{ "_meta": { "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-base.html", "ecs_version": "1.12.2" }, "template": { "mappings": { "properties": { "netflow": { "properties": { "absolute_error": { "type": "double" }, "address_pool_high_threshold": { "type": "long" }, "address_pool_low_threshold": { "type": "long" }, "address_port_mapping_high_threshold": { "type": "long" }, "address_port_mapping_low_threshold": { "type": "long" }, "address_port_mapping_per_user_high_threshold": { "type": "long" }, "anonymization_flags": { "type": "long" }, "anonymization_technique": { "type": "long" }, "application_category_name": { "ignore_above": 1024, "type": "keyword" }, "application_description": { "ignore_above": 1024, "type": "keyword" }, "application_group_name": { "ignore_above": 1024, "type": "keyword" }, "application_id": { "type": "short" }, "application_name": { "ignore_above": 1024, "type": "keyword" }, "application_sub_category_name": { "ignore_above": 1024, "type": "keyword" }, "bgp_destination_as_number": { "type": "long" }, "bgp_next_adjacent_as_number": { "type": "long" }, "bgp_next_hop_ipv4_address": { "type": "ip" }, "bgp_next_hop_ipv6_address": { "type": "ip" }, "bgp_prev_adjacent_as_number": { "type": "long" }, "bgp_source_as_number": { "type": "long" }, "bgp_validity_state": { "type": "short" }, "biflow_direction": { "type": "short" }, "class_id": { "type": "long" }, "class_name": { "ignore_above": 1024, "type": "keyword" }, "classification_engine_id": { "type": "short" }, "collection_time_milliseconds": { "type": "date" }, "collector_certificate": { "type": "short" }, "collector_ipv4_address": { "type": "ip" }, "collector_ipv6_address": { "type": "ip" }, "collector_transport_port": { "type": "long" }, "common_properties_id": { "type": "long" }, "confidence_level": { "type": "double" }, "connection_sum_duration_seconds": { "type": "long" }, "connection_transaction_id": { "type": "long" }, "data_link_frame_section": { "type": "short" }, "data_link_frame_size": { "type": "long" }, "data_link_frame_type": { "type": "long" }, "data_records_reliability": { "type": "boolean" }, "delta_flow_count": { "type": "long" }, "destination_ipv4_address": { "type": "ip" }, "destination_ipv4_prefix": { "type": "ip" }, "destination_ipv4_prefix_length": { "type": "short" }, "destination_ipv6_address": { "type": "ip" }, "destination_ipv6_prefix": { "type": "ip" }, "destination_ipv6_prefix_length": { "type": "short" }, "destination_mac_address": { "ignore_above": 1024, "type": "keyword" }, "destination_transport_port": { "type": "long" }, "digest_hash_value": { "type": "long" }, "distinct_count_of_destination_ip_address": { "type": "long" }, "distinct_count_of_destination_ipv4_address": { "type": "long" }, "distinct_count_of_destination_ipv6_address": { "type": "long" }, "distinct_count_of_source_ip_address": { "type": "long" }, "distinct_count_of_source_ipv4_address": { "type": "long" }, "distinct_count_of_source_ipv6_address": { "type": "long" }, "dot1q_customer_dei": { "type": "boolean" }, "dot1q_customer_destination_mac_address": { "ignore_above": 1024, "type": "keyword" }, "dot1q_customer_priority": { "type": "short" }, "dot1q_customer_source_mac_address": { "ignore_above": 1024, "type": "keyword" }, "dot1q_customer_vlan_id": { "type": "long" }, "dot1q_dei": { "type": "boolean" }, "dot1q_priority": { "type": "short" }, "dot1q_service_instance_id": { "type": "long" }, "dot1q_service_instance_priority": { "type": "short" }, "dot1q_service_instance_tag": { "type": "short" }, "dot1q_vlan_id": { "type": "long" }, "dropped_layer2_octet_delta_count": { "type": "long" }, "dropped_layer2_octet_total_count": { "type": "long" }, "dropped_octet_delta_count": { "type": "long" }, "dropped_octet_total_count": { "type": "long" }, "dropped_packet_delta_count": { "type": "long" }, "dropped_packet_total_count": { "type": "long" }, "dst_traffic_index": { "type": "long" }, "egress_broadcast_packet_total_count": { "type": "long" }, "egress_interface": { "type": "long" }, "egress_interface_type": { "type": "long" }, "egress_physical_interface": { "type": "long" }, "egress_unicast_packet_total_count": { "type": "long" }, "egress_vrfid": { "type": "long" }, "encrypted_technology": { "ignore_above": 1024, "type": "keyword" }, "engine_id": { "type": "short" }, "engine_type": { "type": "short" }, "ethernet_header_length": { "type": "short" }, "ethernet_payload_length": { "type": "long" }, "ethernet_total_length": { "type": "long" }, "ethernet_type": { "type": "long" }, "export_interface": { "type": "long" }, "export_protocol_version": { "type": "short" }, "export_sctp_stream_id": { "type": "long" }, "export_transport_protocol": { "type": "short" }, "exported_flow_record_total_count": { "type": "long" }, "exported_message_total_count": { "type": "long" }, "exported_octet_total_count": { "type": "long" }, "exporter": { "properties": { "address": { "ignore_above": 1024, "type": "keyword" }, "source_id": { "type": "long" }, "timestamp": { "type": "date" }, "uptime_millis": { "type": "long" }, "version": { "type": "long" } } }, "exporter_certificate": { "type": "short" }, "exporter_ipv4_address": { "type": "ip" }, "exporter_ipv6_address": { "type": "ip" }, "exporter_transport_port": { "type": "long" }, "exporting_process_id": { "type": "long" }, "external_address_realm": { "type": "short" }, "firewall_event": { "type": "short" }, "flags_and_sampler_id": { "type": "long" }, "flow_active_timeout": { "type": "long" }, "flow_direction": { "type": "short" }, "flow_duration_microseconds": { "type": "long" }, "flow_duration_milliseconds": { "type": "long" }, "flow_end_delta_microseconds": { "type": "long" }, "flow_end_microseconds": { "type": "date" }, "flow_end_milliseconds": { "type": "date" }, "flow_end_nanoseconds": { "type": "date" }, "flow_end_reason": { "type": "short" }, "flow_end_seconds": { "type": "date" }, "flow_end_sys_up_time": { "type": "long" }, "flow_id": { "type": "long" }, "flow_idle_timeout": { "type": "long" }, "flow_key_indicator": { "type": "long" }, "flow_label_ipv6": { "type": "long" }, "flow_sampling_time_interval": { "type": "long" }, "flow_sampling_time_spacing": { "type": "long" }, "flow_selected_flow_delta_count": { "type": "long" }, "flow_selected_octet_delta_count": { "type": "long" }, "flow_selected_packet_delta_count": { "type": "long" }, "flow_selector_algorithm": { "type": "long" }, "flow_start_delta_microseconds": { "type": "long" }, "flow_start_microseconds": { "type": "date" }, "flow_start_milliseconds": { "type": "date" }, "flow_start_nanoseconds": { "type": "date" }, "flow_start_seconds": { "type": "date" }, "flow_start_sys_up_time": { "type": "long" }, "forwarding_status": { "type": "short" }, "fragment_flags": { "type": "short" }, "fragment_identification": { "type": "long" }, "fragment_offset": { "type": "long" }, "global_address_mapping_high_threshold": { "type": "long" }, "gre_key": { "type": "long" }, "hash_digest_output": { "type": "boolean" }, "hash_flow_domain": { "type": "long" }, "hash_initialiser_value": { "type": "long" }, "hash_ip_payload_offset": { "type": "long" }, "hash_ip_payload_size": { "type": "long" }, "hash_output_range_max": { "type": "long" }, "hash_output_range_min": { "type": "long" }, "hash_selected_range_max": { "type": "long" }, "hash_selected_range_min": { "type": "long" }, "http_content_type": { "ignore_above": 1024, "type": "keyword" }, "http_message_version": { "ignore_above": 1024, "type": "keyword" }, "http_reason_phrase": { "ignore_above": 1024, "type": "keyword" }, "http_request_host": { "ignore_above": 1024, "type": "keyword" }, "http_request_method": { "ignore_above": 1024, "type": "keyword" }, "http_request_target": { "ignore_above": 1024, "type": "keyword" }, "http_status_code": { "type": "long" }, "http_user_agent": { "ignore_above": 1024, "type": "keyword" }, "icmp_code_ipv4": { "type": "short" }, "icmp_code_ipv6": { "type": "short" }, "icmp_type_code_ipv4": { "type": "long" }, "icmp_type_code_ipv6": { "type": "long" }, "icmp_type_ipv4": { "type": "short" }, "icmp_type_ipv6": { "type": "short" }, "igmp_type": { "type": "short" }, "ignored_data_record_total_count": { "type": "long" }, "ignored_layer2_frame_total_count": { "type": "long" }, "ignored_layer2_octet_total_count": { "type": "long" }, "ignored_octet_total_count": { "type": "long" }, "ignored_packet_total_count": { "type": "long" }, "information_element_data_type": { "type": "short" }, "information_element_description": { "ignore_above": 1024, "type": "keyword" }, "information_element_id": { "type": "long" }, "information_element_index": { "type": "long" }, "information_element_name": { "ignore_above": 1024, "type": "keyword" }, "information_element_range_begin": { "type": "long" }, "information_element_range_end": { "type": "long" }, "information_element_semantics": { "type": "short" }, "information_element_units": { "type": "long" }, "ingress_broadcast_packet_total_count": { "type": "long" }, "ingress_interface": { "type": "long" }, "ingress_interface_type": { "type": "long" }, "ingress_multicast_packet_total_count": { "type": "long" }, "ingress_physical_interface": { "type": "long" }, "ingress_unicast_packet_total_count": { "type": "long" }, "ingress_vrfid": { "type": "long" }, "initiator_octets": { "type": "long" }, "initiator_packets": { "type": "long" }, "interface_description": { "ignore_above": 1024, "type": "keyword" }, "interface_name": { "ignore_above": 1024, "type": "keyword" }, "intermediate_process_id": { "type": "long" }, "internal_address_realm": { "type": "short" }, "ip_class_of_service": { "type": "short" }, "ip_diff_serv_code_point": { "type": "short" }, "ip_header_length": { "type": "short" }, "ip_header_packet_section": { "type": "short" }, "ip_next_hop_ipv4_address": { "type": "ip" }, "ip_next_hop_ipv6_address": { "type": "ip" }, "ip_payload_length": { "type": "long" }, "ip_payload_packet_section": { "type": "short" }, "ip_precedence": { "type": "short" }, "ip_sec_spi": { "type": "long" }, "ip_total_length": { "type": "long" }, "ip_ttl": { "type": "short" }, "ip_version": { "type": "short" }, "ipv4_ihl": { "type": "short" }, "ipv4_options": { "type": "long" }, "ipv4_router_sc": { "type": "ip" }, "ipv6_extension_headers": { "type": "long" }, "is_multicast": { "type": "short" }, "layer2_frame_delta_count": { "type": "long" }, "layer2_frame_total_count": { "type": "long" }, "layer2_octet_delta_count": { "type": "long" }, "layer2_octet_delta_sum_of_squares": { "type": "long" }, "layer2_octet_total_count": { "type": "long" }, "layer2_octet_total_sum_of_squares": { "type": "long" }, "layer2_segment_id": { "type": "long" }, "layer2packet_section_data": { "type": "short" }, "layer2packet_section_offset": { "type": "long" }, "layer2packet_section_size": { "type": "long" }, "line_card_id": { "type": "long" }, "lower_ci_limit": { "type": "double" }, "max_bib_entries": { "type": "long" }, "max_entries_per_user": { "type": "long" }, "max_export_seconds": { "type": "date" }, "max_flow_end_microseconds": { "type": "date" }, "max_flow_end_milliseconds": { "type": "date" }, "max_flow_end_nanoseconds": { "type": "date" }, "max_flow_end_seconds": { "type": "date" }, "max_fragments_pending_reassembly": { "type": "long" }, "max_session_entries": { "type": "long" }, "max_subscribers": { "type": "long" }, "maximum_ip_total_length": { "type": "long" }, "maximum_layer2_total_length": { "type": "long" }, "maximum_ttl": { "type": "short" }, "message_md5_checksum": { "type": "short" }, "message_scope": { "type": "short" }, "metering_process_id": { "type": "long" }, "metro_evc_id": { "ignore_above": 1024, "type": "keyword" }, "metro_evc_type": { "type": "short" }, "mib_capture_time_semantics": { "type": "short" }, "mib_context_engine_id": { "type": "short" }, "mib_context_name": { "ignore_above": 1024, "type": "keyword" }, "mib_index_indicator": { "type": "long" }, "mib_module_name": { "ignore_above": 1024, "type": "keyword" }, "mib_object_description": { "ignore_above": 1024, "type": "keyword" }, "mib_object_identifier": { "type": "short" }, "mib_object_name": { "ignore_above": 1024, "type": "keyword" }, "mib_object_syntax": { "ignore_above": 1024, "type": "keyword" }, "mib_object_value_bits": { "type": "short" }, "mib_object_value_counter": { "type": "long" }, "mib_object_value_gauge": { "type": "long" }, "mib_object_value_integer": { "type": "long" }, "mib_object_value_ip_address": { "type": "ip" }, "mib_object_value_octet_string": { "type": "short" }, "mib_object_value_oid": { "type": "short" }, "mib_object_value_time_ticks": { "type": "long" }, "mib_object_value_unsigned": { "type": "long" }, "mib_sub_identifier": { "type": "long" }, "min_export_seconds": { "type": "date" }, "min_flow_start_microseconds": { "type": "date" }, "min_flow_start_milliseconds": { "type": "date" }, "min_flow_start_nanoseconds": { "type": "date" }, "min_flow_start_seconds": { "type": "date" }, "minimum_ip_total_length": { "type": "long" }, "minimum_layer2_total_length": { "type": "long" }, "minimum_ttl": { "type": "short" }, "mobile_imsi": { "ignore_above": 1024, "type": "keyword" }, "mobile_msisdn": { "ignore_above": 1024, "type": "keyword" }, "monitoring_interval_end_milli_seconds": { "type": "date" }, "monitoring_interval_start_milli_seconds": { "type": "date" }, "mpls_label_stack_depth": { "type": "long" }, "mpls_label_stack_length": { "type": "long" }, "mpls_label_stack_section": { "type": "short" }, "mpls_label_stack_section10": { "type": "short" }, "mpls_label_stack_section2": { "type": "short" }, "mpls_label_stack_section3": { "type": "short" }, "mpls_label_stack_section4": { "type": "short" }, "mpls_label_stack_section5": { "type": "short" }, "mpls_label_stack_section6": { "type": "short" }, "mpls_label_stack_section7": { "type": "short" }, "mpls_label_stack_section8": { "type": "short" }, "mpls_label_stack_section9": { "type": "short" }, "mpls_payload_length": { "type": "long" }, "mpls_payload_packet_section": { "type": "short" }, "mpls_top_label_exp": { "type": "short" }, "mpls_top_label_ipv4_address": { "type": "ip" }, "mpls_top_label_ipv6_address": { "type": "ip" }, "mpls_top_label_prefix_length": { "type": "short" }, "mpls_top_label_stack_section": { "type": "short" }, "mpls_top_label_ttl": { "type": "short" }, "mpls_top_label_type": { "type": "short" }, "mpls_vpn_route_distinguisher": { "type": "short" }, "multicast_replication_factor": { "type": "long" }, "nat_event": { "type": "short" }, "nat_instance_id": { "type": "long" }, "nat_originating_address_realm": { "type": "short" }, "nat_pool_id": { "type": "long" }, "nat_pool_name": { "ignore_above": 1024, "type": "keyword" }, "nat_quota_exceeded_event": { "type": "long" }, "nat_threshold_event": { "type": "long" }, "nat_type": { "type": "short" }, "new_connection_delta_count": { "type": "long" }, "next_header_ipv6": { "type": "short" }, "not_sent_flow_total_count": { "type": "long" }, "not_sent_layer2_octet_total_count": { "type": "long" }, "not_sent_octet_total_count": { "type": "long" }, "not_sent_packet_total_count": { "type": "long" }, "observation_domain_id": { "type": "long" }, "observation_domain_name": { "ignore_above": 1024, "type": "keyword" }, "observation_point_id": { "type": "long" }, "observation_point_type": { "type": "short" }, "observation_time_microseconds": { "type": "date" }, "observation_time_milliseconds": { "type": "date" }, "observation_time_nanoseconds": { "type": "date" }, "observation_time_seconds": { "type": "date" }, "observed_flow_total_count": { "type": "long" }, "octet_delta_count": { "type": "long" }, "octet_delta_sum_of_squares": { "type": "long" }, "octet_total_count": { "type": "long" }, "octet_total_sum_of_squares": { "type": "long" }, "opaque_octets": { "type": "short" }, "original_exporter_ipv4_address": { "type": "ip" }, "original_exporter_ipv6_address": { "type": "ip" }, "original_flows_completed": { "type": "long" }, "original_flows_initiated": { "type": "long" }, "original_flows_present": { "type": "long" }, "original_observation_domain_id": { "type": "long" }, "p2p_technology": { "ignore_above": 1024, "type": "keyword" }, "packet_delta_count": { "type": "long" }, "packet_total_count": { "type": "long" }, "padding_octets": { "type": "short" }, "payload_length_ipv6": { "type": "long" }, "port_id": { "type": "long" }, "port_range_end": { "type": "long" }, "port_range_num_ports": { "type": "long" }, "port_range_start": { "type": "long" }, "port_range_step_size": { "type": "long" }, "post_destination_mac_address": { "ignore_above": 1024, "type": "keyword" }, "post_dot1q_customer_vlan_id": { "type": "long" }, "post_dot1q_vlan_id": { "type": "long" }, "post_ip_class_of_service": { "type": "short" }, "post_ip_diff_serv_code_point": { "type": "short" }, "post_ip_precedence": { "type": "short" }, "post_layer2_octet_delta_count": { "type": "long" }, "post_layer2_octet_total_count": { "type": "long" }, "post_mcast_layer2_octet_delta_count": { "type": "long" }, "post_mcast_layer2_octet_total_count": { "type": "long" }, "post_mcast_octet_delta_count": { "type": "long" }, "post_mcast_octet_total_count": { "type": "long" }, "post_mcast_packet_delta_count": { "type": "long" }, "post_mcast_packet_total_count": { "type": "long" }, "post_mpls_top_label_exp": { "type": "short" }, "post_napt_destination_transport_port": { "type": "long" }, "post_napt_source_transport_port": { "type": "long" }, "post_nat_destination_ipv4_address": { "type": "ip" }, "post_nat_destination_ipv6_address": { "type": "ip" }, "post_nat_source_ipv4_address": { "type": "ip" }, "post_nat_source_ipv6_address": { "type": "ip" }, "post_octet_delta_count": { "type": "long" }, "post_octet_total_count": { "type": "long" }, "post_packet_delta_count": { "type": "long" }, "post_packet_total_count": { "type": "long" }, "post_source_mac_address": { "ignore_above": 1024, "type": "keyword" }, "post_vlan_id": { "type": "long" }, "private_enterprise_number": { "type": "long" }, "protocol_identifier": { "type": "short" }, "pseudo_wire_control_word": { "type": "long" }, "pseudo_wire_destination_ipv4_address": { "type": "ip" }, "pseudo_wire_id": { "type": "long" }, "pseudo_wire_type": { "type": "long" }, "relative_error": { "type": "double" }, "responder_octets": { "type": "long" }, "responder_packets": { "type": "long" }, "rfc3550_jitter_microseconds": { "type": "long" }, "rfc3550_jitter_milliseconds": { "type": "long" }, "rfc3550_jitter_nanoseconds": { "type": "long" }, "rtp_sequence_number": { "type": "long" }, "sampler_id": { "type": "short" }, "sampler_mode": { "type": "short" }, "sampler_name": { "ignore_above": 1024, "type": "keyword" }, "sampler_random_interval": { "type": "long" }, "sampling_algorithm": { "type": "short" }, "sampling_flow_interval": { "type": "long" }, "sampling_flow_spacing": { "type": "long" }, "sampling_interval": { "type": "long" }, "sampling_packet_interval": { "type": "long" }, "sampling_packet_space": { "type": "long" }, "sampling_population": { "type": "long" }, "sampling_probability": { "type": "double" }, "sampling_size": { "type": "long" }, "sampling_time_interval": { "type": "long" }, "sampling_time_space": { "type": "long" }, "section_exported_octets": { "type": "long" }, "section_offset": { "type": "long" }, "selection_sequence_id": { "type": "long" }, "selector_algorithm": { "type": "long" }, "selector_id": { "type": "long" }, "selector_id_total_flows_observed": { "type": "long" }, "selector_id_total_flows_selected": { "type": "long" }, "selector_id_total_pkts_observed": { "type": "long" }, "selector_id_total_pkts_selected": { "type": "long" }, "selector_name": { "ignore_above": 1024, "type": "keyword" }, "session_scope": { "type": "short" }, "source_ipv4_address": { "type": "ip" }, "source_ipv4_prefix": { "type": "ip" }, "source_ipv4_prefix_length": { "type": "short" }, "source_ipv6_address": { "type": "ip" }, "source_ipv6_prefix": { "type": "ip" }, "source_ipv6_prefix_length": { "type": "short" }, "source_mac_address": { "ignore_above": 1024, "type": "keyword" }, "source_transport_port": { "type": "long" }, "source_transport_ports_limit": { "type": "long" }, "src_traffic_index": { "type": "long" }, "sta_ipv4_address": { "type": "ip" }, "sta_mac_address": { "ignore_above": 1024, "type": "keyword" }, "system_init_time_milliseconds": { "type": "date" }, "tcp_ack_total_count": { "type": "long" }, "tcp_acknowledgement_number": { "type": "long" }, "tcp_control_bits": { "type": "long" }, "tcp_destination_port": { "type": "long" }, "tcp_fin_total_count": { "type": "long" }, "tcp_header_length": { "type": "short" }, "tcp_options": { "type": "long" }, "tcp_psh_total_count": { "type": "long" }, "tcp_rst_total_count": { "type": "long" }, "tcp_sequence_number": { "type": "long" }, "tcp_source_port": { "type": "long" }, "tcp_syn_total_count": { "type": "long" }, "tcp_urg_total_count": { "type": "long" }, "tcp_urgent_pointer": { "type": "long" }, "tcp_window_scale": { "type": "long" }, "tcp_window_size": { "type": "long" }, "template_id": { "type": "long" }, "total_length_ipv4": { "type": "long" }, "transport_octet_delta_count": { "type": "long" }, "transport_packet_delta_count": { "type": "long" }, "tunnel_technology": { "ignore_above": 1024, "type": "keyword" }, "type": { "ignore_above": 1024, "type": "keyword" }, "udp_destination_port": { "type": "long" }, "udp_message_length": { "type": "long" }, "udp_source_port": { "type": "long" }, "upper_ci_limit": { "type": "double" }, "user_name": { "ignore_above": 1024, "type": "keyword" }, "value_distribution_method": { "type": "short" }, "virtual_station_interface_id": { "type": "short" }, "virtual_station_interface_name": { "ignore_above": 1024, "type": "keyword" }, "virtual_station_name": { "ignore_above": 1024, "type": "keyword" }, "virtual_station_uuid": { "type": "short" }, "vlan_id": { "type": "long" }, "vpn_identifier": { "type": "short" }, "vr_fname": { "ignore_above": 1024, "type": "keyword" }, "wlan_channel_id": { "type": "short" }, "wlan_ssid": { "ignore_above": 1024, "type": "keyword" }, "wtp_mac_address": { "ignore_above": 1024, "type": "keyword" } } } } } } }