_fail" : {
"type" : "long"
},
"insert_list_fail" : {
"type" : "long"
},
"invalid_checksum" : {
"type" : "long"
},
"memuse" : {
"type" : "long"
},
"no_flow" : {
"type" : "long"
},
"overlap" : {
"type" : "long"
},
"overlap_diff_data" : {
"type" : "long"
},
"pseudo" : {
"type" : "long"
},
"pseudo_failed" : {
"type" : "long"
},
"reassembly_gap" : {
"type" : "long"
},
"reassembly_memuse" : {
"type" : "long"
},
"rst" : {
"type" : "long"
},
"segment_memcap_drop" : {
"type" : "long"
},
"sessions" : {
"type" : "long"
},
"ssn_memcap_drop" : {
"type" : "long"
},
"stream_depth_reached" : {
"type" : "long"
},
"syn" : {
"type" : "long"
},
"synack" : {
"type" : "long"
}
}
},
"uptime" : {
"type" : "long"
}
}
},
"tcp" : {
"properties" : {
"ack" : {
"type" : "boolean"
},
"fin" : {
"type" : "boolean"
},
"psh" : {
"type" : "boolean"
},
"rst" : {
"type" : "boolean"
},
"state" : {
"type" : "keyword",
"ignore_above" : 1024
},
"syn" : {
"type" : "boolean"
},
"tcp_flags" : {
"type" : "keyword",
"ignore_above" : 1024
},
"tcp_flags_tc" : {
"type" : "keyword",
"ignore_above" : 1024
},
"tcp_flags_ts" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"timestamp" : {
"type" : "alias",
"path" : "@timestamp"
},
"tls" : {
"properties" : {
"fingerprint" : {
"type" : "keyword",
"ignore_above" : 1024
},
"issuerdn" : {
"type" : "keyword",
"ignore_above" : 1024
},
"notafter" : {
"type" : "date"
},
"notbefore" : {
"type" : "date"
},
"serial" : {
"type" : "keyword",
"ignore_above" : 1024
},
"session_resumed" : {
"type" : "boolean"
},
"sni" : {
"type" : "keyword",
"ignore_above" : 1024
},
"subject" : {
"type" : "keyword",
"ignore_above" : 1024
},
"version" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"tx_id" : {
"type" : "long"
}
}
}
}
},
"syslog" : {
"properties" : {
"facility" : {
"type" : "long"
},
"facility_label" : {
"type" : "keyword",
"ignore_above" : 1024
},
"priority" : {
"type" : "long"
},
"severity_label" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"system" : {
"properties" : {
"auth" : {
"properties" : {
"groupadd" : {
"type" : "object"
},
"ssh" : {
"properties" : {
"dropped_ip" : {
"type" : "ip"
},
"event" : {
"type" : "keyword",
"ignore_above" : 1024
},
"geoip" : {
"type" : "object"
},
"method" : {
"type" : "keyword",
"ignore_above" : 1024
},
"signature" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"sudo" : {
"properties" : {
"command" : {
"type" : "keyword",
"ignore_above" : 1024
},
"error" : {
"type" : "keyword",
"ignore_above" : 1024
},
"pwd" : {
"type" : "keyword",
"ignore_above" : 1024
},
"tty" : {
"type" : "keyword",
"ignore_above" : 1024
},
"user" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"useradd" : {
"properties" : {
"home" : {
"type" : "keyword",
"ignore_above" : 1024
},
"shell" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
}
}
},
"syslog" : {
"type" : "object"
}
}
},
"tags" : {
"type" : "keyword",
"ignore_above" : 1024
},
"traefik" : {
"properties" : {
"access" : {
"properties" : {
"backend_url" : {
"type" : "keyword",
"ignore_above" : 1024
},
"frontend_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"geoip" : {
"properties" : {
"city_name" : {
"type" : "alias",
"path" : "source.geo.city_name"
},
"continent_name" : {
"type" : "alias",
"path" : "source.geo.continent_name"
},
"country_iso_code" : {
"type" : "alias",
"path" : "source.geo.country_iso_code"
},
"location" : {
"type" : "alias",
"path" : "source.geo.location"
},
"region_iso_code" : {
"type" : "alias",
"path" : "source.geo.region_iso_code"
},
"region_name" : {
"type" : "alias",
"path" : "source.geo.region_name"
}
}
},
"request_count" : {
"type" : "long"
},
"user_agent" : {
"properties" : {
"device" : {
"type" : "alias",
"path" : "user_agent.device.name"
},
"name" : {
"type" : "alias",
"path" : "user_agent.name"
},
"original" : {
"type" : "alias",
"path" : "user_agent.original"
},
"os" : {
"type" : "alias",
"path" : "user_agent.os.full_name"
},
"os_name" : {
"type" : "alias",
"path" : "user_agent.os.name"
}
}
},
"user_identifier" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
}
}
},
"url" : {
"properties" : {
"domain" : {
"type" : "keyword",
"ignore_above" : 1024
},
"fragment" : {
"type" : "keyword",
"ignore_above" : 1024
},
"full" : {
"type" : "keyword",
"ignore_above" : 1024
},
"original" : {
"type" : "keyword",
"ignore_above" : 1024
},
"password" : {
"type" : "keyword",
"ignore_above" : 1024
},
"path" : {
"type" : "keyword",
"ignore_above" : 1024
},
"port" : {
"type" : "long"
},
"query" : {
"type" : "keyword",
"ignore_above" : 1024
},
"scheme" : {
"type" : "keyword",
"ignore_above" : 1024
},
"username" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"user" : {
"properties" : {
"audit" : {
"properties" : {
"group" : {
"properties" : {
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"effective" : {
"properties" : {
"group" : {
"properties" : {
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"email" : {
"type" : "keyword",
"ignore_above" : 1024
},
"filesystem" : {
"properties" : {
"group" : {
"properties" : {
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"full_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"group" : {
"properties" : {
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"hash" : {
"type" : "keyword",
"ignore_above" : 1024
},
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"owner" : {
"properties" : {
"group" : {
"properties" : {
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"saved" : {
"properties" : {
"group" : {
"properties" : {
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"terminal" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"user_agent" : {
"properties" : {
"device" : {
"properties" : {
"name" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"original" : {
"type" : "keyword",
"ignore_above" : 1024
},
"os" : {
"properties" : {
"family" : {
"type" : "keyword",
"ignore_above" : 1024
},
"full" : {
"type" : "keyword",
"ignore_above" : 1024
},
"full_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"kernel" : {
"type" : "keyword",
"ignore_above" : 1024
},
"name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"platform" : {
"type" : "keyword",
"ignore_above" : 1024
},
"version" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"version" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"zeek" : {
"properties" : {
"connection" : {
"properties" : {
"history" : {
"type" : "keyword",
"ignore_above" : 1024
},
"inner_vlan" : {
"type" : "long"
},
"local_orig" : {
"type" : "boolean"
},
"local_resp" : {
"type" : "boolean"
},
"missed_bytes" : {
"type" : "long"
},
"orig_l2_addr" : {
"type" : "keyword",
"ignore_above" : 1024
},
"resp_l2_addr" : {
"type" : "keyword",
"ignore_above" : 1024
},
"state" : {
"type" : "keyword",
"ignore_above" : 1024
},
"vlan" : {
"type" : "long"
}
}
},
"dns" : {
"properties" : {
"AA" : {
"type" : "boolean"
},
"RA" : {
"type" : "boolean"
},
"RD" : {
"type" : "boolean"
},
"TC" : {
"type" : "boolean"
},
"TTLs" : {
"type" : "double"
},
"answers" : {
"type" : "keyword",
"ignore_above" : 1024
},
"qclass" : {
"type" : "long"
},
"qclass_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"qtype" : {
"type" : "long"
},
"qtype_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"query" : {
"type" : "keyword",
"ignore_above" : 1024
},
"rcode" : {
"type" : "long"
},
"rcode_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"rejected" : {
"type" : "boolean"
},
"rtt" : {
"type" : "double"
},
"saw_query" : {
"type" : "boolean"
},
"saw_reply" : {
"type" : "boolean"
},
"total_answers" : {
"type" : "long"
},
"total_replies" : {
"type" : "long"
},
"trans_id" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"files" : {
"properties" : {
"analyzers" : {
"type" : "keyword",
"ignore_above" : 1024
},
"depth" : {
"type" : "long"
},
"duration" : {
"type" : "double"
},
"entropy" : {
"type" : "double"
},
"extracted" : {
"type" : "keyword",
"ignore_above" : 1024
},
"extracted_cutoff" : {
"type" : "boolean"
},
"extracted_size" : {
"type" : "long"
},
"filename" : {
"type" : "keyword",
"ignore_above" : 1024
},
"fuid" : {
"type" : "keyword",
"ignore_above" : 1024
},
"is_orig" : {
"type" : "boolean"
},
"local_orig" : {
"type" : "boolean"
},
"md5" : {
"type" : "keyword",
"ignore_above" : 1024
},
"mime_type" : {
"type" : "keyword",
"ignore_above" : 1024
},
"missing_bytes" : {
"type" : "long"
},
"overflow_bytes" : {
"type" : "long"
},
"parent_fuid" : {
"type" : "keyword",
"ignore_above" : 1024
},
"rx_host" : {
"type" : "ip"
},
"seen_bytes" : {
"type" : "long"
},
"session_ids" : {
"type" : "keyword",
"ignore_above" : 1024
},
"sha1" : {
"type" : "keyword",
"ignore_above" : 1024
},
"sha256" : {
"type" : "keyword",
"ignore_above" : 1024
},
"source" : {
"type" : "keyword",
"ignore_above" : 1024
},
"timedout" : {
"type" : "boolean"
},
"total_bytes" : {
"type" : "long"
},
"tx_host" : {
"type" : "ip"
}
}
},
"fnotice" : {
"properties" : {
"file" : {
"properties" : {
"total_bytes" : {
"type" : "long"
}
}
}
}
},
"http" : {
"properties" : {
"captured_password" : {
"type" : "boolean"
},
"client_header_names" : {
"type" : "keyword",
"ignore_above" : 1024
},
"info_code" : {
"type" : "long"
},
"info_msg" : {
"type" : "keyword",
"ignore_above" : 1024
},
"orig_filenames" : {
"type" : "keyword",
"ignore_above" : 1024
},
"orig_fuids" : {
"type" : "keyword",
"ignore_above" : 1024
},
"orig_mime_depth" : {
"type" : "long"
},
"orig_mime_types" : {
"type" : "keyword",
"ignore_above" : 1024
},
"password" : {
"type" : "keyword",
"ignore_above" : 1024
},
"proxied" : {
"type" : "keyword",
"ignore_above" : 1024
},
"range_request" : {
"type" : "boolean"
},
"resp_filenames" : {
"type" : "keyword",
"ignore_above" : 1024
},
"resp_fuids" : {
"type" : "keyword",
"ignore_above" : 1024
},
"resp_mime_depth" : {
"type" : "long"
},
"resp_mime_types" : {
"type" : "keyword",
"ignore_above" : 1024
},
"server_header_names" : {
"type" : "keyword",
"ignore_above" : 1024
},
"status_msg" : {
"type" : "keyword",
"ignore_above" : 1024
},
"tags" : {
"type" : "keyword",
"ignore_above" : 1024
},
"trans_depth" : {
"type" : "long"
}
}
},
"notice" : {
"properties" : {
"actions" : {
"type" : "keyword",
"ignore_above" : 1024
},
"connection_id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"dropped" : {
"type" : "boolean"
},
"email_body_sections" : {
"type" : "text",
"norms" : false
},
"email_delay_tokens" : {
"type" : "keyword",
"ignore_above" : 1024
},
"file" : {
"properties" : {
"id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"is_orig" : {
"type" : "boolean"
},
"mime_type" : {
"type" : "keyword",
"ignore_above" : 1024
},
"missing_bytes" : {
"type" : "long"
},
"overflow_bytes" : {
"type" : "long"
},
"parent_id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"seen_bytes" : {
"type" : "long"
},
"source" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
},
"fuid" : {
"type" : "keyword",
"ignore_above" : 1024
},
"icmp_id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"identifier" : {
"type" : "keyword",
"ignore_above" : 1024
},
"msg" : {
"type" : "keyword",
"ignore_above" : 1024
},
"n" : {
"type" : "long"
},
"note" : {
"type" : "keyword",
"ignore_above" : 1024
},
"peer_descr" : {
"type" : "text",
"norms" : false
},
"peer_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"sub" : {
"type" : "keyword",
"ignore_above" : 1024
},
"suppress_for" : {
"type" : "double"
}
}
},
"session_id" : {
"type" : "keyword",
"ignore_above" : 1024
},
"ssl" : {
"properties" : {
"cert_chain" : {
"type" : "keyword",
"ignore_above" : 1024
},
"cert_chain_fuids" : {
"type" : "keyword",
"ignore_above" : 1024
},
"cipher" : {
"type" : "keyword",
"ignore_above" : 1024
},
"client_cert_chain" : {
"type" : "keyword",
"ignore_above" : 1024
},
"client_cert_chain_fuids" : {
"type" : "keyword",
"ignore_above" : 1024
},
"client_issuer" : {
"type" : "keyword",
"ignore_above" : 1024
},
"client_subject" : {
"type" : "keyword",
"ignore_above" : 1024
},
"curve" : {
"type" : "keyword",
"ignore_above" : 1024
},
"established" : {
"type" : "boolean"
},
"issuer" : {
"type" : "keyword",
"ignore_above" : 1024
},
"last_alert" : {
"type" : "keyword",
"ignore_above" : 1024
},
"next_protocol" : {
"type" : "keyword",
"ignore_above" : 1024
},
"resumed" : {
"type" : "boolean"
},
"server_name" : {
"type" : "keyword",
"ignore_above" : 1024
},
"subject" : {
"type" : "keyword",
"ignore_above" : 1024
},
"validation_code" : {
"type" : "keyword",
"ignore_above" : 1024
},
"validation_status" : {
"type" : "keyword",
"ignore_above" : 1024
},
"version" : {
"type" : "keyword",
"ignore_above" : 1024
}
}
}
}
}
}
}
}
}I ingested the document you provided above in a 7.3.0 BC1 and it worked for me:
I wonder if it has something to do with the 7.0.0 filebeat mapping. :thinking:
weltenwort
commented
5 years ago It works for me even with a 7.0.0 mapping. Could you provide the response to the graphql query LogEntryHighlightsQuery? The whole HAR would also work, of course.
simianhacker
commented
5 years ago Here are the three GraphQL requests that are fired:
weltenwort
commented
5 years ago Thanks for sharing the HARs. According to the responses, Elasticsearch really doesn't highlight anything in these messages. Do the log entry show up correctly if you try to filter for the terms in the filter bar?
simianhacker
commented
5 years ago No... Looks like it's a mapping issue then.
simianhacker
commented
5 years ago Looks like I screwed up... The script I'm using to scrape filebeat logs was adding an index setting for index.query.default_field which didn't contain the message field. That prevented highlighting and the match_phrase query from working.
weltenwort
commented
5 years ago human 1 - bot 0
Kibana version:
7.3.0 BC1
Elasticsearch version:
7.3.0 BC1
Original install method (e.g. download page, yum, from source, etc.):
Download and run build candidate locally
Describe the bug:
While testing #39569, I indexed some log lines from the internal infra team. When I try an highlight a word (like in the screenshot below) it fails to do anything.