forked from nxhack/logstash
-
Notifications
You must be signed in to change notification settings - Fork 0
/
elasticsearch-template-es5x.json
142 lines (142 loc) · 4.64 KB
/
elasticsearch-template-es5x.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
{
"template" : "logstash-*",
"version" : 50001,
"settings" : {
"number_of_replicas" : 0,
"number_of_shards" : 1,
"index.refresh_interval" : "5s"
},
"mappings" : {
"_default_" : {
"_all" : {"enabled" : true, "norms" : false},
"dynamic_templates" : [ {
"message_field" : {
"path_match" : "message",
"match_mapping_type" : "string",
"mapping" : {
"type" : "text",
"norms" : false
}
}
}, {
"string_fields" : {
"match" : "*",
"match_mapping_type" : "string",
"mapping" : {
"type" : "text", "norms" : false,
"fields" : {
"keyword" : { "type": "keyword" }
}
}
}
} ],
"properties" : {
"@timestamp": { "type": "date", "include_in_all": false },
"@version": { "type": "keyword", "include_in_all": false },
"apache_agent": { "type": "text", "norms" : false },
"apache_request": { "type": "text", "norms" : false },
"apache_referrer": { "type": "text", "norms" : false },
"apache_error_message": { "type": "text", "norms" : false },
"syslog_message": { "type": "text", "norms" : false },
"dpkg_message": { "type": "text", "norms" : false },
"amavis_source_ip": { "type": "ip" },
"amavis_relay_ip": { "type": "ip" },
"amavis_origin_ip": { "type": "ip" },
"clamd_source_ip": { "type": "ip" },
"clamd_relay_ip": { "type": "ip" },
"clamd_origin_ip": { "type": "ip" },
"postfix_relay_ip": { "type": "ip" },
"postfix_server_ip": { "type": "ip" },
"postfix_client_ip": { "type": "ip" },
"postfix_dnsbl_result": { "type": "ip" },
"sshd_listen_ip": { "type": "ip" },
"sshd_client_ip": { "type": "ip" },
"zimbra_account_ip": { "type": "ip" },
"zimbra_account_oip": { "type": "ip" },
"fail2ban_source_ip": { "type": "ip" },
"offset": { "type": "long" },
"geoip" : {
"dynamic": true,
"properties" : {
"ip": { "type": "ip" },
"location" : { "type" : "geo_point" },
"latitude" : { "type" : "half_float" },
"longitude" : { "type" : "half_float" }
}
},
"postfix_geoip" : {
"dynamic": true,
"properties" : {
"ip": { "type": "ip" },
"location" : { "type" : "geo_point" },
"latitude" : { "type" : "half_float" },
"longitude" : { "type" : "half_float" }
}
},
"sshd_geoip" : {
"dynamic": true,
"properties" : {
"ip": { "type": "ip" },
"location" : { "type" : "geo_point" },
"latitude" : { "type" : "half_float" },
"longitude" : { "type" : "half_float" }
}
},
"apache_geoip" : {
"dynamic": true,
"properties" : {
"ip": { "type": "ip" },
"location" : { "type" : "geo_point" },
"latitude" : { "type" : "half_float" },
"longitude" : { "type" : "half_float" }
}
},
"apache_error_geoip" : {
"dynamic": true,
"properties" : {
"ip": { "type": "ip" },
"location" : { "type" : "geo_point" },
"latitude" : { "type" : "half_float" },
"longitude" : { "type" : "half_float" }
}
},
"zimbra_geoip" : {
"dynamic": true,
"properties" : {
"ip": { "type": "ip" },
"location" : { "type" : "geo_point" },
"latitude" : { "type" : "half_float" },
"longitude" : { "type" : "half_float" }
}
},
"zimbra_origin_geoip" : {
"dynamic": true,
"properties" : {
"ip": { "type": "ip" },
"location" : { "type" : "geo_point" },
"latitude" : { "type" : "half_float" },
"longitude" : { "type" : "half_float" }
}
},
"amavis_geoip" : {
"dynamic": true,
"properties" : {
"ip": { "type": "ip" },
"location" : { "type" : "geo_point" },
"latitude" : { "type" : "half_float" },
"longitude" : { "type" : "half_float" }
}
},
"fail2ban_geoip" : {
"dynamic": true,
"properties" : {
"ip": { "type": "ip" },
"location" : { "type" : "geo_point" },
"latitude" : { "type" : "half_float" },
"longitude" : { "type" : "half_float" }
}
}
}
}
}
}