From 59852841ffe9628b3833002de7d2b67dda8bd8b0 Mon Sep 17 00:00:00 2001
From: weslambert <wlambertts@gmail.com>
Date: Fri, 15 Oct 2021 13:29:50 -0400
Subject: [PATCH] Add keyword subfield for event.module

---
 .../templates/so/so-endgame-template.json.jinja            | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/salt/elasticsearch/templates/so/so-endgame-template.json.jinja b/salt/elasticsearch/templates/so/so-endgame-template.json.jinja
index 824558e8f..e39a2fcf9 100644
--- a/salt/elasticsearch/templates/so/so-endgame-template.json.jinja
+++ b/salt/elasticsearch/templates/so/so-endgame-template.json.jinja
@@ -719,7 +719,12 @@
           },
           "module": {
             "ignore_above": 1024,
-            "type": "keyword"
+            "type": "keyword",
+            "fields": {
+              "keyword": {
+                "type": "keyword"
+              }
+            }
           },
           "original": {
             "doc_values": false,