Merge pull request #7153 from Security-Onion-Solutions/fix/dtc_event_mappings

Add 'event.created' and 'event.ingested' keyword mapping
2025-12-06 09:12:45 +01:00 · 2022-02-08 16:36:49 -05:00
parent c216457a3e 9b841fd872
commit 380fa7d0c8
1 changed files with 12 additions and 2 deletions
--- a/salt/elasticsearch/templates/component/so/dtc-event-mappings
+++ b/salt/elasticsearch/templates/component/so/dtc-event-mappings
@@ -30,7 +30,12 @@
              "type": "keyword"
            },
            "created": {
-              "type": "date"
+              "type": "date",
+              "fields": {
+                "keyword": {
+                  "type": "keyword"
+                }
+              }
            },
            "dataset": {
              "ignore_above": 1024,
@@ -56,7 +61,12 @@
              "type": "keyword"
            },
            "ingested": {
-              "type": "date"
+              "type": "date",
+              "fields": {
+                "keyword": {
+                  "type": "keyword"
+                }
+              }
            },
            "kind": {
              "ignore_above": 1024,