{ "template": { "settings": { "index": { "lifecycle": { "name": "logs-endpoint.collection-diagnostic" }, "codec": "best_compression", "default_pipeline": "logs-endpoint.diagnostic.collection-8.10.2", "mapping": { "total_fields": { "limit": "10000" }, "ignore_malformed": "true" }, "query": { "default_field": [ "ecs.version", "event.action", "event.category", "event.code", "event.dataset", "event.hash", "event.id", "event.kind", "event.module", "event.outcome", "event.provider", "event.type" ] } } }, "mappings": { "dynamic": false, "properties": { "@timestamp": { "ignore_malformed": false, "type": "date" }, "ecs": { "properties": { "version": { "ignore_above": 1024, "type": "keyword" } } }, "data_stream": { "properties": { "namespace": { "type": "constant_keyword" }, "type": { "type": "constant_keyword" }, "dataset": { "type": "constant_keyword" } } }, "event": { "properties": { "severity": { "type": "long" }, "code": { "ignore_above": 1024, "type": "keyword" }, "created": { "type": "date" }, "kind": { "ignore_above": 1024, "type": "keyword" }, "module": { "ignore_above": 1024, "type": "keyword" }, "type": { "ignore_above": 1024, "type": "keyword" }, "sequence": { "type": "long" }, "ingested": { "type": "date" }, "provider": { "ignore_above": 1024, "type": "keyword" }, "action": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" }, "category": { "ignore_above": 1024, "type": "keyword" }, "dataset": { "ignore_above": 1024, "type": "keyword" }, "hash": { "ignore_above": 1024, "type": "keyword" }, "outcome": { "ignore_above": 1024, "type": "keyword" } } } } } }, "_meta": { "package": { "name": "endpoint" }, "managed_by": "fleet", "managed": true } }