Merge pull request #6995 from Security-Onion-Solutions/kilo

store related event data as a flattened object blob
2025-12-07 09:42:46 +01:00 · 2022-01-26 12:21:02 -05:00
parent 26e03ccad2 ed9b74dc33
commit c2636036ee
1 changed files with 9 additions and 0 deletions
--- a/salt/elasticsearch/templates/so/so-case-template.json.jinja
+++ b/salt/elasticsearch/templates/so/so-case-template.json.jinja
@@ -210,6 +210,15 @@
          "createTime": {
            "type": "date"
          },
+          "fields": {
+            "eager_global_ordinals": false,
+            "ignore_above": 1024,
+            "index": true,
+            "type": "flattened",
+            "index_options": "docs",
+            "split_queries_on_whitespace": false,
+            "doc_values": true
+          },
          "userId": {
            "type": "keyword",
            "ignore_above": 1024