diff --git a/salt/elasticsearch/files/ingest/common b/salt/elasticsearch/files/ingest/common index 63eb6077a..e8e462053 100644 --- a/salt/elasticsearch/files/ingest/common +++ b/salt/elasticsearch/files/ingest/common @@ -32,8 +32,6 @@ { "rename": { "field": "category", "target_field": "event.category", "ignore_failure": true, "ignore_missing": true } }, { "rename": { "field": "message2.community_id", "target_field": "network.community_id", "ignore_failure": true, "ignore_missing": true } }, { "lowercase": { "field": "event.dataset", "ignore_failure": true, "ignore_missing": true } }, - { "convert": { "field": "destination.port", "type": "integer", "ignore_failure": true, "ignore_missing": true } }, - { "convert": { "field": "source.port", "type": "integer", "ignore_failure": true, "ignore_missing": true } }, { "convert": { "field": "log.id.uid", "type": "string", "ignore_failure": true, "ignore_missing": true } }, { "convert": { "field": "agent.id", "type": "string", "ignore_failure": true, "ignore_missing": true } }, { "convert": { "field": "event.severity", "type": "integer", "ignore_failure": true, "ignore_missing": true } }, diff --git a/salt/elasticsearch/templates/so/so-common-template.json b/salt/elasticsearch/templates/so/so-common-template.json index 012c590d0..ebf123fed 100644 --- a/salt/elasticsearch/templates/so/so-common-template.json +++ b/salt/elasticsearch/templates/so/so-common-template.json @@ -51,16 +51,29 @@ "match_mapping_type": "string", "path_match": "*.ip", "mapping": { - "type": "ip" + "type": "ip", + "fields" : { + "keyword" : { + "ignore_above" : 45, + "type" : "keyword" + } + } + } } }, { "port": { - "match_mapping_type": "string", "path_match": "*.port", "mapping": { - "type": "integer" + "type": "integer", + "fields" : { + "keyword" : { + "ignore_above" : 6, + "type" : "keyword" + } + } + } } },