From 496b1612536407bcb9849ff16ba2a1f2dd0eabe5 Mon Sep 17 00:00:00 2001
From: Wes Lambert <wlambertts@gmail.com>
Date: Wed, 2 Mar 2022 14:27:36 +0000
Subject: [PATCH] Update ECS mappings to include .security

---
 .../templates/component/so/dtc-ecs-mappings.json           | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/salt/elasticsearch/templates/component/so/dtc-ecs-mappings.json b/salt/elasticsearch/templates/component/so/dtc-ecs-mappings.json
index 347b9b5a8..de012d3fd 100644
--- a/salt/elasticsearch/templates/component/so/dtc-ecs-mappings.json
+++ b/salt/elasticsearch/templates/component/so/dtc-ecs-mappings.json
@@ -12,10 +12,11 @@
               "ignore_above": 1024,
               "type": "keyword",
               "fields": {
-                "text": {
-                  "type": "match_only_text"
+                "security": {
+                  "type": "text",
+                  "analyzer": "es_security_analyzer"
                 },
-                "keyword": {
+		"keyword": {
                   "type": "keyword"
                 }
               }