securityonion/salt/elasticsearch/templates/component/elastic-agent/logs-system.syslog@custom.json

{
  "template": {
    "mappings": {
      "properties": {
        "error": {
          "properties": {
            "message": {
              "type": "match_only_text"
            }
	  }
	},
	"host": {
	  "properties":{
            "ip": {
              "type": "ip"
            }
	  }
	},
	"related": {
          "properties":{
            "ip": {
              "type": "ip"
            }
          }
        },
	"destination": {
          "properties":{
            "ip": {
              "type": "ip"
            }
          }
        },
	"source": {
          "properties":{
            "ip": {
              "type": "ip"
            }
          }
        }
      }
    }
  },
  "_meta": {
    "package": {
      "name": "system"
    },
    "managed_by": "fleet",
    "managed": true
  }
}