Merge pull request #13414 from Security-Onion-Solutions/fix/system_mapping

Fix system mapping
2025-12-06 09:12:45 +01:00 · 2024-07-31 14:26:50 -04:00
parent 63531cdbb6 9264a03dbc
commit 9a2252ed3f
2 changed files with 31 additions and 0 deletions
--- a/salt/elasticsearch/defaults.yaml
+++ b/salt/elasticsearch/defaults.yaml
@@ -9101,6 +9101,7 @@ elasticsearch:
        - logs-system.auth@custom
        - so-fleet_globals-1
        - so-fleet_agent_id_verification-1
+        - so-system
        data_stream:
          allow_custom_routing: false
          hidden: false
@@ -9195,6 +9196,7 @@ elasticsearch:
        - logs-system.syslog@custom
        - so-fleet_globals-1
        - so-fleet_agent_id_verification-1
+        - so-system
        data_stream:
          allow_custom_routing: false
          hidden: false
--- a/salt/elasticsearch/templates/component/so/so-system-mappings.json
+++ b/salt/elasticsearch/templates/component/so/so-system-mappings.json
@@ -0,0 +1,29 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "host": {
+	  "properties":{
+            "ip": {
+              "type": "ip"
+            }
+	  }
+	},
+	"related": {
+          "properties":{
+            "ip": {
+              "type": "ip"
+            }
+          }
+        },
+	"source": {
+          "properties":{
+            "ip": {
+              "type": "ip"
+            }
+          }
+        }
+      }
+    }
+  }
+}