Skip to content

Instantly share code, notes, and snippets.

@grigorescu

grigorescu/template_bro_logs.json

Created November 5, 2013 03:52
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save grigorescu/7313599 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save grigorescu/7313599 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
template_bro_logs.json
{
"bro_logs": {
"template": "bro-*",
"settings": {
"number_of_shards": 4,
"number_of_replicas": 0,
"index.cache.field.type": "soft",
"index.refresh_interval": "30s",
"index.analysis": {
"analyzer": {
"HostnameAnalyzer": {
"type": "custom",
"tokenizer": "ReverseDotPath"
}
},
"tokenizer": {
"ReverseDotPath": {
"type": "path_hierarchy",
"delimiter": ".",
"reverse": "true",
"skip": 1
}
}
}
},
"mappings": {
"_default_": {
"_all": {"enabled": false}
},
"capture_loss": {
"_timestamp": {"type": "date", "enabled": "true", "path": "ts"},
"properties": {
"ts": {"type": "date", "format": "basic_date_time"},
"ts_delta": {"type": "float", "index": "no"},
"peer": {"type": "string", "index": "not_analyzed"},
"gaps": {"type": "long", "index": "not_analyzed"},
"acks": {"type": "long", "index": "not_analyzed"},
"percent_lost": {"type": "string", "index": "no"}
}
},
"cluster": {
"_timestamp": {"type": "date", "enabled": "true", "path": "ts"},
"properties": {
"ts": {"type": "date", "format": "basic_date_time"},
"message": {"type": "float", "index": "no"}
}
},
"communication": {
"_timestamp": {"type": "date", "enabled": "true", "path": "ts"},
"properties": {
"ts": {"type": "date", "format": "basic_date_time"},
"peer": {"type": "string", "index": "not_analyzed"},
"src_name": {"type": "string", "index": "not_analyzed"},
"connected_peer_desc": {"type": "string", "index": "not_analyzed"},
"connected_peer_addr": {"type": "string", "index": "not_analyzed"},
"connected_peer_port": {"type": "integer", "index": "not_analyzed"},
"level": {"type": "string", "index": "not_analyzed"},
"message": {"type": "string", "analyzer": "whitespace"}
}
},
"conn": {
"_timestamp": {"type": "date", "enabled": "true", "path": "ts"},
"properties": {
"ts": {"type": "date", "format": "basic_date_time"},
"uid": {"type": "string", "index": "not_analyzed"},
"id.orig_h": {"type": "ip"},
"id.orig_p": {"type": "integer", "index": "not_analyzed"},
"id.resp_h": {"type": "ip"},
"id.resp_p": {"type": "integer", "index": "not_analyzed"},
"proto": {"type": "string", "index": "not_analyzed"},
"service": {"type": "string", "index": "not_analyzed"},
"duration": {"type": "double", "index": "not_analyzed"},
"orig_bytes": {"type": "long", "index": "not_analyzed"},
"resp_bytes": {"type": "long", "index": "not_analyzed"},
"conn_state": {"type": "string", "index": "not_analyzed"},
"local_orig": {"type": "boolean", "index": "not_analyzed"},
"missed_bytes": {"type": "long", "index": "not_analyzed"},
"history": {"type": "string", "index": "not_analyzed"},
"orig_pkts": {"type": "long", "index": "not_analyzed"},
"orig_ip_bytes": {"type": "long", "index": "not_analyzed"},
"resp_pkts": {"type": "long", "index": "not_analyzed"},
"resp_ip_bytes": {"type": "long", "index": "not_analyzed"},
"orig_cc": {"type": "string", "index": "not_analyzed"},
"resp_cc": {"type": "string", "index": "not_analyzed"}
}
},
"dhcp": {
"_timestamp": {"type": "date", "enabled": "true", "path": "ts"},
"properties": {
"ts": {"type": "date", "format": "basic_date_time"},
"uid": {"type": "string", "index": "not_analyzed"},
"id.orig_h": {"type": "ip"},
"id.orig_p": {"type": "integer", "index": "not_analyzed"},
"id.resp_h": {"type": "ip"},
"id.resp_p": {"type": "integer", "index": "not_analyzed"},
"mac": {"type": "string", "index": "not_analyzed"},
"assigned_ip": {"type": "ip"},
"lease_time": {"type": "float", "index": "not_analyzed"},
"trans_id": {"type": "long", "index": "not_analyzed"}
}
},
"dns": {
"_timestamp": {"type": "date", "enabled": "true", "path": "ts"},
"properties": {
"ts": {"type": "date", "format": "basic_date_time"},
"uid": {"type": "string", "index": "not_analyzed"},
"id.orig_h": {"type": "ip"},
"id.orig_p": {"type": "integer", "index": "not_analyzed"},
"id.resp_h": {"type": "ip"},
"id.resp_p": {"type": "integer", "index": "not_analyzed"},
"proto": {"type": "string", "index": "not_analyzed"},
"trans_id": {"type": "long", "index": "not_analyzed"},
"query": {"type": "string", "analyzer": "HostnameAnalyzer"},
"qclass": {"type": "integer", "index": "not_analyzed"},
"qclass_name": {"type": "string", "index": "not_analyzed"},
"qtype": {"type": "integer", "index": "not_analyzed"},
"qtype_name": {"type": "string", "index": "not_analyzed"},
"rcode": {"type": "integer", "index": "not_analyzed"},
"rcode_name": {"type": "string", "index": "not_analyzed"},
"AA": {"type": "boolean", "index": "not_analyzed"},
"TC": {"type": "boolean", "index": "not_analyzed"},
"RD": {"type": "boolean", "index": "not_analyzed"},
"RA": {"type": "boolean", "index": "not_analyzed"},
"Z": {"type": "boolean", "index": "not_analyzed"},
"answers": {"type": "string", "analyzer": "HostnameAnalyzer"},
"TTLs": {"type": "long", "index": "not_analyzed"}
}
},
"dpd": {
"_timestamp": {"type": "date", "enabled": "true", "path": "ts"},
"properties": {
"ts": {"type": "date", "format": "basic_date_time"},
"uid": {"type": "string", "index": "not_analyzed"},
"id.orig_h": {"type": "ip"},
"id.orig_p": {"type": "integer", "index": "not_analyzed"},
"id.resp_h": {"type": "ip"},
"id.resp_p": {"type": "integer", "index": "not_analyzed"},
"proto": {"type": "string", "index": "not_analyzed"},
"analyzer": {"type": "string", "index": "not_analyzed"},
"failure_reason": {"type": "string", "index": "no"}
}
},
"ftp": {
"_timestamp": {"type": "date", "enabled": "true", "path": "ts"},
"properties": {
"ts": {"type": "date", "format": "basic_date_time"},
"uid": {"type": "string", "index": "not_analyzed"},
"id.orig_h": {"type": "ip"},
"id.orig_p": {"type": "integer", "index": "not_analyzed"},
"id.resp_h": {"type": "ip"},
"id.resp_p": {"type": "integer", "index": "not_analyzed"},
"user": {"type": "string", "index": "not_analyzed"},
"password": {"type": "string", "index": "not_analyzed"},
"command": {"type": "string", "index": "not_analyzed"},
"arg": {"type": "string", "analyzer": "simple"},
"mime_type": {"type": "string", "analyzer": "simple"},
"mime_desc": {"type": "string", "index": "not_analyzed"},
"file_size": {"type": "long", "index": "not_analyzed"},
"reply_code": {"type": "integer", "index": "not_analyzed"},
"reply_msg": {"type": "string", "index": "not_analyzed"},
"tags": {"type": "string", "index": "not_analyzed"},
"cwd": {"type": "string", "analyzer": "simple"},
"cmdarg": {"type": "string", "index": "not_analyzed"},
"passive": {"type": "boolean", "index": "not_analyzed"}
}
},
"http": {
"_timestamp": {"type": "date", "enabled": "true", "path": "ts"},
"properties": {
"ts": {"type": "date", "format": "basic_date_time"},
"uid": {"type": "string", "index": "not_analyzed"},
"id.orig_h": {"type": "ip"},
"id.orig_p": {"type": "integer", "index": "not_analyzed"},
"id.resp_h": {"type": "ip"},
"id.resp_p": {"type": "integer", "index": "not_analyzed"},
"trans_depth": {"type": "integer", "index": "not_analyzed"},
"method": {"type": "string", "index": "not_analyzed"},
"host": {"type": "string", "analyzer": "HostnameAnalyzer"},
"uri": {"type": "string", "analyzer": "simple"},
"referrer": {"type": "string", "analyzer": "simple"},
"user_agent": {"type": "string", "analyzer": "simple"},
"request_body_len": {"type": "long", "index": "not_analyzed"},
"response_body_len": {"type": "long", "index": "not_analyzed"},
"status_code": {"type": "integer", "index": "not_analyzed"},
"status_msg": {"type": "string", "index": "not_analyzed"},
"info_code": {"type": "integer", "index": "not_analyzed"},
"info_msg": {"type": "string", "index": "not_analyzed"},
"filename": {"type": "string", "index": "not_analyzed"},
"tags": {"type": "string", "index": "not_analyzed"},
"username": {"type": "string", "index": "not_analyzed"},
"password": {"type": "string", "index": "not_analyzed"},
"proxied": {"type": "boolean", "index": "not_analyzed"}
}
},
"irc": {
"_timestamp": {"type": "date", "enabled": "true", "path": "ts"},
"properties": {
"ts": {"type": "date", "format": "basic_date_time"},
"uid": {"type": "string", "index": "not_analyzed"},
"id.orig_h": {"type": "ip"},
"id.orig_p": {"type": "integer", "index": "not_analyzed"},
"id.resp_h": {"type": "ip"},
"id.resp_p": {"type": "integer", "index": "not_analyzed"},
"nick": {"type": "string", "index": "not_analyzed"},
"user": {"type": "string", "index": "not_analyzed"},
"command": {"type": "string", "index": "not_analyzed"},
"value": {"type": "string", "analyzer": "simple"},
"addl": {"type": "string", "analyzer": "simple"}
}
},
"known_certs": {
"_timestamp": {"type": "date", "enabled": "true", "path": "ts"},
"properties": {
"ts": {"type": "date", "format": "basic_date_time"},
"host": {"type": "ip"},
"port_num": {"type": "integer", "index": "not_analyzed"},
"subject": {"type": "string", "analyzer": "simple"},
"issuer_subject": {"type": "string", "analyzer": "simple"},
"serial": {"type": "string", "index": "not_analyzed"}
}
},
"known_hosts": {
"_timestamp": {"type": "date", "enabled": "true", "path": "ts"},
"properties": {
"ts": {"type": "date", "format": "basic_date_time"},
"host": {"type": "ip"}
}
},
"known_services": {
"_timestamp": {"type": "date", "enabled": "true", "path": "ts"},
"properties": {
"ts": {"type": "date", "format": "basic_date_time"},
"host": {"type": "ip"},
"port_num": {"type": "integer", "index": "not_analyzed"},
"port_proto": {"type": "string", "index": "not_analyzed"},
"service": {"type": "string", "index": "not_analyzed"}
}
},
"intel": {
"_timestamp": {"type": "date", "enabled": "true", "path": "ts"},
"properties": {
"ts": {"type": "date", "format": "basic_date_time"},
"uid": {"type": "string", "index": "not_analyzed"},
"id.orig_h": {"type": "ip"},
"id.orig_p": {"type": "integer", "index": "not_analyzed"},
"id.resp_h": {"type": "ip"},
"id.resp_p": {"type": "integer", "index": "not_analyzed"},
"seen.host": {"type": "ip"},
"seen.where": {"type": "string", "analyzer": "simple"},
"sources": {"type": "string", "index": "not_analyzed"}
}
},
"loaded_scripts": {
"properties": {
"name": {"type": "string", "index": "not_analyzed"}
}
},
"modbus": {
"_timestamp": {"type": "date", "enabled": "true", "path": "ts"},
"properties": {
"ts": {"type": "date", "format": "basic_date_time"},
"uid": {"type": "string", "index": "not_analyzed"},
"id.orig_h": {"type": "ip"},
"id.orig_p": {"type": "integer", "index": "not_analyzed"},
"id.resp_h": {"type": "ip"},
"id.resp_p": {"type": "integer", "index": "not_analyzed"},
"func": {"type": "string", "index": "not_analyzed"},
"exception": {"type": "string", "index": "not_analyzed"}
}
},
"notice": {
"_timestamp": {"type": "date", "enabled": "true", "path": "ts"},
"properties": {
"ts": {"type": "date", "format": "basic_date_time"},
"uid": {"type": "string", "index": "not_analyzed"},
"id.orig_h": {"type": "ip"},
"id.orig_p": {"type": "integer", "index": "not_analyzed"},
"id.resp_h": {"type": "ip"},
"id.resp_p": {"type": "integer", "index": "not_analyzed"},
"proto": {"type": "string", "index": "not_analyzed"},
"note": {"type": "string", "analyzer": "simple"},
"msg": {"type": "string", "analyzer": "simple"},
"sub": {"type": "string", "analyzer": "simple"},
"src": {"type": "ip"},
"dst": {"type": "ip"},
"p": {"type": "integer", "index": "not_analyzed"},
"n": {"type": "integer", "index": "not_analyzed"},
"src_peer": {"type": "ip"},
"peer_descr": {"type": "string", "index": "not_analyzed"},
"actions": {"type": "string", "analyzer": "simple"},
"suppress_for": {"type": "double", "index": "not_analyzed"}
}
},
"notice_alarm": {
"_timestamp": {"type": "date", "enabled": "true", "path": "ts"},
"properties": {
"ts": {"type": "date", "format": "basic_date_time"},
"uid": {"type": "string", "index": "not_analyzed"},
"id.orig_h": {"type": "ip"},
"id.orig_p": {"type": "integer", "index": "not_analyzed"},
"id.resp_h": {"type": "ip"},
"id.resp_p": {"type": "integer", "index": "not_analyzed"},
"proto": {"type": "string", "index": "not_analyzed"},
"note": {"type": "string", "analyzer": "simple"},
"msg": {"type": "string", "analyzer": "simple"},
"sub": {"type": "string", "analyzer": "simple"},
"src": {"type": "ip"},
"dst": {"type": "ip"},
"p": {"type": "integer", "index": "not_analyzed"},
"n": {"type": "integer", "index": "not_analyzed"},
"src_peer": {"type": "ip"},
"peer_descr": {"type": "string", "index": "not_analyzed"},
"actions": {"type": "string", "analyzer": "simple"},
"suppress_for": {"type": "double", "index": "not_analyzed"}
}
},
"packet_filter": {
"_timestamp": {"type": "date", "enabled": "true", "path": "ts"},
"properties": {
"ts": {"type": "date", "format": "basic_date_time"},
"node": {"type": "ip"},
"filter": {"type": "string", "analyzer": "simple"},
"init": {"type": "boolean", "index": "not_analyzed"},
"success": {"type": "boolean", "index": "not_analyzed"}
}
},
"reporter": {
"_timestamp": {"type": "date", "enabled": "true", "path": "ts"},
"properties": {
"ts": {"type": "date", "format": "basic_date_time"},
"level": {"type": "string", "analyzer": "simple"},
"message": {"type": "string", "analyzer": "simple"},
"location": {"type": "string", "analyzer": "simple"}
}
},
"signatures": {
"_timestamp": {"type": "date", "enabled": "true", "path": "ts"},
"properties": {
"ts": {"type": "date", "format": "basic_date_time"},
"src_addr": {"type": "ip"},
"src_port": {"type": "integer", "index": "not_analyzed"},
"dst_addr": {"type": "ip"},
"dst_port": {"type": "integer", "index": "not_analyzed"},
"note": {"type": "string", "analyzer": "simple"},
"sig_id": {"type": "string", "index": "not_analyzed"},
"event_msg": {"type": "string", "analyzer": "simple"},
"sub_msg": {"type": "string", "analyzer": "simple"},
"sig_count": {"type": "long", "index": "not_analyzed"},
"host_count": {"type": "long", "index": "not_analyzed"}
}
},
"smtp": {
"_timestamp": {"type": "date", "enabled": "true", "path": "ts"},
"properties": {
"ts": {"type": "date", "format": "basic_date_time"},
"uid": {"type": "string", "index": "not_analyzed"},
"id.orig_h": {"type": "ip"},
"id.orig_p": {"type": "integer", "index": "not_analyzed"},
"id.resp_h": {"type": "ip"},
"id.resp_p": {"type": "integer", "index": "not_analyzed"},
"trans_depth": {"type": "integer", "index": "not_analyzed"},
"helo": {"type": "string", "analyzer": "HostnameAnalyzer"},
"mailfrom": {"type": "string", "analyzer": "simple"},
"rcptto": {"type": "string", "analyzer": "simple"},
"date": {"type": "string", "index": "not_analyzed"},
"from": {"type": "string", "analyzer": "simple"},
"to": {"type": "string", "analyzer": "simple"},
"reply_to": {"type": "string", "analyzer": "simple"},
"msg_id": {"type": "string", "index": "not_analyzed"},
"in_reply_to": {"type": "string", "index": "not_analyzed"},
"subject": {"type": "string", "analyzer": "simple"},
"x_originating_ip": {"type": "ip"},
"first_received": {"type": "string", "index": "not_analyzed"},
"second_received": {"type": "string", "analyzer": "simple"},
"last_reply": {"type": "string", "analyzer": "simple"},
"path": {"type": "ip"},
"user_agent": {"type": "string", "index": "not_analyzed"}
}
},
"smtp_entities": {
"_timestamp": {"type": "date", "enabled": "true", "path": "ts"},
"properties": {
"ts": {"type": "date", "format": "basic_date_time"},
"uid": {"type": "string", "index": "not_analyzed"},
"id.orig_h": {"type": "ip"},
"id.orig_p": {"type": "integer", "index": "not_analyzed"},
"id.resp_h": {"type": "ip"},
"id.resp_p": {"type": "integer", "index": "not_analyzed"},
"trans_depth": {"type": "integer", "index": "not_analyzed"},
"filename": {"type": "string", "index": "not_analyzed"},
"content_len": {"type": "long", "index": "not_analyzed"},
"mime_type": {"type": "string", "analyzer": "simple"},
"md5": {"type": "string", "index": "not_analyzed"},
"calc_md5": {"type": "boolean", "index": "not_analyzed"},
"extract_file": {"type": "boolean", "index": "not_analyzed"},
"file": {"type": "string", "index": "not_analyzed"}
}
},
"sip" : {
"_timestamp": {"type": "date", "enabled": "true", "path": "ts"},
"properties": {
"ts": {"type": "date", "format": "basic_date_time"},
"uid": {"type": "string", "index": "not_analyzed"},
"id.orig_h": {"type": "ip"},
"id.orig_p": {"type": "integer", "index": "not_analyzed"},
"id.resp_h": {"type": "ip"},
"id.resp_p": {"type": "integer", "index": "not_analyzed"},
"trans_depth": {"type": "integer", "index": "not_analyzed"},
"method": {"type": "string", "index": "not_analyzed"},
"from": {"type": "string", "analyzer": "simple"},
"to": {"type": "string", "analyzer": "simple"},
"call_id": {"type": "string", "index": "not_analyzed"},
"seq": {"type": "string", "index": "not_analyzed"},
"path": {"type": "string", "analyzer": "simple"},
"user_agent": {"type": "string", "index": "not_analyzed"},
"request_body_len": {"type": "long", "index": "not_analyzed"},
"response_body_len": {"type": "long", "index": "not_analyzed"}
},
"socks": {
"_timestamp": {"type": "date", "enabled": "true", "path": "ts"},
"properties": {
"ts": {"type": "date", "format": "basic_date_time"},
"uid": {"type": "string", "index": "not_analyzed"},
"id.orig_h": {"type": "ip"},
"id.orig_p": {"type": "integer", "index": "not_analyzed"},
"id.resp_h": {"type": "ip"},
"id.resp_p": {"type": "integer", "index": "not_analyzed"},
"version": {"type": "integer", "index": "not_analyzed"},
"user": {"type": "string", "index": "not_analyzed"},
"status": {"type": "string", "index": "not_analyzed"},
"request": {"type": "string", "index": "not_analyzed"},
"request_p": {"type": "integer", "index": "not_analyzed"},
"bound": {"type": "string", "index": "not_analyzed"},
"bound_p": {"type": "integer", "index": "not_analyzed"}
}
},
"software": {
"_timestamp": {"type": "date", "enabled": "true", "path": "ts"},
"properties": {
"ts": {"type": "date", "format": "basic_date_time"},
"uid": {"type": "string", "index": "not_analyzed"},
"host": {"type": "ip"},
"host_p": {"type": "integer", "index": "not_analyzed"},
"software_type": {"type": "string", "analyzer": "simple"},
"name": {"type": "string", "analyzer": "simple"},
"version": {"type": "string", "index": "not_analyzed"},
"version.major": {"type": "string", "index": "not_analyzed"},
"version.minor": {"type": "string", "index": "not_analyzed"},
"version.minor2": {"type": "string", "index": "not_analyzed"},
"unparsed_version": {"type": "string", "analyzer": "simple"},
"url": {"type": "string", "analyzer": "simple"}
}
},
"ssh": {
"_timestamp": {"type": "date", "enabled": "true", "path": "ts"},
"properties": {
"ts": {"type": "date", "format": "basic_date_time"},
"uid": {"type": "string", "index": "not_analyzed"},
"id.orig_h": {"type": "ip"},
"id.orig_p": {"type": "integer", "index": "not_analyzed"},
"id.resp_h": {"type": "ip"},
"id.resp_p": {"type": "integer", "index": "not_analyzed"},
"status": {"type": "string", "index": "not_analyzed"},
"direction": {"type": "string", "index": "not_analyzed"},
"client": {"type": "string", "analyzer": "simple"},
"server": {"type": "string", "analyzer": "simple"},
"resp_size": {"type": "long", "index": "not_analyzed"}
}
},
"ssl": {
"_timestamp": {"type": "date", "enabled": "true", "path": "ts"},
"properties": {
"ts": {"type": "date", "format": "basic_date_time"},
"uid": {"type": "string", "index": "not_analyzed"},
"id.orig_h": {"type": "ip"},
"id.orig_p": {"type": "integer", "index": "not_analyzed"},
"id.resp_h": {"type": "ip"},
"id.resp_p": {"type": "integer", "index": "not_analyzed"},
"version": {"type": "string", "index": "not_analyzed"},
"cipher": {"type": "string", "index": "not_analyzed"},
"server_name": {"type": "string", "index": "not_analyzed"},
"session_id": {"type": "string", "index": "not_analyzed"},
"subject": {"type": "string", "analyzer": "simple"},
"issuer_subject": {"type": "string", "analyzer": "simple"},
"not_valid_before": {"type": "date", "format": "basic_date_time"},
"not_valid_after": {"type": "date", "format": "basic_date_time"},
"cert_hash": {"type": "string", "index": "not_analyzed"},
"validation_status": {"type": "string", "index": "not_analyzed"}
}
},
"stats": {
"_timestamp": {"type": "date", "enabled": "true", "path": "ts"},
"properties": {
"ts": {"type": "date", "format": "basic_date_time"},
"peer": {"type": "string", "index": "not_analzyed"},
"mem": {"type": "long", "index": "not_analyzed"},
"pkts_proc": {"type": "long", "index": "not_analyzed"},
"events_proc": {"type": "long", "index": "not_analyzed"},
"events_queued": {"type": "long", "index": "not_analyzed"},
"lag": {"type": "float", "index": "not_analyzed"},
"pkts_recv": {"type": "long", "index": "not_analyzed"},
"pkts_dropped": {"type": "long", "index": "not_analyzed"},
"pkts_link": {"type": "long", "index": "not_analyzed"}
}
},
"syslog": {
"_timestamp": {"type": "date", "enabled": "true", "path": "ts"},
"properties": {
"ts": {"type": "date", "format": "basic_date_time"},
"uid": {"type": "string", "index": "not_analyzed"},
"id.orig_h": {"type": "ip"},
"id.orig_p": {"type": "integer", "index": "not_analyzed"},
"id.resp_h": {"type": "ip"},
"id.resp_p": {"type": "integer", "index": "not_analyzed"},
"proto": {"type": "string", "index": "not_analyzed"},
"facility": {"type": "string", "index": "not_analyzed"},
"severity": {"type": "string", "index": "not_analyzed"},
"message": {"type": "string", "analyzer": "simple"}
}
},
"tunnel": {
"_timestamp": {"type": "date", "enabled": "true", "path": "ts"},
"properties": {
"ts": {"type": "date", "format": "basic_date_time"},
"uid": {"type": "string", "index": "not_analyzed"},
"id.orig_h": {"type": "ip"},
"id.orig_p": {"type": "integer", "index": "not_analyzed"},
"id.resp_h": {"type": "ip"},
"id.resp_p": {"type": "integer", "index": "not_analyzed"},
"tunnel_type": {"type": "string", "analyzer": "simple"},
"action": {"type": "string", "analyzer": "simple"}
}
},
"weird": {
"_timestamp": {"type": "date", "enabled": "true", "path": "ts"},
"properties": {
"ts": {"type": "date", "format": "basic_date_time"},
"uid": {"type": "string", "index": "not_analyzed"},
"id.orig_h": {"type": "ip"},
"id.orig_p": {"type": "integer", "index": "not_analyzed"},
"id.resp_h": {"type": "ip"},
"id.resp_p": {"type": "integer", "index": "not_analyzed"},
"name": {"type": "string", "index": "not_analyzed"},
"addl": {"type": "string", "index": "not_analyzed"},
"notice": {"type": "boolean", "index": "not_analyzed"},
"peer": {"type": "string", "index": "not_analyzed"}
}
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment