From 8f97f09c9c8bccd6241782cf5c804b66a2ba154d Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Wed, 2 Mar 2022 21:54:46 +0000 Subject: [PATCH] Additional .keyword changes for host.hostname client.address, and event.action --- .../component/so/dtc-event-mappings.json | 13 +++++++++++++ .../templates/component/so/dtc-host-mappings.json | 15 ++++++++++++++- 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/salt/elasticsearch/templates/component/so/dtc-event-mappings.json b/salt/elasticsearch/templates/component/so/dtc-event-mappings.json index a64a30a26..d17b832dc 100644 --- a/salt/elasticsearch/templates/component/so/dtc-event-mappings.json +++ b/salt/elasticsearch/templates/component/so/dtc-event-mappings.json @@ -48,6 +48,19 @@ "properties": { "event": { "properties": { + "action": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "security": { + "type": "text", + "analyzer": "es_security_analyzer" + }, + "keyword": { + "type": "keyword" + } + } + }, "category": { "ignore_above": 1024, "type": "keyword", diff --git a/salt/elasticsearch/templates/component/so/dtc-host-mappings.json b/salt/elasticsearch/templates/component/so/dtc-host-mappings.json index 02095b004..a16c298a5 100644 --- a/salt/elasticsearch/templates/component/so/dtc-host-mappings.json +++ b/salt/elasticsearch/templates/component/so/dtc-host-mappings.json @@ -48,7 +48,20 @@ "properties": { "host": { "properties": { - "name": { + "hostname": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "security": { + "type": "text", + "analyzer": "es_security_analyzer" + }, + "keyword": { + "type": "keyword" + } + } + }, + "name": { "ignore_above": 1024, "type": "keyword", "fields": {