Merge pull request #13414 from Security-Onion-Solutions/fix/system_mapping

Fix system mapping

salt/elasticsearch/defaults.yaml

@@ -9101,6 +9101,7 @@ elasticsearch:
         - logs-system.auth@custom
         - so-fleet_globals-1
         - so-fleet_agent_id_verification-1
+        - so-system
         data_stream:
           allow_custom_routing: false
           hidden: false
@@ -9195,6 +9196,7 @@ elasticsearch:
         - logs-system.syslog@custom
         - so-fleet_globals-1
         - so-fleet_agent_id_verification-1
+        - so-system
         data_stream:
           allow_custom_routing: false
           hidden: false

salt/elasticsearch/templates/component/so/so-system-mappings.json

@@ -0,0 +1,29 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "host": {
+	  "properties":{
+            "ip": {
+              "type": "ip"
+            }
+	  }
+	},
+	"related": {
+          "properties":{
+            "ip": {
+              "type": "ip"
+            }
+          }
+        },
+	"source": {
+          "properties":{
+            "ip": {
+              "type": "ip"
+            }
+          }
+        }
+      }
+    }
+  }
+}