diff --git a/salt/elasticsearch/templates/component/ecs/aws.json b/salt/elasticsearch/templates/component/ecs/aws.json index 10c7dd45b..689b74ac2 100644 --- a/salt/elasticsearch/templates/component/ecs/aws.json +++ b/salt/elasticsearch/templates/component/ecs/aws.json @@ -13,8 +13,7 @@ "additional_eventdata": { "fields": { "text": { - "norms": false, - "type": "text" + "type": "match_only_text" } }, "ignore_above": 1024, @@ -228,8 +227,7 @@ "request_parameters": { "fields": { "text": { - "norms": false, - "type": "text" + "type": "match_only_text" } }, "ignore_above": 1024, @@ -269,8 +267,7 @@ "response_elements": { "fields": { "text": { - "norms": false, - "type": "text" + "type": "match_only_text" } }, "ignore_above": 1024, @@ -279,8 +276,7 @@ "service_event_details": { "fields": { "text": { - "norms": false, - "type": "text" + "type": "match_only_text" } }, "ignore_above": 1024, @@ -406,7 +402,12 @@ "properties": { "message": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } } } }, diff --git a/salt/elasticsearch/templates/component/ecs/base.json b/salt/elasticsearch/templates/component/ecs/base.json index 77594f68d..7bba4285c 100644 --- a/salt/elasticsearch/templates/component/ecs/base.json +++ b/salt/elasticsearch/templates/component/ecs/base.json @@ -13,7 +13,12 @@ "type": "object" }, "message": { - "type": "match_only_text" + "type": "match_only_text", + "fields": { + "text": { + "type": "match_only_text" + } + } }, "tags": { "ignore_above": 1024, diff --git a/salt/elasticsearch/templates/component/ecs/cyberark.json b/salt/elasticsearch/templates/component/ecs/cyberark.json index 4ed88aa6f..b0277fa0b 100644 --- a/salt/elasticsearch/templates/component/ecs/cyberark.json +++ b/salt/elasticsearch/templates/component/ecs/cyberark.json @@ -534,7 +534,12 @@ }, "reason": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } }, "rfc5424": { "type": "boolean" diff --git a/salt/elasticsearch/templates/component/ecs/logstash.json b/salt/elasticsearch/templates/component/ecs/logstash.json index 2120a0902..0db82492e 100644 --- a/salt/elasticsearch/templates/component/ecs/logstash.json +++ b/salt/elasticsearch/templates/component/ecs/logstash.json @@ -45,8 +45,7 @@ "thread": { "fields": { "text": { - "norms": false, - "type": "text" + "type": "match_only_text" } }, "ignore_above": 1024, @@ -59,8 +58,7 @@ "event": { "fields": { "text": { - "norms": false, - "type": "text" + "type": "match_only_text" } }, "ignore_above": 1024, @@ -87,8 +85,7 @@ "plugin_params": { "fields": { "text": { - "norms": false, - "type": "text" + "type": "match_only_text" } }, "ignore_above": 1024, @@ -109,8 +106,7 @@ "thread": { "fields": { "text": { - "norms": false, - "type": "text" + "type": "match_only_text" } }, "ignore_above": 1024, diff --git a/salt/elasticsearch/templates/component/ecs/misp.json b/salt/elasticsearch/templates/component/ecs/misp.json index d0c7aa519..1d186db3a 100644 --- a/salt/elasticsearch/templates/component/ecs/misp.json +++ b/salt/elasticsearch/templates/component/ecs/misp.json @@ -12,7 +12,12 @@ "properties": { "description": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } }, "id": { "ignore_above": 1024, @@ -47,11 +52,21 @@ "properties": { "aliases": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } }, "description": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } }, "first_seen": { "type": "date" @@ -92,7 +107,12 @@ "properties": { "description": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } }, "id": { "ignore_above": 1024, @@ -118,11 +138,21 @@ "properties": { "contact_information": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } }, "description": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } }, "id": { "ignore_above": 1024, @@ -175,18 +205,33 @@ "properties": { "aliases": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } }, "description": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } }, "first_seen": { "type": "date" }, "goals": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } }, "id": { "ignore_above": 1024, @@ -211,15 +256,30 @@ }, "primary_motivation": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } }, "resource_level": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } }, "secondary_motivations": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } } } }, @@ -227,7 +287,12 @@ "properties": { "description": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } }, "id": { "ignore_above": 1024, @@ -280,7 +345,12 @@ }, "description": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } }, "id": { "ignore_above": 1024, @@ -346,7 +416,12 @@ "properties": { "description": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } }, "id": { "ignore_above": 1024, @@ -377,7 +452,12 @@ }, "object_refs": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } }, "published": { "type": "date" @@ -388,15 +468,30 @@ "properties": { "aliases": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } }, "description": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } }, "goals": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } }, "id": { "ignore_above": 1024, @@ -427,27 +522,57 @@ }, "personal_motivations": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } }, "primary_motivation": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } }, "resource_level": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } }, "roles": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } }, "secondary_motivations": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } }, "sophistication": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } } } }, @@ -491,11 +616,21 @@ }, "description": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } }, "feed": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } }, "id": { "ignore_above": 1024, @@ -602,7 +737,12 @@ "properties": { "description": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } }, "id": { "ignore_above": 1024, @@ -615,7 +755,12 @@ }, "kill_chain_phases": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } }, "labels": { "ignore_above": 1024, @@ -650,7 +795,12 @@ "properties": { "description": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } }, "id": { "ignore_above": 1024, diff --git a/salt/elasticsearch/templates/component/ecs/o365.json b/salt/elasticsearch/templates/component/ecs/o365.json index a7df16b97..6c093534d 100644 --- a/salt/elasticsearch/templates/component/ecs/o365.json +++ b/salt/elasticsearch/templates/component/ecs/o365.json @@ -165,7 +165,12 @@ }, "Comments": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } }, "CommunicationType": { "ignore_above": 1024, diff --git a/salt/elasticsearch/templates/component/ecs/zeek.json b/salt/elasticsearch/templates/component/ecs/zeek.json index d9dd7aa32..c79a9efdf 100644 --- a/salt/elasticsearch/templates/component/ecs/zeek.json +++ b/salt/elasticsearch/templates/component/ecs/zeek.json @@ -1333,7 +1333,12 @@ }, "email_body_sections": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } }, "email_delay_tokens": { "ignore_above": 1024, @@ -1453,7 +1458,12 @@ }, "peer_descr": { "norms": false, - "type": "text" + "type": "text", + "fields": { + "text": { + "type": "match_only_text" + } + } }, "peer_name": { "ignore_above": 1024,