logstash: add beats template used in latest SO

salt/logstash/etc/beats-template.json

@@ -27,24 +27,6 @@
             "path_match": "docker.container.labels.*"
           }
         },
-        {
-          "event_data": {
-            "mapping": {
-              "type": "keyword"
-            },
-            "match_mapping_type": "string",
-            "path_match": "event_data.*"
-          }
-        },
-        {
-          "user_data": {
-            "mapping": {
-              "type": "keyword"
-            },
-            "match_mapping_type": "string",
-            "path_match": "user_data.*"
-          }
-        },
         {
           "strings_as_keyword": {
             "mapping": {
@@ -59,7 +41,15 @@
         "@timestamp": {
           "type": "date"
         },
-        "activity_id": {
+        "event_data": {
+          "type":"object",
+          "dynamic": true	
+	},
+        "beat_host": {
+          "type":"object",
+          "dynamic": true	
+	},
+	"activity_id": {
           "ignore_above": 1024,
           "type": "keyword"
         },
@@ -83,6 +73,14 @@
             }
           }
         },
+	"username":{
+          "type":"text",
+          "fields": {
+            "keyword":{
+              "type":"keyword"
+            }
+          }
+        },
         "computer_name": {
           "type": "text",
           "fields":{
@@ -129,9 +127,6 @@
             }
           }
         },
-        "event_data": {
-          "type": "object"
-        },
         "event_id": {
           "type": "long"
         },
@@ -283,7 +278,8 @@
           }
         },
         "user_data": {
-          "type": "object"
+          "type": "object",
+          "dynamic": "true"
         },
         "version": {
           "type": "keyword"