diff --git a/salt/elasticsearch/templates/so/so-endgame-template.json.jinja b/salt/elasticsearch/templates/so/so-endgame-template.json.jinja index 824558e8f..6d2b89b27 100644 --- a/salt/elasticsearch/templates/so/so-endgame-template.json.jinja +++ b/salt/elasticsearch/templates/so/so-endgame-template.json.jinja @@ -26,23 +26,48 @@ "properties": { "ephemeral_id": { "ignore_above": 1024, - "type": "keyword" + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } }, "id": { "ignore_above": 1024, - "type": "keyword" + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } }, "name": { "ignore_above": 1024, - "type": "keyword" + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } }, "type": { "ignore_above": 1024, - "type": "keyword" + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } }, "version": { "ignore_above": 1024, - "type": "keyword" + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } } } }, @@ -597,7 +622,12 @@ "properties": { "version": { "ignore_above": 1024, - "type": "keyword" + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } } } }, @@ -683,18 +713,33 @@ }, "category": { "ignore_above": 1024, - "type": "keyword" + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } }, "code": { "ignore_above": 1024, "type": "keyword" }, "created": { - "type": "date" + "type": "date", + "fields": { + "keyword": { + "type": "keyword" + } + } }, "dataset": { "ignore_above": 1024, - "type": "keyword" + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } }, "duration": { "type": "long" @@ -711,7 +756,12 @@ "type": "keyword" }, "ingested": { - "type": "date" + "type": "date", + "fields": { + "keyword": { + "type": "keyword" + } + } }, "kind": { "ignore_above": 1024, @@ -719,7 +769,12 @@ }, "module": { "ignore_above": 1024, - "type": "keyword" + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } }, "original": { "doc_values": false, @@ -729,7 +784,12 @@ }, "outcome": { "ignore_above": 1024, - "type": "keyword" + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } }, "provider": { "ignore_above": 1024, @@ -756,11 +816,21 @@ }, "timezone": { "ignore_above": 1024, - "type": "keyword" + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } }, "type": { "ignore_above": 1024, - "type": "keyword" + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } }, "url": { "ignore_above": 1024, @@ -1006,7 +1076,12 @@ }, "name": { "ignore_above": 1024, - "type": "keyword" + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } }, "os": { "properties": { @@ -1139,11 +1214,21 @@ }, "method": { "ignore_above": 1024, - "type": "keyword" + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } }, "referrer": { "ignore_above": 1024, - "type": "keyword" + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } } } }, @@ -1187,7 +1272,12 @@ "properties": { "level": { "ignore_above": 1024, - "type": "keyword" + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } }, "logger": { "ignore_above": 1024, @@ -2149,7 +2239,12 @@ }, "name": { "ignore_above": 1024, - "type": "keyword" + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } }, "node": { "properties": { @@ -2165,7 +2260,12 @@ }, "type": { "ignore_above": 1024, - "type": "keyword" + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } }, "version": { "ignore_above": 1024, @@ -2177,7 +2277,12 @@ "properties": { "address": { "ignore_above": 1024, - "type": "keyword" + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } }, "as": { "properties": { @@ -2333,7 +2438,12 @@ }, "tags": { "ignore_above": 1024, - "type": "keyword" + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } }, "threat": { "properties": { @@ -2684,6 +2794,9 @@ }, "original": { "fields": { + "keyword": { + "type": "keyword" + }, "text": { "norms": false, "type": "text"