File tree Expand file tree Collapse file tree 10 files changed +929
-640
lines changed
package/endpoint/elasticsearch Expand file tree Collapse file tree 10 files changed +929
-640
lines changed Original file line number Diff line number Diff line change 1+ {
2+ "index_patterns" : [
3+ " metrics-endpoint.metadata_current_*"
4+ ],
5+ "priority" : 200 ,
6+ "template" : {
7+ "mappings" : {
8+ "dynamic" : " false"
9+ "_meta" : {},
10+ "dynamic_templates" : [
11+ {
12+ "strings_as_keyword" : {
13+ "match_mapping_type" : " string"
14+ "mapping" : {
15+ "ignore_above" : 1024 ,
16+ "type" : " keyword"
17+ }
18+ }
19+ }
20+ ],
21+ "date_detection" : false ,
22+ "properties" : {
23+ "@timestamp" : {
24+ "type" : " date"
25+ },
26+ "updated_at" : {
27+ "type" : " alias"
28+ "path" : " event.ingested"
29+ },
30+ "Endpoint" : {
31+ "properties" : {
32+ "configuration" : {
33+ "properties" : {
34+ "isolation" : {
35+ "type" : " boolean"
36+ "null_value" : false
37+ }
38+ }
39+ },
40+ "policy" : {
41+ "properties" : {
42+ "applied" : {
43+ "properties" : {
44+ "id" : {
45+ "type" : " keyword"
46+ "ignore_above" : 1024
47+ },
48+ "name" : {
49+ "type" : " keyword"
50+ "ignore_above" : 1024
51+ },
52+ "status" : {
53+ "type" : " keyword"
54+ "ignore_above" : 1024
55+ }
56+ }
57+ }
58+ }
59+ },
60+ "state" : {
61+ "properties" : {
62+ "isolation" : {
63+ "type" : " boolean"
64+ "null_value" : false
65+ }
66+ }
67+ },
68+ "status" : {
69+ "type" : " keyword"
70+ "ignore_above" : 1024
71+ },
72+ "capabilities" : {
73+ "type" : " keyword"
74+ "ignore_above" : 128 ,
75+ "doc_values" : false
76+ }
77+ }
78+ },
79+ "agent" : {
80+ "properties" : {
81+ "id" : {
82+ "type" : " keyword"
83+ "ignore_above" : 1024
84+ },
85+ "name" : {
86+ "type" : " keyword"
87+ "ignore_above" : 1024
88+ },
89+ "type" : {
90+ "type" : " keyword"
91+ "ignore_above" : 1024
92+ },
93+ "version" : {
94+ "type" : " keyword"
95+ "ignore_above" : 1024
96+ }
97+ }
98+ },
99+ "data_stream" : {
100+ "properties" : {
101+ "dataset" : {
102+ "type" : " constant_keyword"
103+ "value" : " endpoint.metadata"
104+ },
105+ "namespace" : {
106+ "type" : " keyword"
107+ },
108+ "type" : {
109+ "type" : " constant_keyword"
110+ "value" : " metrics"
111+ }
112+ }
113+ },
114+ "ecs" : {
115+ "properties" : {
116+ "version" : {
117+ "type" : " keyword"
118+ "ignore_above" : 1024
119+ }
120+ }
121+ },
122+ "elastic" : {
123+ "properties" : {
124+ "agent" : {
125+ "properties" : {
126+ "id" : {
127+ "type" : " keyword"
128+ "ignore_above" : 1024
129+ }
130+ }
131+ }
132+ }
133+ },
134+ "event" : {
135+ "properties" : {
136+ "action" : {
137+ "ignore_above" : 1024 ,
138+ "type" : " keyword"
139+ },
140+ "category" : {
141+ "ignore_above" : 1024 ,
142+ "type" : " keyword"
143+ },
144+ "code" : {
145+ "ignore_above" : 1024 ,
146+ "type" : " keyword"
147+ },
148+ "created" : {
149+ "type" : " date"
150+ },
151+ "dataset" : {
152+ "ignore_above" : 1024 ,
153+ "type" : " keyword"
154+ },
155+ "hash" : {
156+ "ignore_above" : 1024 ,
157+ "type" : " keyword"
158+ },
159+ "id" : {
160+ "ignore_above" : 1024 ,
161+ "type" : " keyword"
162+ },
163+ "ingested" : {
164+ "type" : " date"
165+ },
166+ "kind" : {
167+ "ignore_above" : 1024 ,
168+ "type" : " keyword"
169+ },
170+ "module" : {
171+ "ignore_above" : 1024 ,
172+ "type" : " keyword"
173+ },
174+ "outcome" : {
175+ "ignore_above" : 1024 ,
176+ "type" : " keyword"
177+ },
178+ "provider" : {
179+ "ignore_above" : 1024 ,
180+ "type" : " keyword"
181+ },
182+ "sequence" : {
183+ "type" : " long"
184+ },
185+ "severity" : {
186+ "type" : " long"
187+ },
188+ "type" : {
189+ "ignore_above" : 1024 ,
190+ "type" : " keyword"
191+ }
192+ }
193+ },
194+ "host" : {
195+ "properties" : {
196+ "architecture" : {
197+ "ignore_above" : 1024 ,
198+ "type" : " keyword"
199+ },
200+ "domain" : {
201+ "ignore_above" : 1024 ,
202+ "type" : " keyword"
203+ },
204+ "hostname" : {
205+ "ignore_above" : 1024 ,
206+ "type" : " keyword"
207+ },
208+ "id" : {
209+ "ignore_above" : 1024 ,
210+ "type" : " keyword"
211+ },
212+ "ip" : {
213+ "type" : " ip"
214+ },
215+ "mac" : {
216+ "ignore_above" : 1024 ,
217+ "type" : " keyword"
218+ },
219+ "name" : {
220+ "ignore_above" : 1024 ,
221+ "type" : " keyword"
222+ },
223+ "os" : {
224+ "properties" : {
225+ "Ext" : {
226+ "properties" : {
227+ "variant" : {
228+ "ignore_above" : 1024 ,
229+ "type" : " keyword"
230+ }
231+ }
232+ },
233+ "family" : {
234+ "ignore_above" : 1024 ,
235+ "type" : " keyword"
236+ },
237+ "full" : {
238+ "fields" : {
239+ "caseless" : {
240+ "ignore_above" : 1024 ,
241+ "normalizer" : " lowercase"
242+ "type" : " keyword"
243+ },
244+ "text" : {
245+ "norms" : false ,
246+ "type" : " text"
247+ }
248+ },
249+ "ignore_above" : 1024 ,
250+ "type" : " keyword"
251+ },
252+ "kernel" : {
253+ "ignore_above" : 1024 ,
254+ "type" : " keyword"
255+ },
256+ "name" : {
257+ "fields" : {
258+ "caseless" : {
259+ "ignore_above" : 1024 ,
260+ "normalizer" : " lowercase"
261+ "type" : " keyword"
262+ },
263+ "text" : {
264+ "norms" : false ,
265+ "type" : " text"
266+ }
267+ },
268+ "ignore_above" : 1024 ,
269+ "type" : " keyword"
270+ },
271+ "platform" : {
272+ "ignore_above" : 1024 ,
273+ "type" : " keyword"
274+ },
275+ "version" : {
276+ "ignore_above" : 1024 ,
277+ "type" : " keyword"
278+ }
279+ }
280+ },
281+ "type" : {
282+ "ignore_above" : 1024 ,
283+ "type" : " keyword"
284+ },
285+ "uptime" : {
286+ "type" : " long"
287+ }
288+ }
289+ }
290+ }
291+ },
292+ "settings" : {
293+ "index" : {
294+ "codec" : " best_compression"
295+ "refresh_interval" : " 5s"
296+ "number_of_shards" : " 1"
297+ "number_of_routing_shards" : " 30"
298+ "sort.field" : [
299+ " @timestamp"
300+ " agent.id"
301+ ],
302+ "sort.order" : [
303+ " desc"
304+ " asc"
305+ ]
306+ }
307+ },
308+ "aliases" : {}
309+ }
310+ }
You can’t perform that action at this time.
0 commit comments