securityonion/salt/elasticsearch/templates/component/elastic-agent/logs-osquery_manager.result@custom.json

{
  "template": {
    "mappings": {
      "dynamic_templates": [
        {
          "action_data.ecs_mapping": {
            "path_match": "action_data.ecs_mapping.*",
            "mapping": {
              "type": "keyword"
            },
            "match_mapping_type": "string"
          }
        }
      ],
      "properties": {
        "action_data": {
          "dynamic": true,
          "type": "object",
          "properties": {
            "ecs_mapping": {
              "dynamic": true,
              "type": "object"
            },
            "id": {
              "ignore_above": 1024,
              "type": "keyword"
            },
            "platform": {
              "ignore_above": 1024,
              "type": "keyword"
            },
            "query": {
              "ignore_above": 1024,
              "type": "keyword"
            },
            "saved_query_id": {
              "ignore_above": 1024,
              "type": "keyword"
            },
            "version": {
              "ignore_above": 1024,
              "type": "keyword"
            }
          }
        }
      }
    }
  }
}