From 699371a4d78bcb11277dec37890cef30c2b30d29 Mon Sep 17 00:00:00 2001 From: Dustin Lee Date: Fri, 11 Oct 2019 08:36:44 -0400 Subject: [PATCH] logstash: add beats template used in latest SO --- salt/logstash/etc/beats-template.json | 42 ++++++++++++--------------- 1 file changed, 19 insertions(+), 23 deletions(-) diff --git a/salt/logstash/etc/beats-template.json b/salt/logstash/etc/beats-template.json index 0dc51f81e..0e831aa52 100644 --- a/salt/logstash/etc/beats-template.json +++ b/salt/logstash/etc/beats-template.json @@ -27,24 +27,6 @@ "path_match": "docker.container.labels.*" } }, - { - "event_data": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "event_data.*" - } - }, - { - "user_data": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "user_data.*" - } - }, { "strings_as_keyword": { "mapping": { @@ -59,7 +41,15 @@ "@timestamp": { "type": "date" }, - "activity_id": { + "event_data": { + "type":"object", + "dynamic": true + }, + "beat_host": { + "type":"object", + "dynamic": true + }, + "activity_id": { "ignore_above": 1024, "type": "keyword" }, @@ -83,6 +73,14 @@ } } }, + "username":{ + "type":"text", + "fields": { + "keyword":{ + "type":"keyword" + } + } + }, "computer_name": { "type": "text", "fields":{ @@ -129,9 +127,6 @@ } } }, - "event_data": { - "type": "object" - }, "event_id": { "type": "long" }, @@ -283,7 +278,8 @@ } }, "user_data": { - "type": "object" + "type": "object", + "dynamic": "true" }, "version": { "type": "keyword"