{
  "template": {
    "mappings": {
      "properties": {
        "so_audit_doc_id": {
          "ignore_above": 1024,
          "type": "keyword"
        },
        "@timestamp": {
          "type": "date"
        },
        "so_kind": {
          "ignore_above": 1024,
          "type": "keyword"
        },
        "so_operation": {
          "ignore_above": 1024,
          "type": "keyword"
        },
        "so_detection": {
          "properties": {
            "publicId": {
              "ignore_above": 1024,
	      "type": "keyword"
            },
            "title": {
	      "ignore_above": 1024,
              "type": "keyword"
            },
            "severity": {
              "ignore_above": 1024,
              "type": "keyword"
            },
            "author": {
              "ignore_above": 1024,
              "type": "keyword"
            },
            "description": {
              "type": "text"
            },
	    "category": {
              "ignore_above": 1024,
              "type": "keyword"
            },
	    "product": {
              "ignore_above": 1024,
              "type": "keyword"
            },
	    "service": {
              "ignore_above": 1024,
              "type": "keyword"
            },
            "content": {
              "type": "text"
            },
            "isEnabled": {
              "type": "boolean"
            },
            "isReporting": {
              "type": "boolean"
            },
            "isCommunity": {
              "type": "boolean"
            },
            "tags": {
              "ignore_above": 1024,
	      "type": "keyword"
            },
            "ruleset": {
              "ignore_above": 1024,
              "type": "keyword"
            },
            "engine": {
              "ignore_above": 1024,
              "type": "keyword"
            },
            "language": {
              "ignore_above": 1024,
              "type": "keyword"
            },
            "license": {
              "ignore_above": 1024,
              "type": "keyword"
            },
            "overrides": {
              "properties": {
                "type": {
                  "ignore_above": 1024,
                  "type": "keyword"
                },
                "isEnabled": {
                  "type": "boolean"
                },
                "createdAt": {
                  "type": "date"
                },
                "updatedAt": {
                  "type": "date"
                },
                "regex": {
                  "type": "text"
                },
                "value": {
                  "type": "text"
                },
                "thresholdType": {
                  "ignore_above": 1024,
                  "type": "keyword"
                },
                "track": {
                  "ignore_above": 1024,
                  "type": "keyword"
                },
                "ip": {
                  "type": "text"
                },
                "count": {
                  "type": "long"
                },
                "seconds": {
                  "type": "long"
                },
                "customFilter": {
                  "type": "text"
                }
              }
            }
          }
        },
        "so_detectioncomment": {
          "properties": {
            "createTime": {
              "type": "date"
            },
            "detectionId": {
              "ignore_above": 1024,
              "type": "keyword"
            },
            "value": {
              "type": "text"
            },
            "userId": {
              "ignore_above": 1024,
              "type": "keyword"
            }
          }
        }
      }
    }
  },
  "_meta": {
    "ecs_version": "1.12.2"
  }
}