2118 lines
66 KiB
JSON
2118 lines
66 KiB
JSON
{
|
|
"template": "threatline*",
|
|
"settings" : {
|
|
"index" : {
|
|
"number_of_shards" : 3,
|
|
"number_of_replicas" : 2
|
|
}
|
|
},
|
|
"mappings": {
|
|
"capture_loss": {
|
|
"_all": {
|
|
"enabled": false
|
|
},
|
|
"properties": {
|
|
"acks": {
|
|
"type": "long"
|
|
},
|
|
"client_id": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"enrichment": {
|
|
"type": "object"
|
|
},
|
|
"gaps": {
|
|
"type": "long"
|
|
},
|
|
"peer": {
|
|
"type": "keyword"
|
|
},
|
|
"percent_lost": {
|
|
"type": "double"
|
|
},
|
|
"tltype": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"ts": {
|
|
"format": "epoch_second",
|
|
"type": "date"
|
|
},
|
|
"ts_delta": {
|
|
"type": "double"
|
|
}
|
|
}
|
|
},
|
|
"communication": {
|
|
"_all": {
|
|
"enabled": false
|
|
},
|
|
"properties": {
|
|
"connected_peer_addr": {
|
|
"type": "ip"
|
|
},
|
|
"connected_peer_desc": {
|
|
"type": "keyword"
|
|
},
|
|
"connected_peer_port": {
|
|
"type": "keyword"
|
|
},
|
|
"level": {
|
|
"type": "keyword"
|
|
},
|
|
"message": {
|
|
"type": "keyword"
|
|
},
|
|
"peer": {
|
|
"type": "keyword"
|
|
},
|
|
"src_name": {
|
|
"type": "keyword"
|
|
},
|
|
"ts": {
|
|
"format": "epoch_second",
|
|
"type": "date"
|
|
}
|
|
}
|
|
},
|
|
"conn": {
|
|
"_all": {
|
|
"enabled": false
|
|
},
|
|
"properties": {
|
|
"client_id": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"conn_state": {
|
|
"type": "keyword"
|
|
},
|
|
"duration": {
|
|
"type": "double"
|
|
},
|
|
"enrichment": {
|
|
"properties": {
|
|
"ip": {
|
|
"properties": {
|
|
"asn_country_code": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"asn_desc": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"asn_num": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"network": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"whois": {
|
|
"properties": {
|
|
"email": {
|
|
"properties": {
|
|
"value": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
}
|
|
}
|
|
},
|
|
"kind": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"name": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"phone": {
|
|
"properties": {
|
|
"type": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"value": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"enrichmment": {
|
|
"type": "object"
|
|
},
|
|
"history": {
|
|
"type": "keyword"
|
|
},
|
|
"id": {
|
|
"properties": {
|
|
"orig_h": {
|
|
"type": "ip"
|
|
},
|
|
"orig_p": {
|
|
"type": "keyword"
|
|
},
|
|
"resp_h": {
|
|
"type": "ip"
|
|
},
|
|
"resp_p": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"local_orig": {
|
|
"type": "boolean"
|
|
},
|
|
"local_resp": {
|
|
"type": "boolean"
|
|
},
|
|
"missed_bytes": {
|
|
"type": "long"
|
|
},
|
|
"orig_bytes": {
|
|
"type": "long"
|
|
},
|
|
"orig_ip_bytes": {
|
|
"type": "long"
|
|
},
|
|
"orig_l2_addr": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"orig_pkts": {
|
|
"type": "long"
|
|
},
|
|
"proto": {
|
|
"type": "keyword"
|
|
},
|
|
"resp_bytes": {
|
|
"type": "long"
|
|
},
|
|
"resp_ip_bytes": {
|
|
"type": "long"
|
|
},
|
|
"resp_l2_addr": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"resp_pkts": {
|
|
"type": "long"
|
|
},
|
|
"service": {
|
|
"type": "keyword"
|
|
},
|
|
"tltype": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"ts": {
|
|
"format": "epoch_second",
|
|
"type": "date"
|
|
},
|
|
"tunnel_parents": {
|
|
"type": "keyword"
|
|
},
|
|
"uid": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"dns": {
|
|
"_all": {
|
|
"enabled": false
|
|
},
|
|
"properties": {
|
|
"AA": {
|
|
"type": "boolean"
|
|
},
|
|
"RA": {
|
|
"type": "boolean"
|
|
},
|
|
"RD": {
|
|
"type": "boolean"
|
|
},
|
|
"TC": {
|
|
"type": "boolean"
|
|
},
|
|
"TTLs": {
|
|
"type": "double"
|
|
},
|
|
"Z": {
|
|
"type": "long"
|
|
},
|
|
"answers": {
|
|
"type": "keyword"
|
|
},
|
|
"client_id": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"enrichment": {
|
|
"type": "object"
|
|
},
|
|
"id": {
|
|
"properties": {
|
|
"orig_h": {
|
|
"type": "ip"
|
|
},
|
|
"orig_p": {
|
|
"type": "keyword"
|
|
},
|
|
"resp_h": {
|
|
"type": "ip"
|
|
},
|
|
"resp_p": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"proto": {
|
|
"type": "keyword"
|
|
},
|
|
"qclass": {
|
|
"type": "long"
|
|
},
|
|
"qclass_name": {
|
|
"type": "keyword"
|
|
},
|
|
"qtype": {
|
|
"type": "long"
|
|
},
|
|
"qtype_name": {
|
|
"type": "keyword"
|
|
},
|
|
"query": {
|
|
"type": "keyword"
|
|
},
|
|
"rcode": {
|
|
"type": "long"
|
|
},
|
|
"rcode_name": {
|
|
"type": "keyword"
|
|
},
|
|
"rejected": {
|
|
"type": "boolean"
|
|
},
|
|
"rtt": {
|
|
"type": "double"
|
|
},
|
|
"tltype": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"trans_id": {
|
|
"type": "long"
|
|
},
|
|
"ts": {
|
|
"format": "epoch_second",
|
|
"type": "date"
|
|
},
|
|
"uid": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"dpd": {
|
|
"_all": {
|
|
"enabled": false
|
|
},
|
|
"properties": {
|
|
"analyzer": {
|
|
"type": "keyword"
|
|
},
|
|
"failure_reason": {
|
|
"type": "keyword"
|
|
},
|
|
"id": {
|
|
"properties": {
|
|
"orig_h": {
|
|
"type": "ip"
|
|
},
|
|
"orig_p": {
|
|
"type": "keyword"
|
|
},
|
|
"resp_h": {
|
|
"type": "ip"
|
|
},
|
|
"resp_p": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"proto": {
|
|
"type": "keyword"
|
|
},
|
|
"ts": {
|
|
"format": "epoch_second",
|
|
"type": "date"
|
|
},
|
|
"uid": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"files": {
|
|
"_all": {
|
|
"enabled": false
|
|
},
|
|
"properties": {
|
|
"analyzers": {
|
|
"type": "keyword"
|
|
},
|
|
"client_id": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"conn_uids": {
|
|
"type": "keyword"
|
|
},
|
|
"depth": {
|
|
"type": "long"
|
|
},
|
|
"duration": {
|
|
"type": "double"
|
|
},
|
|
"enrichment": {
|
|
"type": "object"
|
|
},
|
|
"extracted": {
|
|
"type": "keyword"
|
|
},
|
|
"extracted_cutoff": {
|
|
"type": "boolean"
|
|
},
|
|
"extracted_size": {
|
|
"type": "long"
|
|
},
|
|
"filename": {
|
|
"type": "keyword"
|
|
},
|
|
"fuid": {
|
|
"type": "keyword"
|
|
},
|
|
"is_orig": {
|
|
"type": "boolean"
|
|
},
|
|
"local_orig": {
|
|
"type": "boolean"
|
|
},
|
|
"md5": {
|
|
"type": "keyword"
|
|
},
|
|
"mime_type": {
|
|
"type": "keyword"
|
|
},
|
|
"missing_bytes": {
|
|
"type": "long"
|
|
},
|
|
"overflow_bytes": {
|
|
"type": "long"
|
|
},
|
|
"parent_fuid": {
|
|
"type": "keyword"
|
|
},
|
|
"rx_hosts": {
|
|
"type": "ip"
|
|
},
|
|
"seen_bytes": {
|
|
"type": "long"
|
|
},
|
|
"sha1": {
|
|
"type": "keyword"
|
|
},
|
|
"sha256": {
|
|
"type": "keyword"
|
|
},
|
|
"source": {
|
|
"type": "keyword"
|
|
},
|
|
"timedout": {
|
|
"type": "boolean"
|
|
},
|
|
"tltype": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"total_bytes": {
|
|
"type": "long"
|
|
},
|
|
"ts": {
|
|
"format": "epoch_second",
|
|
"type": "date"
|
|
},
|
|
"tx_hosts": {
|
|
"type": "ip"
|
|
}
|
|
}
|
|
},
|
|
"http": {
|
|
"_all": {
|
|
"enabled": false
|
|
},
|
|
"properties": {
|
|
"client_id": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"enrichment": {
|
|
"type": "object"
|
|
},
|
|
"host": {
|
|
"type": "keyword"
|
|
},
|
|
"id": {
|
|
"properties": {
|
|
"orig_h": {
|
|
"type": "ip"
|
|
},
|
|
"orig_p": {
|
|
"type": "keyword"
|
|
},
|
|
"resp_h": {
|
|
"type": "ip"
|
|
},
|
|
"resp_p": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"info_code": {
|
|
"type": "long"
|
|
},
|
|
"info_msg": {
|
|
"type": "keyword"
|
|
},
|
|
"method": {
|
|
"type": "keyword"
|
|
},
|
|
"orig_filenames": {
|
|
"type": "keyword"
|
|
},
|
|
"orig_fuids": {
|
|
"type": "keyword"
|
|
},
|
|
"orig_mime_types": {
|
|
"type": "keyword"
|
|
},
|
|
"password": {
|
|
"type": "keyword"
|
|
},
|
|
"proxied": {
|
|
"type": "keyword"
|
|
},
|
|
"referrer": {
|
|
"type": "keyword"
|
|
},
|
|
"request_body_len": {
|
|
"type": "long"
|
|
},
|
|
"resp_filenames": {
|
|
"type": "keyword"
|
|
},
|
|
"resp_fuids": {
|
|
"type": "keyword"
|
|
},
|
|
"resp_mime_types": {
|
|
"type": "keyword"
|
|
},
|
|
"response_body_len": {
|
|
"type": "long"
|
|
},
|
|
"status_code": {
|
|
"type": "long"
|
|
},
|
|
"status_msg": {
|
|
"type": "keyword"
|
|
},
|
|
"tags": {
|
|
"type": "keyword"
|
|
},
|
|
"tltype": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"trans_depth": {
|
|
"type": "long"
|
|
},
|
|
"ts": {
|
|
"format": "epoch_second",
|
|
"type": "date"
|
|
},
|
|
"uid": {
|
|
"type": "keyword"
|
|
},
|
|
"uri": {
|
|
"type": "keyword"
|
|
},
|
|
"user_agent": {
|
|
"type": "keyword"
|
|
},
|
|
"username": {
|
|
"type": "keyword"
|
|
},
|
|
"version": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"loaded_scripts": {
|
|
"_all": {
|
|
"enabled": false
|
|
},
|
|
"properties": {
|
|
"name": {
|
|
"type": "keyword"
|
|
},
|
|
"ts": {
|
|
"format": "epoch_second",
|
|
"type": "date"
|
|
}
|
|
}
|
|
},
|
|
"notice": {
|
|
"_all": {
|
|
"enabled": false
|
|
},
|
|
"properties": {
|
|
"actions": {
|
|
"type": "keyword"
|
|
},
|
|
"client_id": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"dropped": {
|
|
"type": "boolean"
|
|
},
|
|
"dst": {
|
|
"type": "ip"
|
|
},
|
|
"enrichment": {
|
|
"type": "object"
|
|
},
|
|
"file_desc": {
|
|
"type": "keyword"
|
|
},
|
|
"file_mime_type": {
|
|
"type": "keyword"
|
|
},
|
|
"fuid": {
|
|
"type": "keyword"
|
|
},
|
|
"id": {
|
|
"properties": {
|
|
"orig_h": {
|
|
"type": "ip"
|
|
},
|
|
"orig_p": {
|
|
"type": "keyword"
|
|
},
|
|
"resp_h": {
|
|
"type": "ip"
|
|
},
|
|
"resp_p": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"msg": {
|
|
"type": "keyword"
|
|
},
|
|
"n": {
|
|
"type": "long"
|
|
},
|
|
"note": {
|
|
"type": "keyword"
|
|
},
|
|
"p": {
|
|
"type": "keyword"
|
|
},
|
|
"peer_descr": {
|
|
"type": "keyword"
|
|
},
|
|
"proto": {
|
|
"type": "keyword"
|
|
},
|
|
"remote_location": {
|
|
"properties": {
|
|
"city": {
|
|
"type": "keyword"
|
|
},
|
|
"country_code": {
|
|
"type": "keyword"
|
|
},
|
|
"latitude": {
|
|
"type": "double"
|
|
},
|
|
"longitude": {
|
|
"type": "double"
|
|
},
|
|
"region": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"src": {
|
|
"type": "ip"
|
|
},
|
|
"sub": {
|
|
"type": "keyword"
|
|
},
|
|
"suppress_for": {
|
|
"type": "double"
|
|
},
|
|
"tltype": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"ts": {
|
|
"format": "epoch_second",
|
|
"type": "date"
|
|
},
|
|
"uid": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"packet_filter": {
|
|
"_all": {
|
|
"enabled": false
|
|
},
|
|
"properties": {
|
|
"filter": {
|
|
"type": "keyword"
|
|
},
|
|
"init": {
|
|
"type": "boolean"
|
|
},
|
|
"node": {
|
|
"type": "keyword"
|
|
},
|
|
"success": {
|
|
"type": "boolean"
|
|
},
|
|
"ts": {
|
|
"format": "epoch_second",
|
|
"type": "date"
|
|
}
|
|
}
|
|
},
|
|
"pe": {
|
|
"properties": {
|
|
"client_id": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"compile_ts": {
|
|
"type": "float"
|
|
},
|
|
"enrichment": {
|
|
"type": "object"
|
|
},
|
|
"has_cert_table": {
|
|
"type": "boolean"
|
|
},
|
|
"has_debug_data": {
|
|
"type": "boolean"
|
|
},
|
|
"has_export_table": {
|
|
"type": "boolean"
|
|
},
|
|
"has_import_table": {
|
|
"type": "boolean"
|
|
},
|
|
"is_64bit": {
|
|
"type": "boolean"
|
|
},
|
|
"is_exe": {
|
|
"type": "boolean"
|
|
},
|
|
"machine": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"os": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"section_names": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"subsystem": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"tltype": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"ts": {
|
|
"format": "epoch_second",
|
|
"type": "date"
|
|
},
|
|
"uid": {
|
|
"type": "keyword"
|
|
},
|
|
"uses_aslr": {
|
|
"type": "boolean"
|
|
},
|
|
"uses_code_integrity": {
|
|
"type": "boolean"
|
|
},
|
|
"uses_dep": {
|
|
"type": "boolean"
|
|
},
|
|
"uses_seh": {
|
|
"type": "boolean"
|
|
}
|
|
}
|
|
},
|
|
"rdp": {
|
|
"properties": {
|
|
"cert_count": {
|
|
"type": "long"
|
|
},
|
|
"cookie": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"id": {
|
|
"properties": {
|
|
"orig_h": {
|
|
"type": "ip"
|
|
},
|
|
"orig_p": {
|
|
"type": "keyword"
|
|
},
|
|
"resp_h": {
|
|
"type": "ip"
|
|
},
|
|
"resp_p": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"result": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"security_protocol": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"tltype": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"ts": {
|
|
"format": "epoch_second",
|
|
"type": "date"
|
|
},
|
|
"uid": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"reporter": {
|
|
"_all": {
|
|
"enabled": false
|
|
},
|
|
"properties": {
|
|
"level": {
|
|
"type": "keyword"
|
|
},
|
|
"location": {
|
|
"type": "keyword"
|
|
},
|
|
"message": {
|
|
"type": "keyword"
|
|
},
|
|
"ts": {
|
|
"format": "epoch_second",
|
|
"type": "date"
|
|
}
|
|
}
|
|
},
|
|
"smb_files": {
|
|
"properties": {
|
|
"action": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"client_id": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"enrichment": {
|
|
"type": "object"
|
|
},
|
|
"fuid": {
|
|
"type": "keyword"
|
|
},
|
|
"id": {
|
|
"properties": {
|
|
"orig_h": {
|
|
"type": "ip"
|
|
},
|
|
"orig_p": {
|
|
"type": "keyword"
|
|
},
|
|
"resp_h": {
|
|
"type": "ip"
|
|
},
|
|
"resp_p": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"name": {
|
|
"type": "keyword"
|
|
},
|
|
"path": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"prev_name": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"size": {
|
|
"type": "long"
|
|
},
|
|
"times": {
|
|
"properties": {
|
|
"accessed": {
|
|
"type": "float"
|
|
},
|
|
"changed": {
|
|
"type": "float"
|
|
},
|
|
"created": {
|
|
"type": "float"
|
|
},
|
|
"modified": {
|
|
"type": "float"
|
|
}
|
|
}
|
|
},
|
|
"tltype": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"ts": {
|
|
"format": "epoch_second",
|
|
"type": "date"
|
|
},
|
|
"uid": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"smb_mapping": {
|
|
"properties": {
|
|
"client_id": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"id": {
|
|
"properties": {
|
|
"orig_h": {
|
|
"type": "ip"
|
|
},
|
|
"orig_p": {
|
|
"type": "keyword"
|
|
},
|
|
"resp_h": {
|
|
"type": "ip"
|
|
},
|
|
"resp_p": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"path": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"share_type": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"tltype": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"ts": {
|
|
"format": "epoch_second",
|
|
"type": "date"
|
|
},
|
|
"uid": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"smtp": {
|
|
"properties": {
|
|
"cc": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"client_id": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"date": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"enrichment": {
|
|
"type": "object"
|
|
},
|
|
"first_received": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"from": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"fuids": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"helo": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"id": {
|
|
"properties": {
|
|
"orig_h": {
|
|
"type": "ip"
|
|
},
|
|
"orig_p": {
|
|
"type": "keyword"
|
|
},
|
|
"resp_h": {
|
|
"type": "ip"
|
|
},
|
|
"resp_p": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"in_reply_to": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"is_webmail": {
|
|
"type": "boolean"
|
|
},
|
|
"last_reply": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"mailfrom": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"msg_id": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"path": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"rcptto": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"reply_to": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"subject": {
|
|
"type": "keyword"
|
|
},
|
|
"tls": {
|
|
"type": "boolean"
|
|
},
|
|
"tltype": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"to": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"trans_depth": {
|
|
"type": "long"
|
|
},
|
|
"ts": {
|
|
"format": "epoch_second",
|
|
"type": "date"
|
|
},
|
|
"uid": {
|
|
"type": "keyword"
|
|
},
|
|
"user_agent": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"snmp": {
|
|
"properties": {
|
|
"client_id": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"community": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"duration": {
|
|
"type": "double"
|
|
},
|
|
"enrichment": {
|
|
"type": "object"
|
|
},
|
|
"get_bulk_requests": {
|
|
"type": "long"
|
|
},
|
|
"get_requests": {
|
|
"type": "long"
|
|
},
|
|
"get_responses": {
|
|
"type": "long"
|
|
},
|
|
"id": {
|
|
"properties": {
|
|
"orig_h": {
|
|
"type": "ip"
|
|
},
|
|
"orig_p": {
|
|
"type": "keyword"
|
|
},
|
|
"resp_h": {
|
|
"type": "ip"
|
|
},
|
|
"resp_p": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"set_requests": {
|
|
"type": "long"
|
|
},
|
|
"tltype": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"ts": {
|
|
"format": "epoch_second",
|
|
"type": "date"
|
|
},
|
|
"uid": {
|
|
"type": "keyword"
|
|
},
|
|
"version": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"software": {
|
|
"properties": {
|
|
"client_id": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"enrichment": {
|
|
"type": "object"
|
|
},
|
|
"host": {
|
|
"type": "keyword"
|
|
},
|
|
"host_p": {
|
|
"type": "long"
|
|
},
|
|
"name": {
|
|
"type": "keyword"
|
|
},
|
|
"software_type": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"tltype": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"ts": {
|
|
"format": "epoch_second",
|
|
"type": "date"
|
|
},
|
|
"unparsed_version": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"version_addl": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"version_major": {
|
|
"type": "long"
|
|
},
|
|
"version_minor": {
|
|
"type": "long"
|
|
},
|
|
"version_minor2": {
|
|
"type": "long"
|
|
},
|
|
"version_minor3": {
|
|
"type": "long"
|
|
}
|
|
}
|
|
},
|
|
"ssh": {
|
|
"properties": {
|
|
"auth_attempts": {
|
|
"type": "long"
|
|
},
|
|
"auth_success": {
|
|
"type": "boolean"
|
|
},
|
|
"cipher_alg": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"client": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"compression_alg": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"host_key": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"host_key_alg": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"id": {
|
|
"properties": {
|
|
"orig_h": {
|
|
"type": "ip"
|
|
},
|
|
"orig_p": {
|
|
"type": "keyword"
|
|
},
|
|
"resp_h": {
|
|
"type": "ip"
|
|
},
|
|
"resp_p": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"kex_alg": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"mac_alg": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"server": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"tltype": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"ts": {
|
|
"format": "epoch_second",
|
|
"type": "date"
|
|
},
|
|
"uid": {
|
|
"type": "keyword"
|
|
},
|
|
"version": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"ssl": {
|
|
"_all": {
|
|
"enabled": false
|
|
},
|
|
"properties": {
|
|
"cert_chain_fuids": {
|
|
"type": "keyword"
|
|
},
|
|
"cipher": {
|
|
"type": "keyword"
|
|
},
|
|
"client_cert_chain_fuids": {
|
|
"type": "keyword"
|
|
},
|
|
"client_id": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"client_issuer": {
|
|
"type": "keyword"
|
|
},
|
|
"client_subject": {
|
|
"type": "keyword"
|
|
},
|
|
"curve": {
|
|
"type": "keyword"
|
|
},
|
|
"enrichment": {
|
|
"type": "object"
|
|
},
|
|
"established": {
|
|
"type": "boolean"
|
|
},
|
|
"id": {
|
|
"properties": {
|
|
"orig_h": {
|
|
"type": "ip"
|
|
},
|
|
"orig_p": {
|
|
"type": "keyword"
|
|
},
|
|
"resp_h": {
|
|
"type": "ip"
|
|
},
|
|
"resp_p": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"issuer": {
|
|
"type": "keyword"
|
|
},
|
|
"last_alert": {
|
|
"type": "keyword"
|
|
},
|
|
"next_protocol": {
|
|
"type": "keyword"
|
|
},
|
|
"resumed": {
|
|
"type": "boolean"
|
|
},
|
|
"server_name": {
|
|
"type": "keyword"
|
|
},
|
|
"subject": {
|
|
"type": "keyword"
|
|
},
|
|
"tltype": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"ts": {
|
|
"format": "epoch_second",
|
|
"type": "date"
|
|
},
|
|
"uid": {
|
|
"type": "keyword"
|
|
},
|
|
"validation_status": {
|
|
"type": "keyword"
|
|
},
|
|
"version": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"stats": {
|
|
"_all": {
|
|
"enabled": false
|
|
},
|
|
"properties": {
|
|
"active_dns_requests": {
|
|
"type": "long"
|
|
},
|
|
"active_files": {
|
|
"type": "long"
|
|
},
|
|
"active_icmp_conns": {
|
|
"type": "long"
|
|
},
|
|
"active_tcp_conns": {
|
|
"type": "long"
|
|
},
|
|
"active_timers": {
|
|
"type": "long"
|
|
},
|
|
"active_udp_conns": {
|
|
"type": "long"
|
|
},
|
|
"bytes_recv": {
|
|
"type": "long"
|
|
},
|
|
"client_id": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"dns_requests": {
|
|
"type": "long"
|
|
},
|
|
"enrichment": {
|
|
"type": "object"
|
|
},
|
|
"events_proc": {
|
|
"type": "long"
|
|
},
|
|
"events_queued": {
|
|
"type": "long"
|
|
},
|
|
"files": {
|
|
"type": "long"
|
|
},
|
|
"icmp_conns": {
|
|
"type": "long"
|
|
},
|
|
"mem": {
|
|
"type": "long"
|
|
},
|
|
"peer": {
|
|
"type": "keyword"
|
|
},
|
|
"pkt_lag": {
|
|
"type": "double"
|
|
},
|
|
"pkts_dropped": {
|
|
"type": "long"
|
|
},
|
|
"pkts_link": {
|
|
"type": "long"
|
|
},
|
|
"pkts_proc": {
|
|
"type": "long"
|
|
},
|
|
"reassem_file_size": {
|
|
"type": "long"
|
|
},
|
|
"reassem_frag_size": {
|
|
"type": "long"
|
|
},
|
|
"reassem_tcp_size": {
|
|
"type": "long"
|
|
},
|
|
"reassem_unknown_size": {
|
|
"type": "long"
|
|
},
|
|
"tcp_conns": {
|
|
"type": "long"
|
|
},
|
|
"timers": {
|
|
"type": "long"
|
|
},
|
|
"tltype": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"ts": {
|
|
"format": "epoch_second",
|
|
"type": "date"
|
|
},
|
|
"udp_conns": {
|
|
"type": "long"
|
|
}
|
|
}
|
|
},
|
|
"tunnel": {
|
|
"properties": {
|
|
"action": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"client_id": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"enrichment": {
|
|
"type": "object"
|
|
},
|
|
"id": {
|
|
"properties": {
|
|
"orig_h": {
|
|
"type": "ip"
|
|
},
|
|
"orig_p": {
|
|
"type": "keyword"
|
|
},
|
|
"resp_h": {
|
|
"type": "ip"
|
|
},
|
|
"resp_p": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"tltype": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"ts": {
|
|
"format": "epoch_second",
|
|
"type": "date"
|
|
},
|
|
"tunnel_type": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"uid": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"weird": {
|
|
"_all": {
|
|
"enabled": false
|
|
},
|
|
"properties": {
|
|
"addl": {
|
|
"type": "keyword"
|
|
},
|
|
"client_id": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"enrichment": {
|
|
"type": "object"
|
|
},
|
|
"id": {
|
|
"properties": {
|
|
"orig_h": {
|
|
"type": "ip"
|
|
},
|
|
"orig_p": {
|
|
"type": "keyword"
|
|
},
|
|
"resp_h": {
|
|
"type": "ip"
|
|
},
|
|
"resp_p": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"name": {
|
|
"type": "keyword"
|
|
},
|
|
"notice": {
|
|
"type": "boolean"
|
|
},
|
|
"peer": {
|
|
"type": "keyword"
|
|
},
|
|
"tltype": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"ts": {
|
|
"format": "epoch_second",
|
|
"type": "date"
|
|
},
|
|
"uid": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"x509": {
|
|
"properties": {
|
|
"basic_constraints": {
|
|
"properties": {
|
|
"ca": {
|
|
"type": "boolean"
|
|
},
|
|
"path_len": {
|
|
"type": "long"
|
|
}
|
|
}
|
|
},
|
|
"certificate": {
|
|
"properties": {
|
|
"curve": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"exponent": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"issuer": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"key_alg": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"key_length": {
|
|
"type": "long"
|
|
},
|
|
"key_type": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"not_valid_after": {
|
|
"type": "float"
|
|
},
|
|
"not_valid_before": {
|
|
"type": "float"
|
|
},
|
|
"serial": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"sig_alg": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"subject": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"version": {
|
|
"type": "long"
|
|
}
|
|
}
|
|
},
|
|
"client_id": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"enrichment": {
|
|
"type": "object"
|
|
},
|
|
"san": {
|
|
"properties": {
|
|
"dns": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"email": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
}
|
|
}
|
|
},
|
|
"tltype": {
|
|
"fields": {
|
|
"keyword": {
|
|
"ignore_above": 256,
|
|
"type": "keyword"
|
|
}
|
|
},
|
|
"type": "text"
|
|
},
|
|
"ts": {
|
|
"format": "epoch_second",
|
|
"type": "date"
|
|
},
|
|
"uid": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|