diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc index c2eed4794c2..b3893d2c828 100644 --- a/CHANGELOG.asciidoc +++ b/CHANGELOG.asciidoc @@ -72,6 +72,7 @@ https://github.com/elastic/beats/compare/v5.0.0-alpha1...master[Check the HEAD d - Configuration options and CLI flags for setting the home, data and config paths. {pull}1373[1373] - Configuration options and CLI flags for setting the default logs path. {pull}1437[1437] - Update to Go 1.6.2 {pull}1447[1447] +- Add Elasticsearch template files compatible with Elasticsearch 2.x. {pull}1501[1501] *Packetbeat* diff --git a/dev-tools/packer/platforms/binary/run.sh.j2 b/dev-tools/packer/platforms/binary/run.sh.j2 index c6de5cb9d04..6df168ecaf6 100644 --- a/dev-tools/packer/platforms/binary/run.sh.j2 +++ b/dev-tools/packer/platforms/binary/run.sh.j2 @@ -15,6 +15,7 @@ cp -a homedirs/{{.beat_name}}/. /{{.beat_name}}-${VERSION}-{{.bin_arch}}/ cp {{.beat_name}}-linux-{{.arch}} /{{.beat_name}}-${VERSION}-{{.bin_arch}}/{{.beat_name}} cp {{.beat_name}}-binary.yml /{{.beat_name}}-${VERSION}-{{.bin_arch}}/{{.beat_name}}.yml cp {{.beat_name}}.template.json /{{.beat_name}}-${VERSION}-{{.bin_arch}}/ +cp {{.beat_name}}.template-es2x.json /{{.beat_name}}-${VERSION}-{{.bin_arch}}/ mkdir -p upload/{{.beat_name}} tar czvf upload/{{.beat_name}}/{{.beat_name}}-${VERSION}-{{.bin_arch}}.tar.gz /{{.beat_name}}-${VERSION}-{{.bin_arch}} diff --git a/dev-tools/packer/platforms/centos/run.sh.j2 b/dev-tools/packer/platforms/centos/run.sh.j2 index 1ae74cd03b4..6c7a34191e8 100644 --- a/dev-tools/packer/platforms/centos/run.sh.j2 +++ b/dev-tools/packer/platforms/centos/run.sh.j2 @@ -36,6 +36,7 @@ fpm --force -s dir -t rpm \ {{.beat_name}}-linux-{{.arch}}=/usr/share/{{.beat_name}}/bin/{{.beat_name}} \ {{.beat_name}}-linux.yml=/etc/{{.beat_name}}/{{.beat_name}}.yml \ {{.beat_name}}.template.json=/etc/{{.beat_name}}/{{.beat_name}}.template.json \ + {{.beat_name}}.template-es2x.json=/etc/{{.beat_name}}/{{.beat_name}}.template-es2x.json \ ${RUNID}.service=/lib/systemd/system/{{.beat_name}}.service \ god-linux-{{.arch}}=/usr/share/{{.beat_name}}/bin/{{.beat_name}}-god diff --git a/dev-tools/packer/platforms/darwin/run.sh.j2 b/dev-tools/packer/platforms/darwin/run.sh.j2 index 9f9690c11b5..80f3fcdffc2 100644 --- a/dev-tools/packer/platforms/darwin/run.sh.j2 +++ b/dev-tools/packer/platforms/darwin/run.sh.j2 @@ -15,6 +15,7 @@ cp -a homedirs/{{.beat_name}}/. /{{.beat_name}}-${VERSION}-darwin/ cp {{.beat_name}}-darwin-amd64 /{{.beat_name}}-${VERSION}-darwin/{{.beat_name}} cp {{.beat_name}}-darwin.yml /{{.beat_name}}-${VERSION}-darwin/{{.beat_name}}.yml cp {{.beat_name}}.template.json /{{.beat_name}}-${VERSION}-darwin/ +cp {{.beat_name}}.template-es2x.json /{{.beat_name}}-${VERSION}-darwin/ mkdir -p upload/{{.beat_name}} tar czvf upload/{{.beat_name}}/{{.beat_name}}-${VERSION}-darwin.tgz /{{.beat_name}}-${VERSION}-darwin diff --git a/dev-tools/packer/platforms/debian/run.sh.j2 b/dev-tools/packer/platforms/debian/run.sh.j2 index 80cb9015a71..27dc100c6f9 100644 --- a/dev-tools/packer/platforms/debian/run.sh.j2 +++ b/dev-tools/packer/platforms/debian/run.sh.j2 @@ -36,6 +36,7 @@ fpm --force -s dir -t deb \ {{.beat_name}}-linux-{{.arch}}=/usr/share/{{.beat_name}}/bin/{{.beat_name}} \ {{.beat_name}}-linux.yml=/etc/{{.beat_name}}/{{.beat_name}}.yml \ {{.beat_name}}.template.json=/etc/{{.beat_name}}/{{.beat_name}}.template.json \ + {{.beat_name}}.template-es2x.json=/etc/{{.beat_name}}/{{.beat_name}}.template-es2x.json \ ${RUNID}.service=/lib/systemd/system/{{.beat_name}}.service \ god-linux-{{.arch}}=/usr/share/{{.beat_name}}/bin/{{.beat_name}}-god diff --git a/dev-tools/packer/platforms/windows/run.sh.j2 b/dev-tools/packer/platforms/windows/run.sh.j2 index 82937fa0648..eabe62b9003 100644 --- a/dev-tools/packer/platforms/windows/run.sh.j2 +++ b/dev-tools/packer/platforms/windows/run.sh.j2 @@ -16,6 +16,7 @@ cp {{.beat_name}}-windows-{{.arch}}.exe /{{.beat_name}}-${VERSION}-windows/{{.be unix2dos {{.beat_name}}-win.yml cp {{.beat_name}}-win.yml /{{.beat_name}}-${VERSION}-windows/{{.beat_name}}.yml cp {{.beat_name}}.template.json /{{.beat_name}}-${VERSION}-windows/ +cp {{.beat_name}}.template-es2x.json /{{.beat_name}}-${VERSION}-windows/ cp install-service-{{.beat_name}}.ps1 /{{.beat_name}}-${VERSION}-windows/ cp uninstall-service-{{.beat_name}}.ps1 /{{.beat_name}}-${VERSION}-windows/ diff --git a/dev-tools/packer/xgo-scripts/before_build.sh b/dev-tools/packer/xgo-scripts/before_build.sh index e996385315b..4e7fab505ec 100755 --- a/dev-tools/packer/xgo-scripts/before_build.sh +++ b/dev-tools/packer/xgo-scripts/before_build.sh @@ -29,6 +29,7 @@ fi # Copy template cp $BEATNAME.template.json $PREFIX/$BEATNAME.template.json +cp $BEATNAME.template-es2x.json $PREFIX/$BEATNAME.template-es2x.json # linux cp $BEATNAME.yml $PREFIX/$BEATNAME-linux.yml diff --git a/filebeat/filebeat.template-es2x.json b/filebeat/filebeat.template-es2x.json new file mode 100644 index 00000000000..780dbd7d050 --- /dev/null +++ b/filebeat/filebeat.template-es2x.json @@ -0,0 +1,73 @@ +{ + "mappings": { + "_default_": { + "_all": { + "norms": { + "enabled": false + } + }, + "dynamic_templates": [ + { + "fields": { + "mapping": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "string", + "path_match": "fields.*" + } + } + ], + "properties": { + "@timestamp": { + "type": "date" + }, + "beat": { + "properties": { + "hostname": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "name": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + }, + "input_type": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "message": { + "index": "analyzed", + "norms": { + "enabled": false + }, + "type": "string" + }, + "offset": { + "type": "long" + }, + "source": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "type": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + } + }, + "order": 0, + "settings": { + "index.refresh_interval": "5s" + }, + "template": "filebeat-*" +} \ No newline at end of file diff --git a/filebeat/filebeat.template.json b/filebeat/filebeat.template.json index f5a1657c956..80fb11e9ab6 100644 --- a/filebeat/filebeat.template.json +++ b/filebeat/filebeat.template.json @@ -9,7 +9,6 @@ "fields": { "mapping": { "ignore_above": 1024, - "index": true, "type": "keyword" }, "match_mapping_type": "string", diff --git a/libbeat/scripts/generate_template.py b/libbeat/scripts/generate_template.py index 28ea9f11759..c75d350a679 100644 --- a/libbeat/scripts/generate_template.py +++ b/libbeat/scripts/generate_template.py @@ -9,12 +9,12 @@ python generate_template.py filebeat/ filebeat """ -import sys import yaml import json +import argparse -def fields_to_es_template(input, output, index): +def fields_to_es_template(args, input, output, index): """ Reads the YAML file from input and generates the JSON for the ES template in output. input and output are both file @@ -63,11 +63,18 @@ def fields_to_es_template(input, output, index): } } + if args.es2x: + # different syntax for norms + template["mappings"]["_default_"]["_all"]["norms"] = { + "enabled": False + } + properties = {} dynamic_templates = [] for doc, section in docs.items(): if doc != "defaults": - prop, dynamic = fill_section_properties(section, defaults, "") + prop, dynamic = fill_section_properties(args, section, + defaults, "") properties.update(prop) dynamic_templates.extend(dynamic) @@ -120,7 +127,7 @@ def dedot(group): return group -def fill_section_properties(section, defaults, path): +def fill_section_properties(args, section, defaults, path): """ Traverse the sections tree and fill in the properties map. @@ -129,14 +136,14 @@ def fill_section_properties(section, defaults, path): dynamic_templates = [] for field in section["fields"]: - prop, dynamic = fill_field_properties(field, defaults, path) + prop, dynamic = fill_field_properties(args, field, defaults, path) properties.update(prop) dynamic_templates.extend(dynamic) return properties, dynamic_templates -def fill_field_properties(field, defaults, path): +def fill_field_properties(args, field, defaults, path): """ Add data about a particular field in the properties map. @@ -148,21 +155,39 @@ def fill_field_properties(field, defaults, path): if key not in field: field[key] = defaults[key] - # TODO: Make this more dyanmic if field["type"] == "text": - properties[field["name"]] = { - "type": field["type"], - "norms": False - } + if args.es2x: + properties[field["name"]] = { + "type": "string", + "index": "analyzed", + "norms": { + "enabled": False + } + } + else: + properties[field["name"]] = { + "type": field["type"], + "norms": False + } + + elif field["type"] == "keyword": + if args.es2x: + properties[field["name"]] = { + "type": "string", + "index": "not_analyzed", + "ignore_above": 1024 + } + else: + properties[field["name"]] = { + "type": "keyword", + "ignore_above": 1024 + } elif field["type"] in ["geo_point", "date", "long", "integer", - "double", "float", "keyword", "boolean"]: + "double", "float", "boolean"]: properties[field["name"]] = { "type": field.get("type") } - if field["type"] == "keyword": - properties[field["name"]]["ignore_above"] = \ - defaults.get("ignore_above", 1024) elif field["type"] in ["dict", "list"]: if field.get("dict-type") == "keyword": @@ -173,24 +198,36 @@ def fill_field_properties(field, defaults, path): else: name = field["name"] - dynamic_templates.append({ - name: { - "mapping": { - "index": True, - "type": "keyword", - "ignore_above": 1024 - }, - "match_mapping_type": "string", - "path_match": name + ".*" - } - }) + if args.es2x: + dynamic_templates.append({ + name: { + "mapping": { + "type": "string", + "index": "not_analyzed", + "ignore_above": 1024 + }, + "match_mapping_type": "string", + "path_match": name + ".*" + } + }) + else: + dynamic_templates.append({ + name: { + "mapping": { + "type": "keyword", + "ignore_above": 1024 + }, + "match_mapping_type": "string", + "path_match": name + ".*" + } + }) elif field.get("type") == "group": if len(path) > 0: path = path + "." + field["name"] else: path = field["name"] - prop, dynamic = fill_section_properties(field, defaults, path) + prop, dynamic = fill_section_properties(args, field, defaults, path) # Only add properties if they have a content if len(prop) is not 0: @@ -207,7 +244,10 @@ def fill_field_properties(field, defaults, path): # Only add properties if they have a content if len(prop) is not 0: - properties[field.get("name")] = {"type": "nested", "properties": {}} + properties[field.get("name")] = { + "type": "nested", + "properties": {} + } properties[field.get("name")]["properties"] = prop dynamic_templates.extend(dynamic) @@ -219,18 +259,19 @@ def fill_field_properties(field, defaults, path): if __name__ == "__main__": - if len(sys.argv) != 3: - print "Usage: %s beatpath beatname" % sys.argv[0] - sys.exit(1) - - beat_path = sys.argv[1] - beat_name = sys.argv[2] - - input = open(beat_path + "/etc/fields.yml", 'r') - output = open(beat_path + "/" + beat_name + ".template.json", 'w') - - try: - fields_to_es_template(input, output, beat_name + "-*") - finally: - input.close() - output.close() + parser = argparse.ArgumentParser( + description="Generates the templates for a Beat.") + parser.add_argument("--es2x", action="store_true", + help="Generate template for Elasticsearch 2.x.") + parser.add_argument("path", help="Path to the beat folder") + parser.add_argument("beatname", help="The beat fname") + args = parser.parse_args() + + target = args.path + "/" + args.beatname + ".template" + if args.es2x: + target += "-es2x" + target += ".json" + + with open(args.path + "/etc/fields.yml", 'r') as input: + with open(target, 'w') as output: + fields_to_es_template(args, input, output, args.beatname + "-*") diff --git a/libbeat/scripts/update.sh b/libbeat/scripts/update.sh index 45f201e1168..dd3d6f1ec34 100644 --- a/libbeat/scripts/update.sh +++ b/libbeat/scripts/update.sh @@ -43,3 +43,4 @@ python ${LIBBEAT}/scripts/generate_fields_docs.py $(pwd) ${BEATNAME} # Update templates python ${LIBBEAT}/scripts/generate_template.py $(pwd) ${BEATNAME} +python ${LIBBEAT}/scripts/generate_template.py --es2x $(pwd) ${BEATNAME} diff --git a/metricbeat/metricbeat.template-es2x.json b/metricbeat/metricbeat.template-es2x.json new file mode 100644 index 00000000000..abb55555828 --- /dev/null +++ b/metricbeat/metricbeat.template-es2x.json @@ -0,0 +1,350 @@ +{ + "mappings": { + "_default_": { + "_all": { + "norms": { + "enabled": false + } + }, + "dynamic_templates": [ + { + "fields": { + "mapping": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "string", + "path_match": "fields.*" + } + } + ], + "properties": { + "@timestamp": { + "type": "date" + }, + "apache-status": { + "properties": { + "busyWorkers": { + "type": "integer" + }, + "bytesPerReq": { + "type": "float" + }, + "bytesPerSec": { + "type": "float" + }, + "connections": { + "properties": { + "connsAsyncClosing": { + "type": "integer" + }, + "connsAsyncKeepAlive": { + "type": "integer" + }, + "connsAsyncWriting": { + "type": "integer" + }, + "connsTotal": { + "type": "integer" + } + } + }, + "cpu": { + "properties": { + "cpuChildrenSystem": { + "type": "float" + }, + "cpuChildrenUser": { + "type": "float" + }, + "cpuLoad": { + "type": "float" + }, + "cpuSystem": { + "type": "float" + }, + "cpuUser": { + "type": "float" + } + } + }, + "hostname": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "idleWorkers": { + "type": "integer" + }, + "load": { + "properties": { + "load1": { + "type": "float" + }, + "load15": { + "type": "float" + }, + "load5": { + "type": "float" + } + } + }, + "reqPerSec": { + "type": "float" + }, + "scoreboard": { + "properties": { + "closingConnection": { + "type": "integer" + }, + "dnsLookup": { + "type": "integer" + }, + "gracefullyFinishing": { + "type": "integer" + }, + "idleCleanup": { + "type": "integer" + }, + "keepalive": { + "type": "integer" + }, + "logging": { + "type": "integer" + }, + "openSlot": { + "type": "integer" + }, + "readingRequest": { + "type": "integer" + }, + "sendingReply": { + "type": "integer" + }, + "startingUp": { + "type": "integer" + }, + "total": { + "type": "integer" + }, + "waitingForConnection": { + "type": "integer" + } + } + }, + "totalAccesses": { + "type": "integer" + }, + "totalKBytes": { + "type": "integer" + }, + "uptime": { + "properties": { + "serverUptimeSeconds": { + "type": "integer" + }, + "uptime": { + "type": "integer" + } + } + } + } + }, + "beat": { + "properties": { + "hostname": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "name": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + }, + "metricset": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "metricset-host": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "module": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "mysql-status": { + "properties": { + "aborted": { + "properties": { + "Aborted_clients": { + "type": "integer" + }, + "Aborted_connects": { + "type": "integer" + } + } + }, + "bytes": { + "properties": { + "Bytes_received": { + "type": "integer" + }, + "Bytes_sent": { + "type": "integer" + } + } + } + } + }, + "redis-info": { + "properties": { + "clients": { + "properties": { + "blocked_clients": { + "type": "integer" + }, + "client_biggest_input_buf": { + "type": "integer" + }, + "client_longest_output_list": { + "type": "integer" + }, + "connected_clients": { + "type": "integer" + } + } + }, + "cluster": { + "properties": { + "cluster_enabled": { + "type": "boolean" + } + } + }, + "cpu": { + "properties": { + "used_cpu_sys": { + "type": "float" + }, + "used_cpu_sys_children": { + "type": "float" + }, + "used_cpu_user": { + "type": "float" + }, + "used_cpu_user_children": { + "type": "float" + } + } + } + } + }, + "rtt": { + "type": "long" + }, + "system-cpu": { + "properties": { + "idle": { + "type": "integer" + }, + "iowait": { + "type": "integer" + }, + "irq": { + "type": "integer" + }, + "nice": { + "type": "integer" + }, + "softirq": { + "type": "integer" + }, + "steal": { + "type": "integer" + }, + "system": { + "type": "integer" + }, + "system_p": { + "type": "float" + }, + "user": { + "type": "integer" + }, + "user_p": { + "type": "float" + } + } + }, + "system-memory": { + "properties": { + "mem": { + "properties": { + "actual_free": { + "type": "integer" + }, + "actual_used": { + "type": "integer" + }, + "actual_used_p": { + "type": "float" + }, + "free": { + "type": "integer" + }, + "total": { + "type": "integer" + }, + "used": { + "type": "integer" + }, + "used_p": { + "type": "float" + } + } + }, + "swap": { + "properties": { + "free": { + "type": "integer" + }, + "total": { + "type": "integer" + }, + "used": { + "type": "integer" + }, + "used_p": { + "type": "float" + } + } + } + } + }, + "tags": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "type": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + } + }, + "order": 0, + "settings": { + "index.refresh_interval": "5s" + }, + "template": "metricbeat-*" +} \ No newline at end of file diff --git a/metricbeat/metricbeat.template.json b/metricbeat/metricbeat.template.json index ba35b11bfba..0a6f85ae2a8 100644 --- a/metricbeat/metricbeat.template.json +++ b/metricbeat/metricbeat.template.json @@ -9,7 +9,6 @@ "fields": { "mapping": { "ignore_above": 1024, - "index": true, "type": "keyword" }, "match_mapping_type": "string", diff --git a/packetbeat/packetbeat.template-es2x.json b/packetbeat/packetbeat.template-es2x.json new file mode 100644 index 00000000000..cf2a1029b71 --- /dev/null +++ b/packetbeat/packetbeat.template-es2x.json @@ -0,0 +1,1155 @@ +{ + "mappings": { + "_default_": { + "_all": { + "norms": { + "enabled": false + } + }, + "dynamic_templates": [ + { + "fields": { + "mapping": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "string", + "path_match": "fields.*" + } + }, + { + "amqp.headers": { + "mapping": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "string", + "path_match": "amqp.headers.*" + } + }, + { + "http.request_headers": { + "mapping": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "string", + "path_match": "http.request_headers.*" + } + }, + { + "http.response_headers": { + "mapping": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "string", + "path_match": "http.response_headers.*" + } + } + ], + "properties": { + "@timestamp": { + "type": "date" + }, + "amqp": { + "properties": { + "app-id": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "auto-delete": { + "type": "boolean" + }, + "class-id": { + "type": "integer" + }, + "consumer-count": { + "type": "integer" + }, + "consumer-tag": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "content-encoding": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "content-type": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "correlation-id": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "delivery-mode": { + "type": "integer" + }, + "delivery-tag": { + "type": "integer" + }, + "durable": { + "type": "boolean" + }, + "exchange": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "exchange-type": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "exclusive": { + "type": "boolean" + }, + "expiration": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "if-empty": { + "type": "boolean" + }, + "if-unused": { + "type": "boolean" + }, + "immediate": { + "type": "boolean" + }, + "mandatory": { + "type": "boolean" + }, + "message-count": { + "type": "integer" + }, + "message-id": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "method-id": { + "type": "integer" + }, + "multiple": { + "type": "boolean" + }, + "no-ack": { + "type": "boolean" + }, + "no-local": { + "type": "boolean" + }, + "no-wait": { + "type": "boolean" + }, + "passive": { + "type": "boolean" + }, + "priority": { + "type": "integer" + }, + "queue": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "redelivered": { + "type": "boolean" + }, + "reply-code": { + "type": "integer" + }, + "reply-text": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "reply-to": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "routing-key": { + "type": "integer" + }, + "timestamp": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "type": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "user-id": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + }, + "beat": { + "properties": { + "hostname": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "name": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + }, + "bytes_in": { + "type": "integer" + }, + "bytes_out": { + "type": "integer" + }, + "client_ip": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "client_location": { + "type": "geo_point" + }, + "client_port": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "client_proc": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "client_server": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "client_service": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "connection_id": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "connecttime": { + "type": "integer" + }, + "cpu_time": { + "type": "integer" + }, + "dest": { + "properties": { + "ip": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "ip_location": { + "type": "geo_point" + }, + "ipv6": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "ipv6_location": { + "type": "geo_point" + }, + "mac": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "outer_ip": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "outer_ip_location": { + "type": "geo_point" + }, + "outer_ipv6": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "outer_ipv6_location": { + "type": "geo_point" + }, + "port": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "stats": { + "properties": { + "net_bytes_total": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "net_packets_total": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + } + } + }, + "direction": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "dns": { + "properties": { + "additionals": { + "properties": { + "class": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "data": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "name": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "ttl": { + "type": "integer" + }, + "type": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + }, + "additionals_count": { + "type": "integer" + }, + "answers": { + "properties": { + "class": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "data": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "name": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "ttl": { + "type": "integer" + }, + "type": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + }, + "answers_count": { + "type": "integer" + }, + "authorities": { + "properties": { + "class": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "name": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "type": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + }, + "authorities_count": { + "type": "integer" + }, + "flags": { + "properties": { + "authentic_data": { + "type": "boolean" + }, + "authoritative": { + "type": "boolean" + }, + "checking_disabled": { + "type": "boolean" + }, + "recursion_available": { + "type": "boolean" + }, + "recursion_desired": { + "type": "boolean" + }, + "truncated_response": { + "type": "boolean" + } + } + }, + "id": { + "type": "integer" + }, + "op_code": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "opt": { + "properties": { + "do": { + "type": "boolean" + }, + "ext_rcode": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "udp_size": { + "type": "integer" + }, + "version": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + }, + "question": { + "properties": { + "class": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "etld_plus_one": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "name": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "type": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + }, + "response_code": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + }, + "dnstime": { + "type": "integer" + }, + "domloadtime": { + "type": "integer" + }, + "final": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "flow_id": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "http": { + "properties": { + "code": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "content_length": { + "type": "integer" + }, + "phrase": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + }, + "icmp": { + "properties": { + "request": { + "properties": { + "code": { + "type": "integer" + }, + "message": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "type": { + "type": "integer" + } + } + }, + "response": { + "properties": { + "code": { + "type": "integer" + }, + "message": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "type": { + "type": "integer" + } + } + }, + "version": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + }, + "icmp_id": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "ip": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "last_time": { + "type": "date" + }, + "loadtime": { + "type": "integer" + }, + "memcache": { + "properties": { + "protocol_type": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "request": { + "properties": { + "automove": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "bytes": { + "type": "integer" + }, + "cas_unique": { + "type": "integer" + }, + "command": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "count_values": { + "type": "integer" + }, + "delta": { + "type": "integer" + }, + "dest_class": { + "type": "integer" + }, + "exptime": { + "type": "integer" + }, + "flags": { + "type": "integer" + }, + "initial": { + "type": "integer" + }, + "line": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "noreply": { + "type": "boolean" + }, + "opaque": { + "type": "integer" + }, + "opcode": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "opcode_value": { + "type": "integer" + }, + "quiet": { + "type": "boolean" + }, + "raw_args": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "sleep_us": { + "type": "integer" + }, + "source_class": { + "type": "integer" + }, + "type": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "vbucket": { + "type": "integer" + }, + "verbosity": { + "type": "integer" + } + } + }, + "response": { + "properties": { + "bytes": { + "type": "integer" + }, + "cas_unique": { + "type": "integer" + }, + "command": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "count_values": { + "type": "integer" + }, + "error_msg": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "flags": { + "type": "integer" + }, + "opaque": { + "type": "integer" + }, + "opcode": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "opcode_value": { + "type": "integer" + }, + "status": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "status_code": { + "type": "integer" + }, + "type": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "value": { + "type": "integer" + }, + "version": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + } + } + }, + "method": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "mongodb": { + "properties": { + "cursorId": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "error": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "fullCollectionName": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "numberReturned": { + "type": "integer" + }, + "numberToReturn": { + "type": "integer" + }, + "numberToSkip": { + "type": "integer" + }, + "query": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "returnFieldsSelector": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "selector": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "startingFrom": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "update": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + }, + "mysql": { + "properties": { + "affected_rows": { + "type": "integer" + }, + "error_code": { + "type": "integer" + }, + "error_message": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "insert_id": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "iserror": { + "type": "boolean" + }, + "num_fields": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "num_rows": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "query": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + }, + "nfs": { + "properties": { + "minor_version": { + "type": "integer" + }, + "opcode": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "status": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "tag": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "version": { + "type": "integer" + } + } + }, + "notes": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "outer_vlan": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "params": { + "index": "analyzed", + "norms": { + "enabled": false + }, + "type": "string" + }, + "path": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "pgsql": { + "properties": { + "error_code": { + "type": "integer" + }, + "error_message": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "error_severity": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "iserror": { + "type": "boolean" + }, + "num_fields": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "num_rows": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "query": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + }, + "port": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "proc": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "query": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "real_ip": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "redis": { + "properties": { + "error": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "return_value": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + }, + "release": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "request": { + "index": "analyzed", + "norms": { + "enabled": false + }, + "type": "string" + }, + "resource": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "response": { + "index": "analyzed", + "norms": { + "enabled": false + }, + "type": "string" + }, + "responsetime": { + "type": "integer" + }, + "rpc": { + "properties": { + "auth_flavor": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "call_size": { + "type": "integer" + }, + "cred": { + "properties": { + "gid": { + "type": "integer" + }, + "gids": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "machinename": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "stamp": { + "type": "integer" + }, + "uid": { + "type": "integer" + } + } + }, + "reply_size": { + "type": "integer" + }, + "status": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "time": { + "type": "integer" + }, + "time_str": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "xid": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + }, + "server": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "service": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "source": { + "properties": { + "ip": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "ip_location": { + "type": "geo_point" + }, + "ipv6": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "ipv6_location": { + "type": "geo_point" + }, + "mac": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "outer_ip": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "outer_ip_location": { + "type": "geo_point" + }, + "outer_ipv6": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "outer_ipv6_location": { + "type": "geo_point" + }, + "port": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "stats": { + "properties": { + "net_bytes_total": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "net_packets_total": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + } + } + }, + "start_time": { + "type": "date" + }, + "status": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "tags": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "thrift": { + "properties": { + "exceptions": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "params": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "return_value": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "service": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + }, + "transport": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "type": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "vlan": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + } + }, + "order": 0, + "settings": { + "index.refresh_interval": "5s" + }, + "template": "packetbeat-*" +} \ No newline at end of file diff --git a/packetbeat/packetbeat.template.json b/packetbeat/packetbeat.template.json index fdfc8b7766b..19f75607dca 100644 --- a/packetbeat/packetbeat.template.json +++ b/packetbeat/packetbeat.template.json @@ -9,7 +9,6 @@ "fields": { "mapping": { "ignore_above": 1024, - "index": true, "type": "keyword" }, "match_mapping_type": "string", @@ -20,7 +19,6 @@ "amqp.headers": { "mapping": { "ignore_above": 1024, - "index": true, "type": "keyword" }, "match_mapping_type": "string", @@ -31,7 +29,6 @@ "http.request_headers": { "mapping": { "ignore_above": 1024, - "index": true, "type": "keyword" }, "match_mapping_type": "string", @@ -42,7 +39,6 @@ "http.response_headers": { "mapping": { "ignore_above": 1024, - "index": true, "type": "keyword" }, "match_mapping_type": "string", diff --git a/testing/environments/docker/logstash/Dockerfile-2.3.2 b/testing/environments/docker/logstash/Dockerfile-2.3.2 index d58684c43b8..db921acef91 100644 --- a/testing/environments/docker/logstash/Dockerfile-2.3.2 +++ b/testing/environments/docker/logstash/Dockerfile-2.3.2 @@ -2,7 +2,7 @@ FROM java:8-jre ENV LS_VERSION 2 -ENV DEB_URL https://download.elastic.co/logstash/logstash/packages/debian/logstash-2.3.2_all.deb?c=20160425 +ENV DEB_URL https://download.elastic.co/logstash/logstash/packages/debian/logstash_2.3.2-1_all.deb?c=20160427 ENV PATH $PATH:/opt/logstash/bin:/opt/logstash/vendor/jruby/bin diff --git a/topbeat/topbeat.template-es2x.json b/topbeat/topbeat.template-es2x.json new file mode 100644 index 00000000000..aca5bf9cbdf --- /dev/null +++ b/topbeat/topbeat.template-es2x.json @@ -0,0 +1,280 @@ +{ + "mappings": { + "_default_": { + "_all": { + "norms": { + "enabled": false + } + }, + "dynamic_templates": [ + { + "fields": { + "mapping": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "string", + "path_match": "fields.*" + } + } + ], + "properties": { + "@timestamp": { + "type": "date" + }, + "beat": { + "properties": { + "hostname": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "name": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + }, + "cpu": { + "properties": { + "idle": { + "type": "integer" + }, + "iowait": { + "type": "integer" + }, + "irq": { + "type": "integer" + }, + "nice": { + "type": "integer" + }, + "softirq": { + "type": "integer" + }, + "steal": { + "type": "integer" + }, + "system": { + "type": "integer" + }, + "system_p": { + "type": "float" + }, + "user": { + "type": "integer" + }, + "user_p": { + "type": "float" + } + } + }, + "cpus": { + "properties": { + "cpuX": { + "properties": { + "idle": { + "type": "integer" + }, + "iowait": { + "type": "integer" + }, + "nice": { + "type": "integer" + }, + "softirq": { + "type": "integer" + }, + "steal": { + "type": "integer" + }, + "system": { + "type": "integer" + }, + "system_p": { + "type": "float" + }, + "user": { + "type": "integer" + }, + "user_p": { + "type": "float" + } + } + } + } + }, + "fs": { + "properties": { + "avail": { + "type": "integer" + }, + "device_name": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "files": { + "type": "integer" + }, + "free_files": { + "type": "integer" + }, + "mount_point": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "total": { + "type": "integer" + }, + "used": { + "type": "integer" + }, + "used_p": { + "type": "float" + } + } + }, + "load": { + "properties": { + "load1": { + "type": "float" + }, + "load15": { + "type": "float" + }, + "load5": { + "type": "float" + } + } + }, + "mem": { + "properties": { + "actual_free": { + "type": "integer" + }, + "actual_used": { + "type": "integer" + }, + "actual_used_p": { + "type": "float" + }, + "free": { + "type": "integer" + }, + "total": { + "type": "integer" + }, + "used": { + "type": "integer" + }, + "used_p": { + "type": "float" + } + } + }, + "proc": { + "properties": { + "cmdline": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "cpu": { + "properties": { + "start_time": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "system": { + "type": "integer" + }, + "total": { + "type": "integer" + }, + "total_p": { + "type": "float" + }, + "user": { + "type": "integer" + } + } + }, + "mem": { + "properties": { + "rss": { + "type": "integer" + }, + "rss_p": { + "type": "float" + }, + "share": { + "type": "integer" + }, + "size": { + "type": "integer" + } + } + }, + "name": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "pid": { + "type": "integer" + }, + "ppid": { + "type": "integer" + }, + "state": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "username": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + }, + "swap": { + "properties": { + "free": { + "type": "integer" + }, + "total": { + "type": "integer" + }, + "used": { + "type": "integer" + }, + "used_p": { + "type": "float" + } + } + }, + "tags": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "type": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + } + }, + "order": 0, + "settings": { + "index.refresh_interval": "5s" + }, + "template": "topbeat-*" +} \ No newline at end of file diff --git a/topbeat/topbeat.template.json b/topbeat/topbeat.template.json index 8b7f8fd3fc9..aa92719330c 100644 --- a/topbeat/topbeat.template.json +++ b/topbeat/topbeat.template.json @@ -9,7 +9,6 @@ "fields": { "mapping": { "ignore_above": 1024, - "index": true, "type": "keyword" }, "match_mapping_type": "string", diff --git a/winlogbeat/winlogbeat.template-es2x.json b/winlogbeat/winlogbeat.template-es2x.json new file mode 100644 index 00000000000..b7374a43093 --- /dev/null +++ b/winlogbeat/winlogbeat.template-es2x.json @@ -0,0 +1,188 @@ +{ + "mappings": { + "_default_": { + "_all": { + "norms": { + "enabled": false + } + }, + "dynamic_templates": [ + { + "fields": { + "mapping": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "string", + "path_match": "fields.*" + } + }, + { + "event_data": { + "mapping": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "string", + "path_match": "event_data.*" + } + }, + { + "user_data": { + "mapping": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "string", + "path_match": "user_data.*" + } + } + ], + "properties": { + "@timestamp": { + "type": "date" + }, + "activity_id": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "beat": { + "properties": { + "hostname": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "name": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + }, + "computer_name": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "event_id": { + "type": "long" + }, + "keywords": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "level": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "log_name": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "message": { + "index": "analyzed", + "norms": { + "enabled": false + }, + "type": "string" + }, + "message_error": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "opcode": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "process_id": { + "type": "long" + }, + "provider_guid": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "record_number": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "related_activity_id": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "source_name": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "tags": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "task": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "thread_id": { + "type": "long" + }, + "type": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "user": { + "properties": { + "domain": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "identifier": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "name": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "type": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + }, + "version": { + "type": "integer" + }, + "xml": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + } + }, + "order": 0, + "settings": { + "index.refresh_interval": "5s" + }, + "template": "winlogbeat-*" +} \ No newline at end of file diff --git a/winlogbeat/winlogbeat.template.json b/winlogbeat/winlogbeat.template.json index c8e655d3045..8800533f692 100644 --- a/winlogbeat/winlogbeat.template.json +++ b/winlogbeat/winlogbeat.template.json @@ -9,7 +9,6 @@ "fields": { "mapping": { "ignore_above": 1024, - "index": true, "type": "keyword" }, "match_mapping_type": "string", @@ -20,7 +19,6 @@ "event_data": { "mapping": { "ignore_above": 1024, - "index": true, "type": "keyword" }, "match_mapping_type": "string", @@ -31,7 +29,6 @@ "user_data": { "mapping": { "ignore_above": 1024, - "index": true, "type": "keyword" }, "match_mapping_type": "string",