Last active
February 9, 2017 17:08
-
-
Save darkshade9/35d15f75a2da8b132fef52a5a9882928 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "template": "network-*", | |
| "settings": { | |
| "index": { | |
| "refresh_interval": "5s" | |
| } | |
| }, | |
| "mappings": { | |
| "network": { | |
| "dynamic_templates": [{ | |
| "message_field": { | |
| "mapping": { | |
| "index": "analyzed", | |
| "omit_norms": true, | |
| "fielddata": { | |
| "format": "disabled" | |
| }, | |
| "type": "string" | |
| }, | |
| "match_mapping_type": "string", | |
| "match": "message" | |
| } | |
| }, { | |
| "string_fields": { | |
| "mapping": { | |
| "index": "analyzed", | |
| "omit_norms": true, | |
| "fielddata": { | |
| "format": "disabled" | |
| }, | |
| "type": "string", | |
| "fields": { | |
| "raw": { | |
| "index": "not_analyzed", | |
| "ignore_above": 256, | |
| "type": "string" | |
| } | |
| } | |
| }, | |
| "match_mapping_type": "string", | |
| "match": "*" | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "orig_dst_ip": { | |
| "type": "ip" | |
| }, | |
| "orig_src_ip": { | |
| "type": "ip" | |
| }, | |
| "err_dst_ip": { | |
| "type": "ip" | |
| }, | |
| "err_src_ip": { | |
| "type": "ip" | |
| }, | |
| "dst_ip": { | |
| "type": "ip" | |
| }, | |
| "src_ip": { | |
| "type": "ip" | |
| }, | |
| "drop_rate_current_avg": { | |
| "type": "long" | |
| }, | |
| "drop_rate_current_burst": { | |
| "type": "long" | |
| }, | |
| "drop_rate_max_avg": { | |
| "type": "long" | |
| }, | |
| "drop_rate_max_burst": { | |
| "type": "long" | |
| }, | |
| "drop_total_count": { | |
| "type": "long" | |
| }, | |
| "connection_count": { | |
| "type": "long" | |
| }, | |
| "connection_count_max": { | |
| "type": "long" | |
| }, | |
| "@timestamp": { | |
| "type": "date" | |
| }, | |
| "location": { | |
| "type": "geo_point" | |
| }, | |
| "geoip": { | |
| "dynamic": true, | |
| "properties": { | |
| "location": { | |
| "type": "geo_point" | |
| }, | |
| "latitude": { | |
| "type": "float" | |
| }, | |
| "longitude": { | |
| "type": "float" | |
| } | |
| } | |
| }, | |
| "@version": { | |
| "index": "not_analyzed", | |
| "type": "string" | |
| } | |
| }, | |
| "_all": { | |
| "enabled": true, | |
| "omit_norms": true | |
| } | |
| } | |
| }, | |
| "aliases": {} | |
| } |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Sets a template against the index called network-* that includes GeoIP information, and .raw fields for Visualization.