From 2a9caccc7cabe6616c58c11c24a80bfbffb535ec Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Tue, 1 Mar 2022 18:43:24 +0000 Subject: [PATCH] Revert "Add additional .text subfield mappings" This reverts commit 61dadc62497779b7aea72818e06951c7b8cbca8e. --- .../templates/component/ecs/aws.json | 19 +- .../templates/component/ecs/base.json | 7 +- .../templates/component/ecs/cyberark.json | 7 +- .../templates/component/ecs/logstash.json | 12 +- .../templates/component/ecs/misp.json | 210 +++--------------- .../templates/component/ecs/o365.json | 7 +- .../templates/component/ecs/zeek.json | 14 +- 7 files changed, 52 insertions(+), 224 deletions(-) diff --git a/salt/elasticsearch/templates/component/ecs/aws.json b/salt/elasticsearch/templates/component/ecs/aws.json index 689b74ac2..10c7dd45b 100644 --- a/salt/elasticsearch/templates/component/ecs/aws.json +++ b/salt/elasticsearch/templates/component/ecs/aws.json @@ -13,7 +13,8 @@ "additional_eventdata": { "fields": { "text": { - "type": "match_only_text" + "norms": false, + "type": "text" } }, "ignore_above": 1024, @@ -227,7 +228,8 @@ "request_parameters": { "fields": { "text": { - "type": "match_only_text" + "norms": false, + "type": "text" } }, "ignore_above": 1024, @@ -267,7 +269,8 @@ "response_elements": { "fields": { "text": { - "type": "match_only_text" + "norms": false, + "type": "text" } }, "ignore_above": 1024, @@ -276,7 +279,8 @@ "service_event_details": { "fields": { "text": { - "type": "match_only_text" + "norms": false, + "type": "text" } }, "ignore_above": 1024, @@ -402,12 +406,7 @@ "properties": { "message": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" } } }, diff --git a/salt/elasticsearch/templates/component/ecs/base.json b/salt/elasticsearch/templates/component/ecs/base.json index 7bba4285c..77594f68d 100644 --- a/salt/elasticsearch/templates/component/ecs/base.json +++ b/salt/elasticsearch/templates/component/ecs/base.json @@ -13,12 +13,7 @@ "type": "object" }, "message": { - "type": "match_only_text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "match_only_text" }, "tags": { "ignore_above": 1024, diff --git a/salt/elasticsearch/templates/component/ecs/cyberark.json b/salt/elasticsearch/templates/component/ecs/cyberark.json index b0277fa0b..4ed88aa6f 100644 --- a/salt/elasticsearch/templates/component/ecs/cyberark.json +++ b/salt/elasticsearch/templates/component/ecs/cyberark.json @@ -534,12 +534,7 @@ }, "reason": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "rfc5424": { "type": "boolean" diff --git a/salt/elasticsearch/templates/component/ecs/logstash.json b/salt/elasticsearch/templates/component/ecs/logstash.json index 0db82492e..2120a0902 100644 --- a/salt/elasticsearch/templates/component/ecs/logstash.json +++ b/salt/elasticsearch/templates/component/ecs/logstash.json @@ -45,7 +45,8 @@ "thread": { "fields": { "text": { - "type": "match_only_text" + "norms": false, + "type": "text" } }, "ignore_above": 1024, @@ -58,7 +59,8 @@ "event": { "fields": { "text": { - "type": "match_only_text" + "norms": false, + "type": "text" } }, "ignore_above": 1024, @@ -85,7 +87,8 @@ "plugin_params": { "fields": { "text": { - "type": "match_only_text" + "norms": false, + "type": "text" } }, "ignore_above": 1024, @@ -106,7 +109,8 @@ "thread": { "fields": { "text": { - "type": "match_only_text" + "norms": false, + "type": "text" } }, "ignore_above": 1024, diff --git a/salt/elasticsearch/templates/component/ecs/misp.json b/salt/elasticsearch/templates/component/ecs/misp.json index 1d186db3a..d0c7aa519 100644 --- a/salt/elasticsearch/templates/component/ecs/misp.json +++ b/salt/elasticsearch/templates/component/ecs/misp.json @@ -12,12 +12,7 @@ "properties": { "description": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "id": { "ignore_above": 1024, @@ -52,21 +47,11 @@ "properties": { "aliases": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "description": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "first_seen": { "type": "date" @@ -107,12 +92,7 @@ "properties": { "description": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "id": { "ignore_above": 1024, @@ -138,21 +118,11 @@ "properties": { "contact_information": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "description": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "id": { "ignore_above": 1024, @@ -205,33 +175,18 @@ "properties": { "aliases": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "description": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "first_seen": { "type": "date" }, "goals": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "id": { "ignore_above": 1024, @@ -256,30 +211,15 @@ }, "primary_motivation": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "resource_level": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "secondary_motivations": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" } } }, @@ -287,12 +227,7 @@ "properties": { "description": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "id": { "ignore_above": 1024, @@ -345,12 +280,7 @@ }, "description": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "id": { "ignore_above": 1024, @@ -416,12 +346,7 @@ "properties": { "description": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "id": { "ignore_above": 1024, @@ -452,12 +377,7 @@ }, "object_refs": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "published": { "type": "date" @@ -468,30 +388,15 @@ "properties": { "aliases": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "description": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "goals": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "id": { "ignore_above": 1024, @@ -522,57 +427,27 @@ }, "personal_motivations": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "primary_motivation": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "resource_level": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "roles": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "secondary_motivations": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "sophistication": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" } } }, @@ -616,21 +491,11 @@ }, "description": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "feed": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "id": { "ignore_above": 1024, @@ -737,12 +602,7 @@ "properties": { "description": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "id": { "ignore_above": 1024, @@ -755,12 +615,7 @@ }, "kill_chain_phases": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "labels": { "ignore_above": 1024, @@ -795,12 +650,7 @@ "properties": { "description": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "id": { "ignore_above": 1024, diff --git a/salt/elasticsearch/templates/component/ecs/o365.json b/salt/elasticsearch/templates/component/ecs/o365.json index 6c093534d..a7df16b97 100644 --- a/salt/elasticsearch/templates/component/ecs/o365.json +++ b/salt/elasticsearch/templates/component/ecs/o365.json @@ -165,12 +165,7 @@ }, "Comments": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "CommunicationType": { "ignore_above": 1024, diff --git a/salt/elasticsearch/templates/component/ecs/zeek.json b/salt/elasticsearch/templates/component/ecs/zeek.json index c79a9efdf..d9dd7aa32 100644 --- a/salt/elasticsearch/templates/component/ecs/zeek.json +++ b/salt/elasticsearch/templates/component/ecs/zeek.json @@ -1333,12 +1333,7 @@ }, "email_body_sections": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "email_delay_tokens": { "ignore_above": 1024, @@ -1458,12 +1453,7 @@ }, "peer_descr": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "peer_name": { "ignore_above": 1024,