diff --git a/salt/elasticsearch/templates/component/so/dtc-event-mappings b/salt/elasticsearch/templates/component/so/dtc-event-mappings deleted file mode 100644 index 8a026308b..000000000 --- a/salt/elasticsearch/templates/component/so/dtc-event-mappings +++ /dev/null @@ -1,137 +0,0 @@ -{ - "_meta": { - "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-event.html", - "ecs_version": "1.12.2" - }, - "template": { - "mappings": { - "properties": { - "event": { - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "agent_id_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "category": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "keyword": { - "type": "keyword" - } - } - }, - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "created": { - "type": "date", - "fields": { - "keyword": { - "type": "keyword" - } - } - }, - "dataset": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "keyword": { - "type": "keyword" - } - } - }, - "duration": { - "type": "long" - }, - "end": { - "type": "date" - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "ingested": { - "type": "date", - "fields": { - "keyword": { - "type": "keyword" - } - } - }, - "kind": { - "ignore_above": 1024, - "type": "keyword" - }, - "module": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "keyword": { - "type": "keyword" - } - } - }, - "original": { - "doc_values": false, - "index": false, - "type": "keyword" - }, - "outcome": { - "ignore_above": 1024, - "type": "keyword" - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "risk_score": { - "type": "float" - }, - "risk_score_norm": { - "type": "float" - }, - "sequence": { - "type": "long" - }, - "severity": { - "type": "long" - }, - "start": { - "type": "date" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "url": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/so/dtc-event-mappings.json b/salt/elasticsearch/templates/component/so/dtc-event-mappings.json index d0c2227ba..dfb7f3467 100644 --- a/salt/elasticsearch/templates/component/so/dtc-event-mappings.json +++ b/salt/elasticsearch/templates/component/so/dtc-event-mappings.json @@ -12,8 +12,9 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "text": { - "type": "match_only_text" + "security": { + "type": "text", + "analyzer": "es_security_analyzer" }, "keyword": { "type": "keyword" @@ -23,8 +24,9 @@ "created": { "type": "date", "fields": { - "text": { - "type": "match_only_text" + "security": { + "type": "text", + "analyzer": "es_security_analyzer" }, "keyword": { "type": "keyword" @@ -35,8 +37,9 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "text": { - "type": "match_only_text" + "security": { + "type": "text", + "analyzer": "es_security_analyzer" }, "keyword": { "type": "keyword" @@ -46,8 +49,9 @@ "ingested": { "type": "date", "fields": { - "text": { - "type": "match_only_text" + "security": { + "type": "text", + "analyzer": "es_security_analyzer" }, "keyword": { "type": "keyword" @@ -58,8 +62,9 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "text": { - "type": "match_only_text" + "security": { + "type": "text", + "analyzer": "es_security_analyzer" }, "keyword": { "type": "keyword" @@ -70,8 +75,9 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "text": { - "type": "match_only_text" + "security": { + "type": "text", + "analyzer": "es_security_analyzer" }, "keyword": { "type": "keyword" @@ -82,8 +88,9 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "text": { - "type": "match_only_text" + "security": { + "type": "text", + "analyzer": "es_security_analyzer" }, "keyword": { "type": "keyword" @@ -94,8 +101,9 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "text": { - "type": "match_only_text" + "security": { + "type": "text", + "analyzer": "es_security_analyzer" }, "keyword": { "type": "keyword" diff --git a/salt/elasticsearch/templates/component/so/dtc-file-mappings.json b/salt/elasticsearch/templates/component/so/dtc-file-mappings.json index 0698dd978..cd0edcda8 100644 --- a/salt/elasticsearch/templates/component/so/dtc-file-mappings.json +++ b/salt/elasticsearch/templates/component/so/dtc-file-mappings.json @@ -12,8 +12,9 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "text": { - "type": "match_only_text" + "security": { + "type": "text", + "analyzer": "es_security_analyzer" }, "keyword": { "type": "keyword" @@ -24,8 +25,9 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "text": { - "type": "match_only_text" + "security": { + "type": "text", + "analyzer": "es_security_analyzer" }, "keyword": { "type": "keyword" diff --git a/salt/elasticsearch/templates/component/so/dtc-host-mappings.json b/salt/elasticsearch/templates/component/so/dtc-host-mappings.json index 79a4eb682..599ad55c3 100644 --- a/salt/elasticsearch/templates/component/so/dtc-host-mappings.json +++ b/salt/elasticsearch/templates/component/so/dtc-host-mappings.json @@ -12,8 +12,9 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "text": { - "type": "match_only_text" + "security": { + "type": "text", + "analyzer": "es_security_analyzer" }, "keyword": { "type": "keyword" @@ -24,8 +25,9 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "text": { - "type": "match_only_text" + "security": { + "type": "match_only_text", + "analyzer": "es_security_analyzer" }, "keyword": { "type": "keyword"