{ "index_patterns": [ "logstash-beats-*" ], "mappings": { "doc": { "_meta": { "version": "6.1.3" }, "date_detection": false, "dynamic_templates": [ { "fields": { "mapping": { "type": "keyword" }, "match_mapping_type": "string", "path_match": "fields.*" } }, { "docker.container.labels": { "mapping": { "type": "keyword" }, "match_mapping_type": "string", "path_match": "docker.container.labels.*" } }, { "strings_as_keyword": { "mapping": { "ignore_above": 1024, "type": "keyword" }, "match_mapping_type": "string" } } ], "properties": { "@timestamp": { "type": "date" }, "event_data": { "type":"object", "dynamic": true }, "beat_host": { "type":"object", "dynamic": true }, "activity_id": { "ignore_above": 1024, "type": "keyword" }, "beat": { "properties": { "hostname": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "timezone": { "ignore_above": 1024, "type": "keyword" }, "version": { "ignore_above": 1024, "type": "keyword" } } }, "username":{ "type":"text", "fields": { "keyword":{ "type":"keyword" } } }, "computer_name": { "type": "text", "fields":{ "keyword":{ "type":"keyword" } } }, "docker": { "properties": { "container": { "properties": { "id": { "ignore_above": 1024, "type": "keyword" }, "image": { "ignore_above": 1024, "type": "keyword" }, "labels": { "type": "object" }, "name": { "ignore_above": 1024, "type": "keyword" } } } } }, "error": { "properties": { "code": { "type": "long" }, "message": { "norms": false, "type": "text" }, "type": { "ignore_above": 1024, "type": "keyword" } } }, "event_id": { "type": "long" }, "fields": { "type": "object" }, "keywords": { "ignore_above": 1024, "type": "keyword" }, "kubernetes": { "properties": { "annotations": { "type": "object" }, "container": { "properties": { "image": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" } } }, "labels": { "type": "object" }, "namespace": { "ignore_above": 1024, "type": "keyword" }, "pod": { "properties": { "name": { "ignore_above": 1024, "type": "keyword" } } } } }, "level": { "ignore_above": 1024, "type": "keyword" }, "log_name": { "ignore_above": 1024, "type": "keyword" }, "message": { "norms": false, "type": "text" }, "message_error": { "ignore_above": 1024, "type": "keyword" }, "meta": { "properties": { "cloud": { "properties": { "availability_zone": { "ignore_above": 1024, "type": "keyword" }, "instance_id": { "ignore_above": 1024, "type": "keyword" }, "instance_name": { "ignore_above": 1024, "type": "keyword" }, "machine_type": { "ignore_above": 1024, "type": "keyword" }, "project_id": { "ignore_above": 1024, "type": "keyword" }, "provider": { "ignore_above": 1024, "type": "keyword" }, "region": { "ignore_above": 1024, "type": "keyword" } } } } }, "opcode": { "ignore_above": 1024, "type": "keyword" }, "process_id": { "type": "long" }, "provider_guid": { "ignore_above": 1024, "type": "keyword" }, "record_number": { "ignore_above": 1024, "type": "keyword" }, "related_activity_id": { "ignore_above": 1024, "type": "keyword" }, "source_name": { "ignore_above": 1024, "type": "keyword" }, "tags": { "ignore_above": 1024, "type": "keyword" }, "task": { "ignore_above": 1024, "type": "keyword" }, "thread_id": { "type": "long" }, "type": { "ignore_above": 1024, "type": "keyword" }, "user": { "properties": { "domain": { "type": "keyword" }, "identifier": { "type": "keyword" }, "name": { "type": "keyword" }, "type": { "type": "keyword" } } }, "user_data": { "type": "object", "dynamic": "true" }, "version": { "type": "keyword" }, "xml": { "norms": false, "type": "text" }, "apache2": { "properties": { "access": { "properties": { "agent": { "norms": false, "type": "text" }, "body_sent": { "properties": { "bytes": { "type": "long" } } }, "geoip": { "properties": { "city_name": { "ignore_above": 1024, "type": "keyword" }, "continent_name": { "ignore_above": 1024, "type": "keyword" }, "country_iso_code": { "ignore_above": 1024, "type": "keyword" }, "location": { "type": "geo_point" }, "region_name": { "ignore_above": 1024, "type": "keyword" } } }, "http_version": { "ignore_above": 1024, "type": "keyword" }, "method": { "ignore_above": 1024, "type": "keyword" }, "referrer": { "ignore_above": 1024, "type": "keyword" }, "remote_ip": { "ignore_above": 1024, "type": "keyword" }, "response_code": { "type": "long" }, "url": { "ignore_above": 1024, "type": "keyword" }, "user_agent": { "properties": { "device": { "ignore_above": 1024, "type": "keyword" }, "major": { "type": "long" }, "minor": { "type": "long" }, "name": { "ignore_above": 1024, "type": "keyword" }, "os": { "ignore_above": 1024, "type": "keyword" }, "os_major": { "type": "long" }, "os_minor": { "type": "long" }, "os_name": { "ignore_above": 1024, "type": "keyword" }, "patch": { "ignore_above": 1024, "type": "keyword" } } }, "user_name": { "ignore_above": 1024, "type": "keyword" } } }, "error": { "properties": { "client": { "ignore_above": 1024, "type": "keyword" }, "code": { "type": "long" }, "level": { "ignore_above": 1024, "type": "keyword" }, "message": { "norms": false, "type": "text" }, "module": { "ignore_above": 1024, "type": "keyword" }, "pid": { "type": "long" }, "tid": { "type": "long" }, "type": { "ignore_above": 1024, "type": "keyword" } } } } }, "auditd": { "properties": { "log": { "properties": { "a0": { "ignore_above": 1024, "type": "keyword" }, "acct": { "ignore_above": 1024, "type": "keyword" }, "geoip": { "properties": { "city_name": { "ignore_above": 1024, "type": "keyword" }, "continent_name": { "ignore_above": 1024, "type": "keyword" }, "country_iso_code": { "ignore_above": 1024, "type": "keyword" }, "location": { "type": "geo_point" }, "region_name": { "ignore_above": 1024, "type": "keyword" } } }, "item": { "ignore_above": 1024, "type": "keyword" }, "items": { "ignore_above": 1024, "type": "keyword" }, "new_auid": { "ignore_above": 1024, "type": "keyword" }, "new_ses": { "ignore_above": 1024, "type": "keyword" }, "old_auid": { "ignore_above": 1024, "type": "keyword" }, "old_ses": { "ignore_above": 1024, "type": "keyword" }, "pid": { "ignore_above": 1024, "type": "keyword" }, "ppid": { "ignore_above": 1024, "type": "keyword" }, "record_type": { "ignore_above": 1024, "type": "keyword" }, "res": { "ignore_above": 1024, "type": "keyword" }, "sequence": { "type": "long" } } } } }, "fileset": { "properties": { "module": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" } } }, "icinga": { "properties": { "debug": { "properties": { "facility": { "ignore_above": 1024, "type": "keyword" }, "message": { "norms": false, "type": "text" }, "severity": { "ignore_above": 1024, "type": "keyword" } } }, "main": { "properties": { "facility": { "ignore_above": 1024, "type": "keyword" }, "message": { "norms": false, "type": "text" }, "severity": { "ignore_above": 1024, "type": "keyword" } } }, "startup": { "properties": { "facility": { "ignore_above": 1024, "type": "keyword" }, "message": { "norms": false, "type": "text" }, "severity": { "ignore_above": 1024, "type": "keyword" } } } } }, "kafka": { "properties": { "log": { "properties": { "class": { "norms": false, "type": "text" }, "component": { "ignore_above": 1024, "type": "keyword" }, "level": { "ignore_above": 1024, "type": "keyword" }, "message": { "norms": false, "type": "text" }, "timestamp": { "ignore_above": 1024, "type": "keyword" }, "trace": { "properties": { "class": { "ignore_above": 1024, "type": "keyword" }, "full": { "norms": false, "type": "text" }, "message": { "norms": false, "type": "text" } } } } } } }, "logstash": { "properties": { "log": { "properties": { "level": { "ignore_above": 1024, "type": "keyword" }, "log_event": { "type": "object" }, "message": { "norms": false, "type": "text" }, "module": { "ignore_above": 1024, "type": "keyword" }, "thread": { "norms": false, "type": "text" } } }, "slowlog": { "properties": { "event": { "norms": false, "type": "text" }, "level": { "ignore_above": 1024, "type": "keyword" }, "message": { "norms": false, "type": "text" }, "module": { "ignore_above": 1024, "type": "keyword" }, "plugin_name": { "ignore_above": 1024, "type": "keyword" }, "plugin_params": { "norms": false, "type": "text" }, "plugin_params_object": { "type": "object" }, "plugin_type": { "ignore_above": 1024, "type": "keyword" }, "thread": { "norms": false, "type": "text" }, "took_in_millis": { "type": "long" }, "took_in_nanos": { "type": "long" } } } } }, "mysql": { "properties": { "error": { "properties": { "level": { "ignore_above": 1024, "type": "keyword" }, "message": { "norms": false, "type": "text" }, "thread_id": { "type": "long" }, "timestamp": { "ignore_above": 1024, "type": "keyword" } } }, "slowlog": { "properties": { "host": { "ignore_above": 1024, "type": "keyword" }, "id": { "type": "long" }, "ip": { "ignore_above": 1024, "type": "keyword" }, "lock_time": { "properties": { "sec": { "type": "float" } } }, "query": { "ignore_above": 1024, "type": "keyword" }, "query_time": { "properties": { "sec": { "type": "float" } } }, "rows_examined": { "type": "long" }, "rows_sent": { "type": "long" }, "timestamp": { "type": "long" }, "user": { "ignore_above": 1024, "type": "keyword" } } } } }, "nginx": { "properties": { "access": { "properties": { "agent": { "norms": false, "type": "text" }, "body_sent": { "properties": { "bytes": { "type": "long" } } }, "geoip": { "properties": { "city_name": { "ignore_above": 1024, "type": "keyword" }, "continent_name": { "ignore_above": 1024, "type": "keyword" }, "country_iso_code": { "ignore_above": 1024, "type": "keyword" }, "location": { "type": "geo_point" }, "region_name": { "ignore_above": 1024, "type": "keyword" } } }, "http_version": { "ignore_above": 1024, "type": "keyword" }, "method": { "ignore_above": 1024, "type": "keyword" }, "referrer": { "ignore_above": 1024, "type": "keyword" }, "remote_ip": { "ignore_above": 1024, "type": "keyword" }, "response_code": { "type": "long" }, "url": { "ignore_above": 1024, "type": "keyword" }, "user_agent": { "properties": { "device": { "ignore_above": 1024, "type": "keyword" }, "major": { "type": "long" }, "minor": { "type": "long" }, "name": { "ignore_above": 1024, "type": "keyword" }, "os": { "ignore_above": 1024, "type": "keyword" }, "os_major": { "type": "long" }, "os_minor": { "type": "long" }, "os_name": { "ignore_above": 1024, "type": "keyword" }, "patch": { "ignore_above": 1024, "type": "keyword" } } }, "user_name": { "ignore_above": 1024, "type": "keyword" } } }, "error": { "properties": { "connection_id": { "type": "long" }, "level": { "ignore_above": 1024, "type": "keyword" }, "message": { "norms": false, "type": "text" }, "pid": { "type": "long" }, "tid": { "type": "long" } } } } }, "offset": { "type": "long" }, "postgresql": { "properties": { "log": { "properties": { "database": { "ignore_above": 1024, "type": "keyword" }, "duration": { "type": "float" }, "level": { "ignore_above": 1024, "type": "keyword" }, "message": { "norms": false, "type": "text" }, "query": { "ignore_above": 1024, "type": "keyword" }, "thread_id": { "type": "long" }, "timestamp": { "ignore_above": 1024, "type": "keyword" }, "timezone": { "ignore_above": 1024, "type": "keyword" }, "user": { "ignore_above": 1024, "type": "keyword" } } } } }, "prospector": { "properties": { "type": { "ignore_above": 1024, "type": "keyword" } } }, "read_timestamp": { "ignore_above": 1024, "type": "keyword" }, "redis": { "properties": { "log": { "properties": { "level": { "ignore_above": 1024, "type": "keyword" }, "message": { "norms": false, "type": "text" }, "pid": { "type": "long" }, "role": { "ignore_above": 1024, "type": "keyword" } } }, "slowlog": { "properties": { "args": { "ignore_above": 1024, "type": "keyword" }, "cmd": { "ignore_above": 1024, "type": "keyword" }, "duration": { "properties": { "us": { "type": "long" } } }, "id": { "type": "long" }, "key": { "ignore_above": 1024, "type": "keyword" } } } } }, "source": { "ignore_above": 1024, "type": "keyword" }, "stream": { "ignore_above": 1024, "type": "keyword" }, "system": { "properties": { "auth": { "properties": { "groupadd": { "properties": { "gid": { "type": "long" }, "name": { "ignore_above": 1024, "type": "keyword" } } }, "hostname": { "ignore_above": 1024, "type": "keyword" }, "message": { "ignore_above": 1024, "type": "keyword" }, "pid": { "type": "long" }, "program": { "ignore_above": 1024, "type": "keyword" }, "ssh": { "properties": { "dropped_ip": { "type": "ip" }, "event": { "ignore_above": 1024, "type": "keyword" }, "geoip": { "properties": { "city_name": { "ignore_above": 1024, "type": "keyword" }, "continent_name": { "ignore_above": 1024, "type": "keyword" }, "country_iso_code": { "ignore_above": 1024, "type": "keyword" }, "location": { "type": "geo_point" }, "region_name": { "ignore_above": 1024, "type": "keyword" } } }, "ip": { "type": "ip" }, "method": { "ignore_above": 1024, "type": "keyword" }, "port": { "type": "long" }, "signature": { "ignore_above": 1024, "type": "keyword" } } }, "sudo": { "properties": { "command": { "ignore_above": 1024, "type": "keyword" }, "error": { "ignore_above": 1024, "type": "keyword" }, "pwd": { "ignore_above": 1024, "type": "keyword" }, "tty": { "ignore_above": 1024, "type": "keyword" }, "user": { "ignore_above": 1024, "type": "keyword" } } }, "timestamp": { "ignore_above": 1024, "type": "keyword" }, "user": { "ignore_above": 1024, "type": "keyword" }, "useradd": { "properties": { "gid": { "type": "long" }, "home": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "shell": { "ignore_above": 1024, "type": "keyword" }, "uid": { "type": "long" } } } } }, "syslog": { "properties": { "hostname": { "ignore_above": 1024, "type": "keyword" }, "message": { "ignore_above": 1024, "type": "keyword" }, "pid": { "ignore_above": 1024, "type": "keyword" }, "program": { "ignore_above": 1024, "type": "keyword" }, "timestamp": { "ignore_above": 1024, "type": "keyword" } } } } }, "traefik": { "properties": { "access": { "properties": { "agent": { "norms": false, "type": "text" }, "backend_url": { "norms": false, "type": "text" }, "body_sent": { "properties": { "bytes": { "type": "long" } } }, "frontend_name": { "norms": false, "type": "text" }, "geoip": { "properties": { "city_name": { "ignore_above": 1024, "type": "keyword" }, "continent_name": { "ignore_above": 1024, "type": "keyword" }, "country_iso_code": { "ignore_above": 1024, "type": "keyword" }, "location": { "type": "geo_point" }, "region_name": { "ignore_above": 1024, "type": "keyword" } } }, "http_version": { "ignore_above": 1024, "type": "keyword" }, "method": { "ignore_above": 1024, "type": "keyword" }, "referrer": { "ignore_above": 1024, "type": "keyword" }, "remote_ip": { "ignore_above": 1024, "type": "keyword" }, "request_count": { "type": "long" }, "response_code": { "type": "long" }, "url": { "ignore_above": 1024, "type": "keyword" }, "user_agent": { "properties": { "device": { "ignore_above": 1024, "type": "keyword" }, "major": { "type": "long" }, "minor": { "type": "long" }, "name": { "ignore_above": 1024, "type": "keyword" }, "os": { "ignore_above": 1024, "type": "keyword" }, "os_major": { "type": "long" }, "os_minor": { "type": "long" }, "os_name": { "ignore_above": 1024, "type": "keyword" }, "patch": { "ignore_above": 1024, "type": "keyword" } } }, "user_name": { "ignore_above": 1024, "type": "keyword" } } } } } } } }, "order": 1, "settings": { "index": { "mapping": { "total_fields": { "limit": 10000 } }, "number_of_replicas": 0, "number_of_shards": 1, "refresh_interval": "30s" } } }