{ "_meta": { "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-base.html", "ecs_version": "1.12.2" }, "template": { "mappings": { "properties": { "checkpoint": { "properties": { "action_reason": { "type": "long" }, "action_reason_msg": { "ignore_above": 1024, "type": "keyword" }, "additional_info": { "ignore_above": 1024, "type": "keyword" }, "additional_ip": { "ignore_above": 1024, "type": "keyword" }, "additional_rdata": { "ignore_above": 1024, "type": "keyword" }, "alert": { "ignore_above": 1024, "type": "keyword" }, "allocated_ports": { "type": "long" }, "analyzed_on": { "ignore_above": 1024, "type": "keyword" }, "answer_rdata": { "ignore_above": 1024, "type": "keyword" }, "anti_virus_type": { "ignore_above": 1024, "type": "keyword" }, "app_desc": { "ignore_above": 1024, "type": "keyword" }, "app_id": { "type": "long" }, "app_package": { "ignore_above": 1024, "type": "keyword" }, "app_properties": { "ignore_above": 1024, "type": "keyword" }, "app_repackaged": { "ignore_above": 1024, "type": "keyword" }, "app_risk": { "ignore_above": 1024, "type": "keyword" }, "app_severity": { "ignore_above": 1024, "type": "keyword" }, "app_sid_id": { "ignore_above": 1024, "type": "keyword" }, "app_sig_id": { "ignore_above": 1024, "type": "keyword" }, "app_version": { "ignore_above": 1024, "type": "keyword" }, "appi_name": { "ignore_above": 1024, "type": "keyword" }, "arrival_time": { "ignore_above": 1024, "type": "keyword" }, "attachments_num": { "type": "long" }, "attack_status": { "ignore_above": 1024, "type": "keyword" }, "audit_status": { "ignore_above": 1024, "type": "keyword" }, "auth_method": { "ignore_above": 1024, "type": "keyword" }, "authority_rdata": { "ignore_above": 1024, "type": "keyword" }, "authorization": { "ignore_above": 1024, "type": "keyword" }, "bcc": { "ignore_above": 1024, "type": "keyword" }, "blade_name": { "ignore_above": 1024, "type": "keyword" }, "broker_publisher": { "type": "ip" }, "browse_time": { "ignore_above": 1024, "type": "keyword" }, "c_bytes": { "type": "long" }, "calc_desc": { "ignore_above": 1024, "type": "keyword" }, "capacity": { "type": "long" }, "capture_uuid": { "ignore_above": 1024, "type": "keyword" }, "category": { "ignore_above": 1024, "type": "keyword" }, "cc": { "ignore_above": 1024, "type": "keyword" }, "certificate_resource": { "ignore_above": 1024, "type": "keyword" }, "certificate_validation": { "ignore_above": 1024, "type": "keyword" }, "cgnet": { "ignore_above": 1024, "type": "keyword" }, "chunk_type": { "ignore_above": 1024, "type": "keyword" }, "client_name": { "ignore_above": 1024, "type": "keyword" }, "client_type": { "ignore_above": 1024, "type": "keyword" }, "client_type_os": { "ignore_above": 1024, "type": "keyword" }, "client_version": { "ignore_above": 1024, "type": "keyword" }, "cluster_info": { "ignore_above": 1024, "type": "keyword" }, "community": { "ignore_above": 1024, "type": "keyword" }, "confidence_level": { "type": "long" }, "connection_uid": { "ignore_above": 1024, "type": "keyword" }, "connectivity_level": { "ignore_above": 1024, "type": "keyword" }, "connectivity_state": { "ignore_above": 1024, "type": "keyword" }, "conns_amount": { "type": "long" }, "content_disposition": { "ignore_above": 1024, "type": "keyword" }, "content_length": { "ignore_above": 1024, "type": "keyword" }, "content_risk": { "type": "long" }, "content_type": { "ignore_above": 1024, "type": "keyword" }, "context_num": { "type": "long" }, "cookie": { "ignore_above": 1024, "type": "keyword" }, "cookieI": { "ignore_above": 1024, "type": "keyword" }, "cookieR": { "ignore_above": 1024, "type": "keyword" }, "cp_message": { "type": "long" }, "cvpn_category": { "ignore_above": 1024, "type": "keyword" }, "cvpn_resource": { "ignore_above": 1024, "type": "keyword" }, "data_type_name": { "ignore_above": 1024, "type": "keyword" }, "dce-rpc_interface_uuid": { "ignore_above": 1024, "type": "keyword" }, "delivery_time": { "ignore_above": 1024, "type": "keyword" }, "desc": { "ignore_above": 1024, "type": "keyword" }, "description": { "ignore_above": 1024, "type": "keyword" }, "destination_object": { "ignore_above": 1024, "type": "keyword" }, "detected_on": { "ignore_above": 1024, "type": "keyword" }, "developer_certificate_name": { "ignore_above": 1024, "type": "keyword" }, "diameter_app_ID": { "type": "long" }, "diameter_cmd_code": { "type": "long" }, "diameter_msg_type": { "ignore_above": 1024, "type": "keyword" }, "dlp_action_reason": { "ignore_above": 1024, "type": "keyword" }, "dlp_additional_action": { "ignore_above": 1024, "type": "keyword" }, "dlp_categories": { "ignore_above": 1024, "type": "keyword" }, "dlp_data_type_name": { "ignore_above": 1024, "type": "keyword" }, "dlp_data_type_uid": { "ignore_above": 1024, "type": "keyword" }, "dlp_fingerprint_files_number": { "type": "long" }, "dlp_fingerprint_long_status": { "ignore_above": 1024, "type": "keyword" }, "dlp_fingerprint_short_status": { "ignore_above": 1024, "type": "keyword" }, "dlp_incident_uid": { "ignore_above": 1024, "type": "keyword" }, "dlp_recipients": { "ignore_above": 1024, "type": "keyword" }, "dlp_related_incident_uid": { "ignore_above": 1024, "type": "keyword" }, "dlp_relevant_data_types": { "ignore_above": 1024, "type": "keyword" }, "dlp_repository_directories_number": { "type": "long" }, "dlp_repository_files_number": { "type": "long" }, "dlp_repository_id": { "ignore_above": 1024, "type": "keyword" }, "dlp_repository_not_scanned_directories_percentage": { "type": "long" }, "dlp_repository_reached_directories_number": { "type": "long" }, "dlp_repository_root_path": { "ignore_above": 1024, "type": "keyword" }, "dlp_repository_scan_progress": { "type": "long" }, "dlp_repository_scanned_directories_number": { "type": "long" }, "dlp_repository_scanned_files_number": { "type": "long" }, "dlp_repository_scanned_total_size": { "type": "long" }, "dlp_repository_skipped_files_number": { "type": "long" }, "dlp_repository_total_size": { "type": "long" }, "dlp_repository_unreachable_directories_number": { "type": "long" }, "dlp_rule_name": { "ignore_above": 1024, "type": "keyword" }, "dlp_subject": { "ignore_above": 1024, "type": "keyword" }, "dlp_template_score": { "ignore_above": 1024, "type": "keyword" }, "dlp_transint": { "ignore_above": 1024, "type": "keyword" }, "dlp_violation_description": { "ignore_above": 1024, "type": "keyword" }, "dlp_watermark_profile": { "ignore_above": 1024, "type": "keyword" }, "dlp_word_list": { "ignore_above": 1024, "type": "keyword" }, "dns_query": { "ignore_above": 1024, "type": "keyword" }, "drop_reason": { "ignore_above": 1024, "type": "keyword" }, "dropped_file_hash": { "ignore_above": 1024, "type": "keyword" }, "dropped_file_name": { "ignore_above": 1024, "type": "keyword" }, "dropped_file_type": { "ignore_above": 1024, "type": "keyword" }, "dropped_file_verdict": { "ignore_above": 1024, "type": "keyword" }, "dropped_incoming": { "type": "long" }, "dropped_outgoing": { "type": "long" }, "dropped_total": { "type": "long" }, "drops_amount": { "type": "long" }, "dst_country": { "ignore_above": 1024, "type": "keyword" }, "dst_phone_number": { "ignore_above": 1024, "type": "keyword" }, "dst_user_name": { "ignore_above": 1024, "type": "keyword" }, "dstkeyid": { "ignore_above": 1024, "type": "keyword" }, "duplicate": { "ignore_above": 1024, "type": "keyword" }, "duration": { "ignore_above": 1024, "type": "keyword" }, "elapsed": { "ignore_above": 1024, "type": "keyword" }, "email_content": { "ignore_above": 1024, "type": "keyword" }, "email_control": { "ignore_above": 1024, "type": "keyword" }, "email_control_analysis": { "ignore_above": 1024, "type": "keyword" }, "email_headers": { "ignore_above": 1024, "type": "keyword" }, "email_id": { "ignore_above": 1024, "type": "keyword" }, "email_message_id": { "ignore_above": 1024, "type": "keyword" }, "email_queue_id": { "ignore_above": 1024, "type": "keyword" }, "email_queue_name": { "ignore_above": 1024, "type": "keyword" }, "email_recipients_num": { "type": "long" }, "email_session_id": { "ignore_above": 1024, "type": "keyword" }, "email_spam_category": { "ignore_above": 1024, "type": "keyword" }, "email_spool_id": { "ignore_above": 1024, "type": "keyword" }, "email_status": { "ignore_above": 1024, "type": "keyword" }, "email_subject": { "ignore_above": 1024, "type": "keyword" }, "emulated_on": { "ignore_above": 1024, "type": "keyword" }, "encryption_failure": { "ignore_above": 1024, "type": "keyword" }, "end_time": { "ignore_above": 1024, "type": "keyword" }, "end_user_firewall_type": { "ignore_above": 1024, "type": "keyword" }, "esod_access_status": { "ignore_above": 1024, "type": "keyword" }, "esod_associated_policies": { "ignore_above": 1024, "type": "keyword" }, "esod_noncompliance_reason": { "ignore_above": 1024, "type": "keyword" }, "esod_rule_action": { "ignore_above": 1024, "type": "keyword" }, "esod_rule_name": { "ignore_above": 1024, "type": "keyword" }, "esod_rule_type": { "ignore_above": 1024, "type": "keyword" }, "esod_scan_status": { "ignore_above": 1024, "type": "keyword" }, "event_count": { "type": "long" }, "expire_time": { "ignore_above": 1024, "type": "keyword" }, "extension_version": { "ignore_above": 1024, "type": "keyword" }, "extracted_file_hash": { "ignore_above": 1024, "type": "keyword" }, "extracted_file_names": { "ignore_above": 1024, "type": "keyword" }, "extracted_file_type": { "ignore_above": 1024, "type": "keyword" }, "extracted_file_uid": { "ignore_above": 1024, "type": "keyword" }, "extracted_file_verdict": { "ignore_above": 1024, "type": "keyword" }, "failure_impact": { "ignore_above": 1024, "type": "keyword" }, "failure_reason": { "ignore_above": 1024, "type": "keyword" }, "file_direction": { "ignore_above": 1024, "type": "keyword" }, "file_name": { "ignore_above": 1024, "type": "keyword" }, "files_names": { "ignore_above": 1024, "type": "keyword" }, "first_hit_time": { "type": "long" }, "frequency": { "ignore_above": 1024, "type": "keyword" }, "fs-proto": { "ignore_above": 1024, "type": "keyword" }, "ftp_user": { "ignore_above": 1024, "type": "keyword" }, "fw_message": { "ignore_above": 1024, "type": "keyword" }, "fw_subproduct": { "ignore_above": 1024, "type": "keyword" }, "hide_ip": { "type": "ip" }, "hit": { "type": "long" }, "host_time": { "ignore_above": 1024, "type": "keyword" }, "http_host": { "ignore_above": 1024, "type": "keyword" }, "http_location": { "ignore_above": 1024, "type": "keyword" }, "http_server": { "ignore_above": 1024, "type": "keyword" }, "https_inspection_action": { "ignore_above": 1024, "type": "keyword" }, "https_inspection_rule_id": { "ignore_above": 1024, "type": "keyword" }, "https_inspection_rule_name": { "ignore_above": 1024, "type": "keyword" }, "https_validation": { "ignore_above": 1024, "type": "keyword" }, "icap_more_info": { "type": "long" }, "icap_server_name": { "ignore_above": 1024, "type": "keyword" }, "icap_server_service": { "ignore_above": 1024, "type": "keyword" }, "icap_service_id": { "type": "long" }, "icmp": { "ignore_above": 1024, "type": "keyword" }, "icmp_code": { "type": "long" }, "icmp_type": { "type": "long" }, "id": { "type": "long" }, "identity_type": { "ignore_above": 1024, "type": "keyword" }, "ike": { "ignore_above": 1024, "type": "keyword" }, "ike_ids": { "ignore_above": 1024, "type": "keyword" }, "impacted_files": { "ignore_above": 1024, "type": "keyword" }, "incident_extension": { "ignore_above": 1024, "type": "keyword" }, "indicator_description": { "ignore_above": 1024, "type": "keyword" }, "indicator_name": { "ignore_above": 1024, "type": "keyword" }, "indicator_reference": { "ignore_above": 1024, "type": "keyword" }, "indicator_uuid": { "ignore_above": 1024, "type": "keyword" }, "info": { "ignore_above": 1024, "type": "keyword" }, "information": { "ignore_above": 1024, "type": "keyword" }, "inspection_category": { "ignore_above": 1024, "type": "keyword" }, "inspection_item": { "ignore_above": 1024, "type": "keyword" }, "inspection_profile": { "ignore_above": 1024, "type": "keyword" }, "inspection_settings_log": { "ignore_above": 1024, "type": "keyword" }, "installed_products": { "ignore_above": 1024, "type": "keyword" }, "int_end": { "type": "long" }, "int_start": { "type": "long" }, "integrity_av_invoke_type": { "ignore_above": 1024, "type": "keyword" }, "interface_name": { "ignore_above": 1024, "type": "keyword" }, "internal_error": { "ignore_above": 1024, "type": "keyword" }, "invalid_file_size": { "type": "long" }, "ip_option": { "type": "long" }, "isp_link": { "ignore_above": 1024, "type": "keyword" }, "last_hit_time": { "type": "long" }, "last_rematch_time": { "ignore_above": 1024, "type": "keyword" }, "layer_name": { "ignore_above": 1024, "type": "keyword" }, "layer_uuid": { "ignore_above": 1024, "type": "keyword" }, "limit_applied": { "type": "long" }, "limit_requested": { "type": "long" }, "link_probing_status_update": { "ignore_above": 1024, "type": "keyword" }, "links_num": { "type": "long" }, "log_delay": { "type": "long" }, "log_id": { "type": "long" }, "logid": { "ignore_above": 1024, "type": "keyword" }, "long_desc": { "ignore_above": 1024, "type": "keyword" }, "machine": { "ignore_above": 1024, "type": "keyword" }, "malware_family": { "ignore_above": 1024, "type": "keyword" }, "match_fk": { "type": "long" }, "match_id": { "type": "long" }, "matched_file": { "ignore_above": 1024, "type": "keyword" }, "matched_file_percentage": { "type": "long" }, "matched_file_text_segments": { "type": "long" }, "media_type": { "ignore_above": 1024, "type": "keyword" }, "message": { "ignore_above": 1024, "type": "keyword" }, "message_info": { "ignore_above": 1024, "type": "keyword" }, "message_size": { "type": "long" }, "method": { "ignore_above": 1024, "type": "keyword" }, "methods": { "ignore_above": 1024, "type": "keyword" }, "mime_from": { "ignore_above": 1024, "type": "keyword" }, "mime_to": { "ignore_above": 1024, "type": "keyword" }, "mirror_and_decrypt_type": { "ignore_above": 1024, "type": "keyword" }, "mitre_collection": { "ignore_above": 1024, "type": "keyword" }, "mitre_command_and_control": { "ignore_above": 1024, "type": "keyword" }, "mitre_credential_access": { "ignore_above": 1024, "type": "keyword" }, "mitre_defense_evasion": { "ignore_above": 1024, "type": "keyword" }, "mitre_discovery": { "ignore_above": 1024, "type": "keyword" }, "mitre_execution": { "ignore_above": 1024, "type": "keyword" }, "mitre_exfiltration": { "ignore_above": 1024, "type": "keyword" }, "mitre_impact": { "ignore_above": 1024, "type": "keyword" }, "mitre_initial_access": { "ignore_above": 1024, "type": "keyword" }, "mitre_lateral_movement": { "ignore_above": 1024, "type": "keyword" }, "mitre_persistence": { "ignore_above": 1024, "type": "keyword" }, "mitre_privilege_escalation": { "ignore_above": 1024, "type": "keyword" }, "monitor_reason": { "ignore_above": 1024, "type": "keyword" }, "msgid": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "nat46": { "ignore_above": 1024, "type": "keyword" }, "nat_addtnl_rulenum": { "type": "long" }, "nat_exhausted_pool": { "ignore_above": 1024, "type": "keyword" }, "nat_rulenum": { "type": "long" }, "needs_browse_time": { "type": "long" }, "next_hop_ip": { "ignore_above": 1024, "type": "keyword" }, "next_scheduled_scan_date": { "ignore_above": 1024, "type": "keyword" }, "number_of_errors": { "type": "long" }, "objecttable": { "ignore_above": 1024, "type": "keyword" }, "objecttype": { "ignore_above": 1024, "type": "keyword" }, "observable_comment": { "ignore_above": 1024, "type": "keyword" }, "observable_id": { "ignore_above": 1024, "type": "keyword" }, "observable_name": { "ignore_above": 1024, "type": "keyword" }, "operation": { "ignore_above": 1024, "type": "keyword" }, "operation_number": { "ignore_above": 1024, "type": "keyword" }, "origin_sic_name": { "ignore_above": 1024, "type": "keyword" }, "original_queue_id": { "ignore_above": 1024, "type": "keyword" }, "outgoing_url": { "ignore_above": 1024, "type": "keyword" }, "packet_amount": { "type": "long" }, "packet_capture_unique_id": { "ignore_above": 1024, "type": "keyword" }, "parent_file_hash": { "ignore_above": 1024, "type": "keyword" }, "parent_file_name": { "ignore_above": 1024, "type": "keyword" }, "parent_file_uid": { "ignore_above": 1024, "type": "keyword" }, "parent_process_username": { "ignore_above": 1024, "type": "keyword" }, "parent_rule": { "type": "long" }, "peer_gateway": { "type": "ip" }, "peer_ip": { "ignore_above": 1024, "type": "keyword" }, "peer_ip_probing_status_update": { "ignore_above": 1024, "type": "keyword" }, "performance_impact": { "type": "long" }, "policy_mgmt": { "ignore_above": 1024, "type": "keyword" }, "policy_name": { "ignore_above": 1024, "type": "keyword" }, "ports_usage": { "type": "long" }, "ppp": { "ignore_above": 1024, "type": "keyword" }, "precise_error": { "ignore_above": 1024, "type": "keyword" }, "process_username": { "ignore_above": 1024, "type": "keyword" }, "properties": { "ignore_above": 1024, "type": "keyword" }, "protection_id": { "ignore_above": 1024, "type": "keyword" }, "protection_name": { "ignore_above": 1024, "type": "keyword" }, "protection_type": { "ignore_above": 1024, "type": "keyword" }, "protocol": { "ignore_above": 1024, "type": "keyword" }, "proxy_machine_name": { "type": "long" }, "proxy_src_ip": { "type": "ip" }, "proxy_user_dn": { "ignore_above": 1024, "type": "keyword" }, "proxy_user_name": { "ignore_above": 1024, "type": "keyword" }, "query": { "ignore_above": 1024, "type": "keyword" }, "question_rdata": { "ignore_above": 1024, "type": "keyword" }, "referrer": { "ignore_above": 1024, "type": "keyword" }, "referrer_parent_uid": { "ignore_above": 1024, "type": "keyword" }, "referrer_self_uid": { "ignore_above": 1024, "type": "keyword" }, "registered_ip-phones": { "ignore_above": 1024, "type": "keyword" }, "reject_category": { "ignore_above": 1024, "type": "keyword" }, "reject_id": { "ignore_above": 1024, "type": "keyword" }, "rematch_info": { "ignore_above": 1024, "type": "keyword" }, "remediated_files": { "ignore_above": 1024, "type": "keyword" }, "reply_status": { "type": "long" }, "risk": { "ignore_above": 1024, "type": "keyword" }, "rpc_prog": { "type": "long" }, "rule": { "type": "long" }, "rule_action": { "ignore_above": 1024, "type": "keyword" }, "rulebase_id": { "type": "long" }, "scan_direction": { "ignore_above": 1024, "type": "keyword" }, "scan_hosts_day": { "type": "long" }, "scan_hosts_hour": { "type": "long" }, "scan_hosts_week": { "type": "long" }, "scan_id": { "ignore_above": 1024, "type": "keyword" }, "scan_mail": { "type": "long" }, "scan_result": { "ignore_above": 1024, "type": "keyword" }, "scan_results": { "ignore_above": 1024, "type": "keyword" }, "scheme": { "ignore_above": 1024, "type": "keyword" }, "scope": { "ignore_above": 1024, "type": "keyword" }, "scrub_activity": { "ignore_above": 1024, "type": "keyword" }, "scrub_download_time": { "ignore_above": 1024, "type": "keyword" }, "scrub_time": { "ignore_above": 1024, "type": "keyword" }, "scrub_total_time": { "ignore_above": 1024, "type": "keyword" }, "scrubbed_content": { "ignore_above": 1024, "type": "keyword" }, "sctp_association_state": { "ignore_above": 1024, "type": "keyword" }, "sctp_error": { "ignore_above": 1024, "type": "keyword" }, "scv_message_info": { "ignore_above": 1024, "type": "keyword" }, "scv_user": { "ignore_above": 1024, "type": "keyword" }, "securexl_message": { "ignore_above": 1024, "type": "keyword" }, "sensor_mode": { "ignore_above": 1024, "type": "keyword" }, "session_id": { "ignore_above": 1024, "type": "keyword" }, "session_uid": { "ignore_above": 1024, "type": "keyword" }, "severity": { "ignore_above": 1024, "type": "keyword" }, "short_desc": { "ignore_above": 1024, "type": "keyword" }, "sig_id": { "ignore_above": 1024, "type": "keyword" }, "similar_communication": { "ignore_above": 1024, "type": "keyword" }, "similar_hashes": { "ignore_above": 1024, "type": "keyword" }, "similar_strings": { "ignore_above": 1024, "type": "keyword" }, "similiar_iocs": { "ignore_above": 1024, "type": "keyword" }, "sip_reason": { "ignore_above": 1024, "type": "keyword" }, "site_name": { "ignore_above": 1024, "type": "keyword" }, "source_interface": { "ignore_above": 1024, "type": "keyword" }, "source_object": { "ignore_above": 1024, "type": "keyword" }, "source_os": { "ignore_above": 1024, "type": "keyword" }, "special_properties": { "type": "long" }, "specific_data_type_name": { "ignore_above": 1024, "type": "keyword" }, "speed": { "type": "long" }, "spyware_name": { "ignore_above": 1024, "type": "keyword" }, "spyware_status": { "ignore_above": 1024, "type": "keyword" }, "spyware_type": { "ignore_above": 1024, "type": "keyword" }, "src_country": { "ignore_above": 1024, "type": "keyword" }, "src_phone_number": { "ignore_above": 1024, "type": "keyword" }, "src_user_dn": { "ignore_above": 1024, "type": "keyword" }, "src_user_name": { "ignore_above": 1024, "type": "keyword" }, "srckeyid": { "ignore_above": 1024, "type": "keyword" }, "status": { "ignore_above": 1024, "type": "keyword" }, "status_update": { "ignore_above": 1024, "type": "keyword" }, "sub_policy_name": { "ignore_above": 1024, "type": "keyword" }, "sub_policy_uid": { "ignore_above": 1024, "type": "keyword" }, "subs_exp": { "type": "date" }, "subscriber": { "type": "ip" }, "summary": { "ignore_above": 1024, "type": "keyword" }, "suppressed_logs": { "type": "long" }, "sync": { "ignore_above": 1024, "type": "keyword" }, "sys_message": { "ignore_above": 1024, "type": "keyword" }, "tcp_end_reason": { "ignore_above": 1024, "type": "keyword" }, "tcp_flags": { "ignore_above": 1024, "type": "keyword" }, "tcp_packet_out_of_state": { "ignore_above": 1024, "type": "keyword" }, "tcp_state": { "ignore_above": 1024, "type": "keyword" }, "te_verdict_determined_by": { "ignore_above": 1024, "type": "keyword" }, "termination_reason": { "ignore_above": 1024, "type": "keyword" }, "ticket_id": { "ignore_above": 1024, "type": "keyword" }, "tls_server_host_name": { "ignore_above": 1024, "type": "keyword" }, "top_archive_file_name": { "ignore_above": 1024, "type": "keyword" }, "total_attachments": { "type": "long" }, "triggered_by": { "ignore_above": 1024, "type": "keyword" }, "trusted_domain": { "ignore_above": 1024, "type": "keyword" }, "unique_detected_day": { "type": "long" }, "unique_detected_hour": { "type": "long" }, "unique_detected_week": { "type": "long" }, "update_status": { "ignore_above": 1024, "type": "keyword" }, "url": { "ignore_above": 1024, "type": "keyword" }, "user": { "ignore_above": 1024, "type": "keyword" }, "user_agent": { "ignore_above": 1024, "type": "keyword" }, "user_status": { "ignore_above": 1024, "type": "keyword" }, "uuid": { "ignore_above": 1024, "type": "keyword" }, "vendor_list": { "ignore_above": 1024, "type": "keyword" }, "verdict": { "ignore_above": 1024, "type": "keyword" }, "via": { "ignore_above": 1024, "type": "keyword" }, "virus_name": { "ignore_above": 1024, "type": "keyword" }, "voip_attach_action_info": { "ignore_above": 1024, "type": "keyword" }, "voip_attach_sz": { "type": "long" }, "voip_call_dir": { "ignore_above": 1024, "type": "keyword" }, "voip_call_id": { "ignore_above": 1024, "type": "keyword" }, "voip_call_state": { "ignore_above": 1024, "type": "keyword" }, "voip_call_term_time": { "ignore_above": 1024, "type": "keyword" }, "voip_config": { "ignore_above": 1024, "type": "keyword" }, "voip_duration": { "ignore_above": 1024, "type": "keyword" }, "voip_est_codec": { "ignore_above": 1024, "type": "keyword" }, "voip_exp": { "type": "long" }, "voip_from_user_type": { "ignore_above": 1024, "type": "keyword" }, "voip_log_type": { "ignore_above": 1024, "type": "keyword" }, "voip_media_codec": { "ignore_above": 1024, "type": "keyword" }, "voip_media_ipp": { "ignore_above": 1024, "type": "keyword" }, "voip_media_port": { "ignore_above": 1024, "type": "keyword" }, "voip_method": { "ignore_above": 1024, "type": "keyword" }, "voip_reason_info": { "ignore_above": 1024, "type": "keyword" }, "voip_reg_int": { "type": "long" }, "voip_reg_ipp": { "type": "long" }, "voip_reg_period": { "type": "long" }, "voip_reg_server": { "type": "ip" }, "voip_reg_user_type": { "ignore_above": 1024, "type": "keyword" }, "voip_reject_reason": { "ignore_above": 1024, "type": "keyword" }, "voip_to_user_type": { "ignore_above": 1024, "type": "keyword" }, "vpn_feature_name": { "ignore_above": 1024, "type": "keyword" }, "watermark": { "ignore_above": 1024, "type": "keyword" }, "web_server_type": { "ignore_above": 1024, "type": "keyword" }, "word_list": { "ignore_above": 1024, "type": "keyword" } } } } } } }