Merge pull request #12519 from Security-Onion-Solutions/fix/error_message_system_syslog

Add error.message mapping for system.syslog
2025-12-16 22:12:48 +01:00 · 2024-03-07 10:47:33 -05:00
parent b5f1733e97 005930f7fd
commit 1633527695
1 changed files with 22 additions and 0 deletions
--- a/salt/elasticsearch/templates/component/elastic-agent/logs-system.syslog@custom.json
+++ b/salt/elasticsearch/templates/component/elastic-agent/logs-system.syslog@custom.json
@@ -0,0 +1,22 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "error": {
+          "properties": {
+            "message": {
+              "type": "match_only_text"
+            }
+	  }
+	}
+      }
+    }
+  },
+  "_meta": {
+    "package": {
+      "name": "system"
+    },
+    "managed_by": "fleet",
+    "managed": true
+  }
+}