From 3ee46e4c297627724f34f8cce42dc532435ca4a2 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Wed, 2 Mar 2022 21:50:03 +0000 Subject: [PATCH] Add .keyword for destination/source geo.country_name --- .../so/dtc-destination-mappings.json | 74 +++++++++++++++++++ .../component/so/dtc-source-mappings.json | 74 +++++++++++++++++++ 2 files changed, 148 insertions(+) create mode 100644 salt/elasticsearch/templates/component/so/dtc-destination-mappings.json create mode 100644 salt/elasticsearch/templates/component/so/dtc-source-mappings.json diff --git a/salt/elasticsearch/templates/component/so/dtc-destination-mappings.json b/salt/elasticsearch/templates/component/so/dtc-destination-mappings.json new file mode 100644 index 000000000..5691cfb7e --- /dev/null +++ b/salt/elasticsearch/templates/component/so/dtc-destination-mappings.json @@ -0,0 +1,74 @@ +{ + "_meta": { + "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-destination.html", + "ecs_version": "1.12.2" + }, + "template": { + "settings": { + "analysis": { + "analyzer": { + "es_security_analyzer": { + "type": "custom", + "char_filter": [ + "whitespace_no_way" + ], + "filter": [ + "lowercase", + "trim" + ], + "tokenizer": "keyword" + } + }, + "char_filter": { + "whitespace_no_way": { + "type": "pattern_replace", + "pattern": "(\\s)+", + "replacement": "$1" + } + }, + "filter": { + "path_hierarchy_pattern_filter": { + "type": "pattern_capture", + "preserve_original": true, + "patterns": [ + "((?:[^\\\\]*\\\\)*)(.*)", + "((?:[^/]*/)*)(.*)" + ] + } + }, + "tokenizer": { + "path_tokenizer": { + "type": "path_hierarchy", + "delimiter": "\\" + } + } + } + }, + "mappings": { + "properties": { + "destination": { + "properties": { + "geo": { + "properties": { + "country_name": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "security": { + "type": "text", + "analyzer": "es_security_analyzer" + }, + "keyword": { + "type": "keyword" + } + } + } + } + } + } + } + } + } + } +} + diff --git a/salt/elasticsearch/templates/component/so/dtc-source-mappings.json b/salt/elasticsearch/templates/component/so/dtc-source-mappings.json new file mode 100644 index 000000000..7f372aec4 --- /dev/null +++ b/salt/elasticsearch/templates/component/so/dtc-source-mappings.json @@ -0,0 +1,74 @@ +{ + "_meta": { + "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-source.html", + "ecs_version": "1.12.2" + }, + "template": { + "settings": { + "analysis": { + "analyzer": { + "es_security_analyzer": { + "type": "custom", + "char_filter": [ + "whitespace_no_way" + ], + "filter": [ + "lowercase", + "trim" + ], + "tokenizer": "keyword" + } + }, + "char_filter": { + "whitespace_no_way": { + "type": "pattern_replace", + "pattern": "(\\s)+", + "replacement": "$1" + } + }, + "filter": { + "path_hierarchy_pattern_filter": { + "type": "pattern_capture", + "preserve_original": true, + "patterns": [ + "((?:[^\\\\]*\\\\)*)(.*)", + "((?:[^/]*/)*)(.*)" + ] + } + }, + "tokenizer": { + "path_tokenizer": { + "type": "path_hierarchy", + "delimiter": "\\" + } + } + } + }, + "mappings": { + "properties": { + "source": { + "properties": { + "geo": { + "properties": { + "country_name": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "security": { + "type": "text", + "analyzer": "es_security_analyzer" + }, + "keyword": { + "type": "keyword" + } + } + } + } + } + } + } + } + } + } +} +