{
+ bottomMarker.focus();
+ // The anchor tag is not technically empty (it's a hack to make Safari scroll)
+ // so the browser will show a highlight: remove the focus once scrolled
+ $timeout(() => {
+ bottomMarker.blur();
+ }, 0);
+ }, 0);
+ };
+
$scope.newQuery = function () {
history.push('/');
};
@@ -1007,17 +1023,6 @@ function discoverController(
$window.scrollTo(0, 0);
};
- $scope.scrollToBottom = function () {
- // delay scrolling to after the rows have been rendered
- $timeout(() => {
- $element.find('#discoverBottomMarker').focus();
- }, 0);
- };
-
- $scope.showAllRows = function () {
- $scope.minimumVisibleRows = $scope.hits;
- };
-
async function setupVisualization() {
// If no timefield has been specified we don't create a histogram of messages
if (!getTimeField()) return;
diff --git a/src/plugins/discover/public/application/components/skip_bottom_button/index.ts b/src/plugins/discover/public/application/components/skip_bottom_button/index.ts
new file mode 100644
index 0000000000000..2feaa35e0d61f
--- /dev/null
+++ b/src/plugins/discover/public/application/components/skip_bottom_button/index.ts
@@ -0,0 +1,21 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+export { SkipBottomButton } from './skip_bottom_button';
+export { createSkipBottomButtonDirective } from './skip_bottom_button_directive';
diff --git a/src/plugins/discover/public/application/components/skip_bottom_button/skip_bottom_button.test.tsx b/src/plugins/discover/public/application/components/skip_bottom_button/skip_bottom_button.test.tsx
new file mode 100644
index 0000000000000..bf417f9f1890b
--- /dev/null
+++ b/src/plugins/discover/public/application/components/skip_bottom_button/skip_bottom_button.test.tsx
@@ -0,0 +1,41 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+import React from 'react';
+import { mountWithIntl } from 'test_utils/enzyme_helpers';
+import { ReactWrapper } from 'enzyme';
+import { SkipBottomButton, SkipBottomButtonProps } from './skip_bottom_button';
+// @ts-ignore
+import { findTestSubject } from '@elastic/eui/lib/test';
+
+describe('Skip to Bottom Button', function () {
+ let props: SkipBottomButtonProps;
+ let component: ReactWrapper
;
+
+ beforeAll(() => {
+ props = {
+ onClick: jest.fn(),
+ };
+ });
+
+ it('should be clickable', function () {
+ component = mountWithIntl();
+ component.simulate('click');
+ expect(props.onClick).toHaveBeenCalled();
+ });
+});
diff --git a/src/plugins/discover/public/application/components/skip_bottom_button/skip_bottom_button.tsx b/src/plugins/discover/public/application/components/skip_bottom_button/skip_bottom_button.tsx
new file mode 100644
index 0000000000000..ccf05ca031a8d
--- /dev/null
+++ b/src/plugins/discover/public/application/components/skip_bottom_button/skip_bottom_button.tsx
@@ -0,0 +1,53 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+import React from 'react';
+import { EuiSkipLink } from '@elastic/eui';
+import { FormattedMessage, I18nProvider } from '@kbn/i18n/react';
+
+export interface SkipBottomButtonProps {
+ /**
+ * Action to perform on click
+ */
+ onClick: () => void;
+}
+
+export function SkipBottomButton({ onClick }: SkipBottomButtonProps) {
+ return (
+
+ {
+ // prevent the anchor to reload the page on click
+ event.preventDefault();
+ // The destinationId prop cannot be leveraged here as the table needs
+ // to be updated first (angular logic)
+ onClick();
+ }}
+ className="dscSkipButton"
+ destinationId=""
+ >
+
+
+
+ );
+}
diff --git a/src/plugins/discover/public/application/components/skip_bottom_button/skip_bottom_button_directive.ts b/src/plugins/discover/public/application/components/skip_bottom_button/skip_bottom_button_directive.ts
new file mode 100644
index 0000000000000..27f17b25fd447
--- /dev/null
+++ b/src/plugins/discover/public/application/components/skip_bottom_button/skip_bottom_button_directive.ts
@@ -0,0 +1,23 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+import { SkipBottomButton } from './skip_bottom_button';
+
+export function createSkipBottomButtonDirective(reactDirective: any) {
+ return reactDirective(SkipBottomButton, [['onClick', { watchDepth: 'reference' }]]);
+}
diff --git a/src/plugins/discover/public/get_inner_angular.ts b/src/plugins/discover/public/get_inner_angular.ts
index 2b4705645cfcc..05513eef93624 100644
--- a/src/plugins/discover/public/get_inner_angular.ts
+++ b/src/plugins/discover/public/get_inner_angular.ts
@@ -63,6 +63,7 @@ import { createLoadingSpinnerDirective } from '././application/components/loadin
import { createTimechartHeaderDirective } from './application/components/timechart_header';
import { DiscoverStartPlugins } from './plugin';
import { getScopedHistory } from './kibana_services';
+import { createSkipBottomButtonDirective } from './application/components/skip_bottom_button';
/**
* returns the main inner angular module, it contains all the parts of Angular Discover
@@ -155,6 +156,7 @@ export function initializeInnerAngularModule(
.directive('fixedScroll', FixedScrollProvider)
.directive('renderComplete', createRenderCompleteDirective)
.directive('discoverSidebar', createDiscoverSidebarDirective)
+ .directive('skipBottomButton', createSkipBottomButtonDirective)
.directive('hitsCounter', createHitsCounterDirective)
.directive('loadingSpinner', createLoadingSpinnerDirective)
.directive('timechartHeader', createTimechartHeaderDirective)
diff --git a/src/plugins/telemetry/server/telemetry_collection/__tests__/get_local_stats.js b/src/plugins/telemetry/server/telemetry_collection/__tests__/get_local_stats.js
index 29076537e9ae8..e78b92498e6e7 100644
--- a/src/plugins/telemetry/server/telemetry_collection/__tests__/get_local_stats.js
+++ b/src/plugins/telemetry/server/telemetry_collection/__tests__/get_local_stats.js
@@ -19,11 +19,12 @@
import expect from '@kbn/expect';
import sinon from 'sinon';
+import { merge, omit } from 'lodash';
+import { TIMEOUT } from '../constants';
import { mockGetClusterInfo } from './get_cluster_info';
import { mockGetClusterStats } from './get_cluster_stats';
-import { omit } from 'lodash';
import { getLocalStats, handleLocalStats } from '../get_local_stats';
const mockUsageCollection = (kibanaUsage = {}) => ({
@@ -51,10 +52,26 @@ const getMockServer = (getCluster = sinon.stub()) => ({
elasticsearch: { getCluster },
},
});
+function mockGetNodesUsage(callCluster, nodesUsage, req) {
+ callCluster
+ .withArgs(
+ req,
+ {
+ method: 'GET',
+ path: '/_nodes/usage',
+ query: {
+ timeout: TIMEOUT,
+ },
+ },
+ 'transport.request'
+ )
+ .returns(nodesUsage);
+}
-function mockGetLocalStats(callCluster, clusterInfo, clusterStats, req) {
+function mockGetLocalStats(callCluster, clusterInfo, clusterStats, nodesUsage, req) {
mockGetClusterInfo(callCluster, clusterInfo, req);
mockGetClusterStats(callCluster, clusterStats, req);
+ mockGetNodesUsage(callCluster, nodesUsage, req);
}
describe('get_local_stats', () => {
@@ -68,6 +85,28 @@ describe('get_local_stats', () => {
number: version,
},
};
+ const nodesUsage = [
+ {
+ node_id: 'some_node_id',
+ timestamp: 1588617023177,
+ since: 1588616945163,
+ rest_actions: {
+ nodes_usage_action: 1,
+ create_index_action: 1,
+ document_get_action: 1,
+ search_action: 19,
+ nodes_info_action: 36,
+ },
+ aggregations: {
+ terms: {
+ bytes: 2,
+ },
+ scripted_metric: {
+ other: 7,
+ },
+ },
+ },
+ ];
const clusterStats = {
_nodes: { failed: 123 },
cluster_name: 'real-cool',
@@ -75,6 +114,7 @@ describe('get_local_stats', () => {
nodes: { yup: 'abc' },
random: 123,
};
+
const kibana = {
kibana: {
great: 'googlymoogly',
@@ -97,12 +137,16 @@ describe('get_local_stats', () => {
snow: { chances: 0 },
};
+ const clusterStatsWithNodesUsage = {
+ ...clusterStats,
+ nodes: merge(clusterStats.nodes, { usage: nodesUsage }),
+ };
const combinedStatsResult = {
collection: 'local',
cluster_uuid: clusterUuid,
cluster_name: clusterName,
version,
- cluster_stats: omit(clusterStats, '_nodes', 'cluster_name'),
+ cluster_stats: omit(clusterStatsWithNodesUsage, '_nodes', 'cluster_name'),
stack_stats: {
kibana: {
great: 'googlymoogly',
@@ -135,7 +179,7 @@ describe('get_local_stats', () => {
describe('handleLocalStats', () => {
it('returns expected object without xpack and kibana data', () => {
- const result = handleLocalStats(clusterInfo, clusterStats, void 0, context);
+ const result = handleLocalStats(clusterInfo, clusterStatsWithNodesUsage, void 0, context);
expect(result.cluster_uuid).to.eql(combinedStatsResult.cluster_uuid);
expect(result.cluster_name).to.eql(combinedStatsResult.cluster_name);
expect(result.cluster_stats).to.eql(combinedStatsResult.cluster_stats);
@@ -146,7 +190,7 @@ describe('get_local_stats', () => {
});
it('returns expected object with xpack', () => {
- const result = handleLocalStats(clusterInfo, clusterStats, void 0, context);
+ const result = handleLocalStats(clusterInfo, clusterStatsWithNodesUsage, void 0, context);
const { stack_stats: stack, ...cluster } = result;
expect(cluster.collection).to.be(combinedStatsResult.collection);
expect(cluster.cluster_uuid).to.be(combinedStatsResult.cluster_uuid);
@@ -167,7 +211,8 @@ describe('get_local_stats', () => {
mockGetLocalStats(
callClusterUsageFailed,
Promise.resolve(clusterInfo),
- Promise.resolve(clusterStats)
+ Promise.resolve(clusterStats),
+ Promise.resolve(nodesUsage)
);
const result = await getLocalStats([], {
server: getMockServer(),
@@ -177,6 +222,7 @@ describe('get_local_stats', () => {
expect(result.cluster_uuid).to.eql(combinedStatsResult.cluster_uuid);
expect(result.cluster_name).to.eql(combinedStatsResult.cluster_name);
expect(result.cluster_stats).to.eql(combinedStatsResult.cluster_stats);
+ expect(result.cluster_stats.nodes).to.eql(combinedStatsResult.cluster_stats.nodes);
expect(result.version).to.be('2.3.4');
expect(result.collection).to.be('local');
@@ -188,7 +234,12 @@ describe('get_local_stats', () => {
it('returns expected object with xpack and kibana data', async () => {
const callCluster = sinon.stub();
const usageCollection = mockUsageCollection(kibana);
- mockGetLocalStats(callCluster, Promise.resolve(clusterInfo), Promise.resolve(clusterStats));
+ mockGetLocalStats(
+ callCluster,
+ Promise.resolve(clusterInfo),
+ Promise.resolve(clusterStats),
+ Promise.resolve(nodesUsage)
+ );
const result = await getLocalStats([], {
server: getMockServer(callCluster),
diff --git a/src/plugins/telemetry/server/telemetry_collection/get_local_stats.ts b/src/plugins/telemetry/server/telemetry_collection/get_local_stats.ts
index b77d01c5b431f..b42edde2f55ca 100644
--- a/src/plugins/telemetry/server/telemetry_collection/get_local_stats.ts
+++ b/src/plugins/telemetry/server/telemetry_collection/get_local_stats.ts
@@ -24,6 +24,7 @@ import {
import { getClusterInfo, ESClusterInfo } from './get_cluster_info';
import { getClusterStats } from './get_cluster_stats';
import { getKibana, handleKibanaStats, KibanaUsageStats } from './get_kibana';
+import { getNodesUsage } from './get_nodes_usage';
/**
* Handle the separate local calls by combining them into a single object response that looks like the
@@ -67,12 +68,21 @@ export const getLocalStats: StatsGetter<{}, TelemetryLocalStats> = async (
return await Promise.all(
clustersDetails.map(async (clustersDetail) => {
- const [clusterInfo, clusterStats, kibana] = await Promise.all([
+ const [clusterInfo, clusterStats, nodesUsage, kibana] = await Promise.all([
getClusterInfo(callCluster), // cluster info
getClusterStats(callCluster), // cluster stats (not to be confused with cluster _state_)
+ getNodesUsage(callCluster), // nodes_usage info
getKibana(usageCollection, callCluster),
]);
- return handleLocalStats(clusterInfo, clusterStats, kibana, context);
+ return handleLocalStats(
+ clusterInfo,
+ {
+ ...clusterStats,
+ nodes: { ...clusterStats.nodes, usage: nodesUsage },
+ },
+ kibana,
+ context
+ );
})
);
};
diff --git a/src/plugins/telemetry/server/telemetry_collection/get_nodes_usage.test.ts b/src/plugins/telemetry/server/telemetry_collection/get_nodes_usage.test.ts
new file mode 100644
index 0000000000000..4e4b0e11b7979
--- /dev/null
+++ b/src/plugins/telemetry/server/telemetry_collection/get_nodes_usage.test.ts
@@ -0,0 +1,80 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import { getNodesUsage } from './get_nodes_usage';
+import { TIMEOUT } from './constants';
+
+const mockedNodesFetchResponse = {
+ cluster_name: 'test cluster',
+ nodes: {
+ some_node_id: {
+ timestamp: 1588617023177,
+ since: 1588616945163,
+ rest_actions: {
+ nodes_usage_action: 1,
+ create_index_action: 1,
+ document_get_action: 1,
+ search_action: 19,
+ nodes_info_action: 36,
+ },
+ aggregations: {
+ terms: {
+ bytes: 2,
+ },
+ scripted_metric: {
+ other: 7,
+ },
+ },
+ },
+ },
+};
+describe('get_nodes_usage', () => {
+ it('calls fetchNodesUsage', async () => {
+ const callCluster = jest.fn();
+ callCluster.mockResolvedValueOnce(mockedNodesFetchResponse);
+ await getNodesUsage(callCluster);
+ expect(callCluster).toHaveBeenCalledWith('transport.request', {
+ path: '/_nodes/usage',
+ method: 'GET',
+ query: {
+ timeout: TIMEOUT,
+ },
+ });
+ });
+ it('returns a modified array of node usage data', async () => {
+ const callCluster = jest.fn();
+ callCluster.mockResolvedValueOnce(mockedNodesFetchResponse);
+ const result = await getNodesUsage(callCluster);
+ expect(result.nodes).toEqual([
+ {
+ aggregations: { scripted_metric: { other: 7 }, terms: { bytes: 2 } },
+ node_id: 'some_node_id',
+ rest_actions: {
+ create_index_action: 1,
+ document_get_action: 1,
+ nodes_info_action: 36,
+ nodes_usage_action: 1,
+ search_action: 19,
+ },
+ since: 1588616945163,
+ timestamp: 1588617023177,
+ },
+ ]);
+ });
+});
diff --git a/src/plugins/telemetry/server/telemetry_collection/get_nodes_usage.ts b/src/plugins/telemetry/server/telemetry_collection/get_nodes_usage.ts
new file mode 100644
index 0000000000000..c5c110fbb4149
--- /dev/null
+++ b/src/plugins/telemetry/server/telemetry_collection/get_nodes_usage.ts
@@ -0,0 +1,81 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+import { LegacyAPICaller } from 'kibana/server';
+import { TIMEOUT } from './constants';
+
+export interface NodeAggregation {
+ [key: string]: number;
+}
+
+// we set aggregations as an optional type because it was only added in v7.8.0
+export interface NodeObj {
+ node_id?: string;
+ timestamp: number;
+ since: number;
+ rest_actions: {
+ [key: string]: number;
+ };
+ aggregations?: {
+ [key: string]: NodeAggregation;
+ };
+}
+
+export interface NodesFeatureUsageResponse {
+ cluster_name: string;
+ nodes: {
+ [key: string]: NodeObj;
+ };
+}
+
+export type NodesUsageGetter = (
+ callCluster: LegacyAPICaller
+) => Promise<{ nodes: NodeObj[] | Array<{}> }>;
+/**
+ * Get the nodes usage data from the connected cluster.
+ *
+ * This is the equivalent to GET /_nodes/usage?timeout=30s.
+ *
+ * The Nodes usage API was introduced in v6.0.0
+ */
+export async function fetchNodesUsage(
+ callCluster: LegacyAPICaller
+): Promise {
+ const response = await callCluster('transport.request', {
+ method: 'GET',
+ path: '/_nodes/usage',
+ query: {
+ timeout: TIMEOUT,
+ },
+ });
+ return response;
+}
+
+/**
+ * Get the nodes usage from the connected cluster
+ * @param callCluster APICaller
+ * @returns Object containing array of modified usage information with the node_id nested within the data for that node.
+ */
+export const getNodesUsage: NodesUsageGetter = async (callCluster) => {
+ const result = await fetchNodesUsage(callCluster);
+ const transformedNodes = Object.entries(result?.nodes || {}).map(([key, value]) => ({
+ ...(value as NodeObj),
+ node_id: key,
+ }));
+ return { nodes: transformedNodes };
+};
diff --git a/src/plugins/usage_collection/public/index.ts b/src/plugins/usage_collection/public/index.ts
index 712e6a76152a2..c6c6ba64e6630 100644
--- a/src/plugins/usage_collection/public/index.ts
+++ b/src/plugins/usage_collection/public/index.ts
@@ -21,7 +21,7 @@ import { PluginInitializerContext } from '../../../core/public';
import { UsageCollectionPlugin } from './plugin';
export { METRIC_TYPE } from '@kbn/analytics';
-export { UsageCollectionSetup } from './plugin';
+export { UsageCollectionSetup, UsageCollectionStart } from './plugin';
export function plugin(initializerContext: PluginInitializerContext) {
return new UsageCollectionPlugin(initializerContext);
diff --git a/src/plugins/visualizations/public/embeddable/visualize_embeddable_factory.tsx b/src/plugins/visualizations/public/embeddable/visualize_embeddable_factory.tsx
index eb4b66401820f..b81ff5c166183 100644
--- a/src/plugins/visualizations/public/embeddable/visualize_embeddable_factory.tsx
+++ b/src/plugins/visualizations/public/embeddable/visualize_embeddable_factory.tsx
@@ -30,7 +30,7 @@ import {
import { DisabledLabEmbeddable } from './disabled_lab_embeddable';
import { VisualizeEmbeddable, VisualizeInput, VisualizeOutput } from './visualize_embeddable';
import { VISUALIZE_EMBEDDABLE_TYPE } from './constants';
-import { Vis } from '../vis';
+import { SerializedVis, Vis } from '../vis';
import {
getCapabilities,
getTypes,
@@ -124,13 +124,20 @@ export class VisualizeEmbeddableFactory
}
}
- public async create() {
+ public async create(input: VisualizeInput & { savedVis?: SerializedVis }, parent?: IContainer) {
// TODO: This is a bit of a hack to preserve the original functionality. Ideally we will clean this up
// to allow for in place creation of visualizations without having to navigate away to a new URL.
- showNewVisModal({
- originatingApp: await this.getCurrentAppId(),
- outsideVisualizeApp: true,
- });
- return undefined;
+ if (input.savedVis) {
+ const visState = input.savedVis;
+ const vis = new Vis(visState.type, visState);
+ await vis.setState(visState);
+ return createVisEmbeddableFromObject(this.deps)(vis, input, parent);
+ } else {
+ showNewVisModal({
+ originatingApp: await this.getCurrentAppId(),
+ outsideVisualizeApp: true,
+ });
+ return undefined;
+ }
}
}
diff --git a/src/plugins/visualize/config.ts b/src/plugins/visualize/config.ts
new file mode 100644
index 0000000000000..ee79a37717f26
--- /dev/null
+++ b/src/plugins/visualize/config.ts
@@ -0,0 +1,26 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import { schema, TypeOf } from '@kbn/config-schema';
+
+export const configSchema = schema.object({
+ showNewVisualizeFlow: schema.boolean({ defaultValue: false }),
+});
+
+export type ConfigSchema = TypeOf;
diff --git a/src/plugins/visualize/public/application/types.ts b/src/plugins/visualize/public/application/types.ts
index 20d55d1110f62..a6adaf1f3c62b 100644
--- a/src/plugins/visualize/public/application/types.ts
+++ b/src/plugins/visualize/public/application/types.ts
@@ -44,6 +44,7 @@ import { SharePluginStart } from 'src/plugins/share/public';
import { SavedObjectsStart, SavedObject } from 'src/plugins/saved_objects/public';
import { EmbeddableStart } from 'src/plugins/embeddable/public';
import { KibanaLegacyStart } from 'src/plugins/kibana_legacy/public';
+import { ConfigSchema } from '../../config';
export type PureVisState = SavedVisState;
@@ -110,6 +111,7 @@ export interface VisualizeServices extends CoreStart {
createVisEmbeddableFromObject: VisualizationsStart['__LEGACY']['createVisEmbeddableFromObject'];
restorePreviousUrl: () => void;
scopedHistory: ScopedHistory;
+ featureFlagConfig: ConfigSchema;
}
export interface SavedVisInstance {
diff --git a/src/plugins/visualize/public/application/utils/get_top_nav_config.tsx b/src/plugins/visualize/public/application/utils/get_top_nav_config.tsx
index e04177fc619e2..96f64c6478fa9 100644
--- a/src/plugins/visualize/public/application/utils/get_top_nav_config.tsx
+++ b/src/plugins/visualize/public/application/utils/get_top_nav_config.tsx
@@ -21,6 +21,7 @@ import React from 'react';
import { i18n } from '@kbn/i18n';
import { TopNavMenuData } from 'src/plugins/navigation/public';
+import uuid from 'uuid';
import { VISUALIZE_EMBEDDABLE_TYPE } from '../../../../visualizations/public';
import {
showSaveModal,
@@ -33,7 +34,6 @@ import { unhashUrl } from '../../../../kibana_utils/public';
import { SavedVisInstance, VisualizeServices, VisualizeAppStateContainer } from '../types';
import { VisualizeConstants } from '../visualize_constants';
import { getEditBreadcrumbs } from './breadcrumbs';
-
interface TopNavConfigParams {
hasUnsavedChanges: boolean;
setHasUnsavedChanges: (value: boolean) => void;
@@ -66,6 +66,7 @@ export const getTopNavConfig = (
toastNotifications,
visualizeCapabilities,
i18n: { Context: I18nContext },
+ featureFlagConfig,
}: VisualizeServices
) => {
/**
@@ -234,6 +235,19 @@ export const getTopNavConfig = (
return response;
};
+ const createVisReference = () => {
+ if (!originatingApp) {
+ return;
+ }
+ const input = {
+ ...vis.serialize(),
+ id: uuid.v4(),
+ };
+ embeddable.getStateTransfer().navigateToWithEmbeddablePackage(originatingApp, {
+ state: { input, type: VISUALIZE_EMBEDDABLE_TYPE },
+ });
+ };
+
const saveModal = (
);
- showSaveModal(saveModal, I18nContext);
+ if (originatingApp === 'dashboards' && featureFlagConfig.showNewVisualizeFlow) {
+ createVisReference();
+ } else {
+ showSaveModal(saveModal, I18nContext);
+ }
},
},
]
diff --git a/src/plugins/visualize/public/plugin.ts b/src/plugins/visualize/public/plugin.ts
index 5be560f7fb632..fd9a67599414f 100644
--- a/src/plugins/visualize/public/plugin.ts
+++ b/src/plugins/visualize/public/plugin.ts
@@ -60,6 +60,10 @@ export interface VisualizePluginSetupDependencies {
data: DataPublicPluginSetup;
}
+export interface FeatureFlagConfig {
+ showNewVisualizeFlow: boolean;
+}
+
export class VisualizePlugin
implements
Plugin {
@@ -165,6 +169,7 @@ export class VisualizePlugin
savedObjectsPublic: pluginsStart.savedObjects,
scopedHistory: params.history,
restorePreviousUrl,
+ featureFlagConfig: this.initializerContext.config.get(),
};
params.element.classList.add('visAppWrapper');
diff --git a/src/plugins/visualize/server/index.ts b/src/plugins/visualize/server/index.ts
index 5cebef71d8d22..6da0a513b1475 100644
--- a/src/plugins/visualize/server/index.ts
+++ b/src/plugins/visualize/server/index.ts
@@ -17,8 +17,17 @@
* under the License.
*/
-import { PluginInitializerContext } from 'kibana/server';
+import { PluginInitializerContext, PluginConfigDescriptor } from 'kibana/server';
import { VisualizeServerPlugin } from './plugin';
+import { ConfigSchema, configSchema } from '../config';
+
+export const config: PluginConfigDescriptor = {
+ exposeToBrowser: {
+ showNewVisualizeFlow: true,
+ },
+ schema: configSchema,
+};
+
export const plugin = (initContext: PluginInitializerContext) =>
new VisualizeServerPlugin(initContext);
diff --git a/tasks/function_test_groups.js b/tasks/function_test_groups.js
index 799b9e9eb8194..d60f3ae53eecc 100644
--- a/tasks/function_test_groups.js
+++ b/tasks/function_test_groups.js
@@ -41,6 +41,8 @@ const getDefaultArgs = (tag) => {
// '--config', 'test/functional/config.firefox.js',
'--bail',
'--debug',
+ '--config',
+ 'test/new_visualize_flow/config.js',
];
};
diff --git a/test/api_integration/apis/telemetry/telemetry_local.js b/test/api_integration/apis/telemetry/telemetry_local.js
index 2875ff09a9a8d..e74cd180185ab 100644
--- a/test/api_integration/apis/telemetry/telemetry_local.js
+++ b/test/api_integration/apis/telemetry/telemetry_local.js
@@ -113,6 +113,7 @@ export default function ({ getService }) {
'cluster_stats.nodes.plugins',
'cluster_stats.nodes.process',
'cluster_stats.nodes.versions',
+ 'cluster_stats.nodes.usage',
'cluster_stats.status',
'cluster_stats.timestamp',
'cluster_uuid',
diff --git a/test/functional/services/dashboard/visualizations.ts b/test/functional/services/dashboard/visualizations.ts
index 10747658d8c9b..a5c16010d3eba 100644
--- a/test/functional/services/dashboard/visualizations.ts
+++ b/test/functional/services/dashboard/visualizations.ts
@@ -139,5 +139,31 @@ export function DashboardVisualizationProvider({ getService, getPageObjects }: F
redirectToOrigin: true,
});
}
+
+ async createAndEmbedMetric(name: string) {
+ log.debug(`createAndEmbedMetric(${name})`);
+ const inViewMode = await PageObjects.dashboard.getIsInViewMode();
+ if (inViewMode) {
+ await PageObjects.dashboard.switchToEditMode();
+ }
+ await this.ensureNewVisualizationDialogIsShowing();
+ await PageObjects.visualize.clickMetric();
+ await find.clickByCssSelector('li.euiListGroupItem:nth-of-type(2)');
+ await testSubjects.exists('visualizeSaveButton');
+ await testSubjects.click('visualizeSaveButton');
+ }
+
+ async createAndEmbedMarkdown({ name, markdown }: { name: string; markdown: string }) {
+ log.debug(`createAndEmbedMarkdown(${markdown})`);
+ const inViewMode = await PageObjects.dashboard.getIsInViewMode();
+ if (inViewMode) {
+ await PageObjects.dashboard.switchToEditMode();
+ }
+ await this.ensureNewVisualizationDialogIsShowing();
+ await PageObjects.visualize.clickMarkdownWidget();
+ await PageObjects.visEditor.setMarkdownTxt(markdown);
+ await PageObjects.visEditor.clickGo();
+ await testSubjects.click('visualizeSaveButton');
+ }
})();
}
diff --git a/test/new_visualize_flow/config.js b/test/new_visualize_flow/config.js
new file mode 100644
index 0000000000000..a6440d16481d5
--- /dev/null
+++ b/test/new_visualize_flow/config.js
@@ -0,0 +1,157 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import { pageObjects } from '../functional/page_objects';
+import { services } from '../functional/services';
+
+export default async function ({ readConfigFile }) {
+ const commonConfig = await readConfigFile(require.resolve('../functional/config.js'));
+
+ return {
+ testFiles: [require.resolve('./dashboard_embedding')],
+ pageObjects,
+ services,
+ servers: commonConfig.get('servers'),
+
+ esTestCluster: commonConfig.get('esTestCluster'),
+
+ kbnTestServer: {
+ ...commonConfig.get('kbnTestServer'),
+ serverArgs: [
+ ...commonConfig.get('kbnTestServer.serverArgs'),
+ '--oss',
+ '--telemetry.optIn=false',
+ '--visualize.showNewVisualizeFlow=true',
+ ],
+ },
+
+ uiSettings: {
+ defaults: {
+ 'accessibility:disableAnimations': true,
+ 'dateFormat:tz': 'UTC',
+ },
+ },
+
+ apps: {
+ kibana: {
+ pathname: '/app/kibana',
+ },
+ status_page: {
+ pathname: '/status',
+ },
+ discover: {
+ pathname: '/app/discover',
+ hash: '/',
+ },
+ context: {
+ pathname: '/app/discover',
+ hash: '/context',
+ },
+ visualize: {
+ pathname: '/app/visualize',
+ hash: '/',
+ },
+ dashboard: {
+ pathname: '/app/dashboards',
+ hash: '/list',
+ },
+ management: {
+ pathname: '/app/management',
+ },
+ console: {
+ pathname: '/app/dev_tools',
+ hash: '/console',
+ },
+ home: {
+ pathname: '/app/home',
+ hash: '/',
+ },
+ },
+ junit: {
+ reportName: 'Chrome UI Functional Tests',
+ },
+ browser: {
+ type: 'chrome',
+ },
+
+ security: {
+ roles: {
+ test_logstash_reader: {
+ elasticsearch: {
+ cluster: [],
+ indices: [
+ {
+ names: ['logstash*'],
+ privileges: ['read', 'view_index_metadata'],
+ field_security: { grant: ['*'], except: [] },
+ },
+ ],
+ run_as: [],
+ },
+ kibana: [],
+ },
+ //for sample data - can remove but not add sample data
+ kibana_sample_admin: {
+ elasticsearch: {
+ cluster: [],
+ indices: [
+ {
+ names: ['kibana_sample*'],
+ privileges: ['read', 'view_index_metadata', 'manage', 'create_index', 'index'],
+ field_security: { grant: ['*'], except: [] },
+ },
+ ],
+ run_as: [],
+ },
+ kibana: [],
+ },
+ long_window_logstash: {
+ elasticsearch: {
+ cluster: [],
+ indices: [
+ {
+ names: ['long-window-logstash-*'],
+ privileges: ['read', 'view_index_metadata'],
+ field_security: { grant: ['*'], except: [] },
+ },
+ ],
+ run_as: [],
+ },
+ kibana: [],
+ },
+
+ animals: {
+ elasticsearch: {
+ cluster: [],
+ indices: [
+ {
+ names: ['animals-*'],
+ privileges: ['read', 'view_index_metadata'],
+ field_security: { grant: ['*'], except: [] },
+ },
+ ],
+ run_as: [],
+ },
+ kibana: [],
+ },
+ },
+ defaultRoles: ['kibana_admin'],
+ },
+ };
+}
diff --git a/test/new_visualize_flow/dashboard_embedding.js b/test/new_visualize_flow/dashboard_embedding.js
new file mode 100644
index 0000000000000..b1a6bd14547fb
--- /dev/null
+++ b/test/new_visualize_flow/dashboard_embedding.js
@@ -0,0 +1,83 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import expect from '@kbn/expect';
+
+/**
+ * This tests both that one of each visualization can be added to a dashboard (as opposed to opening an existing
+ * dashboard with the visualizations already on it), as well as conducts a rough type of snapshot testing by checking
+ * for various ui components. The downside is these tests are a bit fragile to css changes (though not as fragile as
+ * actual screenshot snapshot regression testing), and can be difficult to diagnose failures (which visualization
+ * broke?). The upside is that this offers very good coverage with a minimal time investment.
+ */
+
+export default function ({ getService, getPageObjects }) {
+ const esArchiver = getService('esArchiver');
+ const kibanaServer = getService('kibanaServer');
+ const dashboardExpect = getService('dashboardExpect');
+ const testSubjects = getService('testSubjects');
+ const dashboardVisualizations = getService('dashboardVisualizations');
+ const PageObjects = getPageObjects([
+ 'common',
+ 'dashboard',
+ 'header',
+ 'visualize',
+ 'discover',
+ 'timePicker',
+ ]);
+
+ describe('Dashboard Embedding', function describeIndexTests() {
+ before(async () => {
+ await esArchiver.load('kibana');
+ await kibanaServer.uiSettings.replace({
+ defaultIndex: '0bf35f60-3dc9-11e8-8660-4d65aa086b3c',
+ });
+ await PageObjects.common.navigateToApp('dashboard');
+ await PageObjects.dashboard.preserveCrossAppState();
+ await PageObjects.dashboard.clickNewDashboard();
+ });
+
+ it('adding a metric visualization', async function () {
+ const originalPanelCount = await PageObjects.dashboard.getPanelCount();
+ expect(originalPanelCount).to.eql(0);
+ await testSubjects.exists('addVisualizationButton');
+ await testSubjects.click('addVisualizationButton');
+ await dashboardVisualizations.createAndEmbedMetric('Embedding Vis Test');
+ await PageObjects.dashboard.waitForRenderComplete();
+ await dashboardExpect.metricValuesExist(['0']);
+ const panelCount = await PageObjects.dashboard.getPanelCount();
+ expect(panelCount).to.eql(1);
+ });
+
+ it('adding a markdown', async function () {
+ const originalPanelCount = await PageObjects.dashboard.getPanelCount();
+ expect(originalPanelCount).to.eql(1);
+ await testSubjects.exists('dashboardAddNewPanelButton');
+ await testSubjects.click('dashboardAddNewPanelButton');
+ await dashboardVisualizations.createAndEmbedMarkdown({
+ name: 'Embedding Markdown Test',
+ markdown: 'Nice to meet you, markdown is my name',
+ });
+ await PageObjects.dashboard.waitForRenderComplete();
+ await dashboardExpect.markdownWithValuesExists(['Nice to meet you, markdown is my name']);
+ const panelCount = await PageObjects.dashboard.getPanelCount();
+ expect(panelCount).to.eql(2);
+ });
+ });
+}
diff --git a/test/new_visualize_flow/fixtures/es_archiver/kibana/data.json.gz b/test/new_visualize_flow/fixtures/es_archiver/kibana/data.json.gz
new file mode 100644
index 0000000000000..ae78761fef0d3
Binary files /dev/null and b/test/new_visualize_flow/fixtures/es_archiver/kibana/data.json.gz differ
diff --git a/test/new_visualize_flow/fixtures/es_archiver/kibana/mappings.json b/test/new_visualize_flow/fixtures/es_archiver/kibana/mappings.json
new file mode 100644
index 0000000000000..9f5edaad0fe76
--- /dev/null
+++ b/test/new_visualize_flow/fixtures/es_archiver/kibana/mappings.json
@@ -0,0 +1,490 @@
+{
+ "type": "index",
+ "value": {
+ "aliases": {
+ ".kibana": {
+ }
+ },
+ "index": ".kibana_1",
+ "mappings": {
+ "_meta": {
+ "migrationMappingPropertyHashes": {
+ "application_usage_totals": "c897e4310c5f24b07caaff3db53ae2c1",
+ "application_usage_transactional": "965839e75f809fefe04f92dc4d99722a",
+ "config": "ae24d22d5986d04124cc6568f771066f",
+ "dashboard": "d00f614b29a80360e1190193fd333bab",
+ "index-pattern": "66eccb05066c5a89924f48a9e9736499",
+ "kql-telemetry": "d12a98a6f19a2d273696597547e064ee",
+ "migrationVersion": "4a1746014a75ade3a714e1db5763276f",
+ "namespace": "2f4316de49999235636386fe51dc06c1",
+ "namespaces": "2f4316de49999235636386fe51dc06c1",
+ "query": "11aaeb7f5f7fa5bb43f25e18ce26e7d9",
+ "references": "7997cf5a56cc02bdc9c93361bde732b0",
+ "sample-data-telemetry": "7d3cfeb915303c9641c59681967ffeb4",
+ "search": "181661168bbadd1eff5902361e2a0d5c",
+ "telemetry": "36a616f7026dfa617d6655df850fe16d",
+ "timelion-sheet": "9a2a2748877c7a7b582fef201ab1d4cf",
+ "tsvb-validation-telemetry": "3a37ef6c8700ae6fc97d5c7da00e9215",
+ "type": "2f4316de49999235636386fe51dc06c1",
+ "ui-metric": "0d409297dc5ebe1e3a1da691c6ee32e3",
+ "updated_at": "00da57df13e94e9d98437d13ace4bfe0",
+ "url": "b675c3be8d76ecf029294d51dc7ec65d",
+ "visualization": "52d7a13ad68a150c4525b292d23e12cc"
+ }
+ },
+ "dynamic": "strict",
+ "properties": {
+ "application_usage_totals": {
+ "properties": {
+ "appId": {
+ "type": "keyword"
+ },
+ "minutesOnScreen": {
+ "type": "float"
+ },
+ "numberOfClicks": {
+ "type": "long"
+ }
+ }
+ },
+ "application_usage_transactional": {
+ "properties": {
+ "appId": {
+ "type": "keyword"
+ },
+ "minutesOnScreen": {
+ "type": "float"
+ },
+ "numberOfClicks": {
+ "type": "long"
+ },
+ "timestamp": {
+ "type": "date"
+ }
+ }
+ },
+ "config": {
+ "dynamic": "true",
+ "properties": {
+ "accessibility:disableAnimations": {
+ "type": "boolean"
+ },
+ "buildNum": {
+ "type": "keyword"
+ },
+ "dateFormat:tz": {
+ "fields": {
+ "keyword": {
+ "ignore_above": 256,
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "defaultIndex": {
+ "fields": {
+ "keyword": {
+ "ignore_above": 256,
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "notifications:lifetime:banner": {
+ "type": "long"
+ },
+ "notifications:lifetime:error": {
+ "type": "long"
+ },
+ "notifications:lifetime:info": {
+ "type": "long"
+ },
+ "notifications:lifetime:warning": {
+ "type": "long"
+ },
+ "xPackMonitoring:showBanner": {
+ "type": "boolean"
+ }
+ }
+ },
+ "dashboard": {
+ "properties": {
+ "description": {
+ "type": "text"
+ },
+ "hits": {
+ "type": "integer"
+ },
+ "kibanaSavedObjectMeta": {
+ "properties": {
+ "searchSourceJSON": {
+ "type": "text"
+ }
+ }
+ },
+ "optionsJSON": {
+ "type": "text"
+ },
+ "panelsJSON": {
+ "type": "text"
+ },
+ "refreshInterval": {
+ "properties": {
+ "display": {
+ "type": "keyword"
+ },
+ "pause": {
+ "type": "boolean"
+ },
+ "section": {
+ "type": "integer"
+ },
+ "value": {
+ "type": "integer"
+ }
+ }
+ },
+ "timeFrom": {
+ "type": "keyword"
+ },
+ "timeRestore": {
+ "type": "boolean"
+ },
+ "timeTo": {
+ "type": "keyword"
+ },
+ "title": {
+ "type": "text"
+ },
+ "version": {
+ "type": "integer"
+ }
+ }
+ },
+ "index-pattern": {
+ "properties": {
+ "fieldFormatMap": {
+ "type": "text"
+ },
+ "fields": {
+ "type": "text"
+ },
+ "intervalName": {
+ "type": "keyword"
+ },
+ "notExpandable": {
+ "type": "boolean"
+ },
+ "sourceFilters": {
+ "type": "text"
+ },
+ "timeFieldName": {
+ "type": "keyword"
+ },
+ "title": {
+ "type": "text"
+ },
+ "type": {
+ "type": "keyword"
+ },
+ "typeMeta": {
+ "type": "keyword"
+ }
+ }
+ },
+ "kql-telemetry": {
+ "properties": {
+ "optInCount": {
+ "type": "long"
+ },
+ "optOutCount": {
+ "type": "long"
+ }
+ }
+ },
+ "migrationVersion": {
+ "dynamic": "true",
+ "properties": {
+ "dashboard": {
+ "fields": {
+ "keyword": {
+ "ignore_above": 256,
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "index-pattern": {
+ "fields": {
+ "keyword": {
+ "ignore_above": 256,
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "search": {
+ "fields": {
+ "keyword": {
+ "ignore_above": 256,
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "visualization": {
+ "fields": {
+ "keyword": {
+ "ignore_above": 256,
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ }
+ }
+ },
+ "namespace": {
+ "type": "keyword"
+ },
+ "namespaces": {
+ "type": "keyword"
+ },
+ "query": {
+ "properties": {
+ "description": {
+ "type": "text"
+ },
+ "filters": {
+ "enabled": false,
+ "type": "object"
+ },
+ "query": {
+ "properties": {
+ "language": {
+ "type": "keyword"
+ },
+ "query": {
+ "index": false,
+ "type": "keyword"
+ }
+ }
+ },
+ "timefilter": {
+ "enabled": false,
+ "type": "object"
+ },
+ "title": {
+ "type": "text"
+ }
+ }
+ },
+ "references": {
+ "properties": {
+ "id": {
+ "type": "keyword"
+ },
+ "name": {
+ "type": "keyword"
+ },
+ "type": {
+ "type": "keyword"
+ }
+ },
+ "type": "nested"
+ },
+ "sample-data-telemetry": {
+ "properties": {
+ "installCount": {
+ "type": "long"
+ },
+ "unInstallCount": {
+ "type": "long"
+ }
+ }
+ },
+ "search": {
+ "properties": {
+ "columns": {
+ "type": "keyword"
+ },
+ "description": {
+ "type": "text"
+ },
+ "hits": {
+ "type": "integer"
+ },
+ "kibanaSavedObjectMeta": {
+ "properties": {
+ "searchSourceJSON": {
+ "type": "text"
+ }
+ }
+ },
+ "sort": {
+ "type": "keyword"
+ },
+ "title": {
+ "type": "text"
+ },
+ "version": {
+ "type": "integer"
+ }
+ }
+ },
+ "server": {
+ "properties": {
+ "uuid": {
+ "type": "keyword"
+ }
+ }
+ },
+ "telemetry": {
+ "properties": {
+ "allowChangingOptInStatus": {
+ "type": "boolean"
+ },
+ "enabled": {
+ "type": "boolean"
+ },
+ "lastReported": {
+ "type": "date"
+ },
+ "lastVersionChecked": {
+ "type": "keyword"
+ },
+ "reportFailureCount": {
+ "type": "integer"
+ },
+ "reportFailureVersion": {
+ "type": "keyword"
+ },
+ "sendUsageFrom": {
+ "type": "keyword"
+ },
+ "userHasSeenNotice": {
+ "type": "boolean"
+ }
+ }
+ },
+ "timelion-sheet": {
+ "properties": {
+ "description": {
+ "type": "text"
+ },
+ "hits": {
+ "type": "integer"
+ },
+ "kibanaSavedObjectMeta": {
+ "properties": {
+ "searchSourceJSON": {
+ "type": "text"
+ }
+ }
+ },
+ "timelion_chart_height": {
+ "type": "integer"
+ },
+ "timelion_columns": {
+ "type": "integer"
+ },
+ "timelion_interval": {
+ "type": "keyword"
+ },
+ "timelion_other_interval": {
+ "type": "keyword"
+ },
+ "timelion_rows": {
+ "type": "integer"
+ },
+ "timelion_sheet": {
+ "type": "text"
+ },
+ "title": {
+ "type": "text"
+ },
+ "version": {
+ "type": "integer"
+ }
+ }
+ },
+ "tsvb-validation-telemetry": {
+ "properties": {
+ "failedRequests": {
+ "type": "long"
+ }
+ }
+ },
+ "type": {
+ "type": "keyword"
+ },
+ "ui-metric": {
+ "properties": {
+ "count": {
+ "type": "integer"
+ }
+ }
+ },
+ "updated_at": {
+ "type": "date"
+ },
+ "url": {
+ "properties": {
+ "accessCount": {
+ "type": "long"
+ },
+ "accessDate": {
+ "type": "date"
+ },
+ "createDate": {
+ "type": "date"
+ },
+ "url": {
+ "fields": {
+ "keyword": {
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ }
+ }
+ },
+ "visualization": {
+ "properties": {
+ "description": {
+ "type": "text"
+ },
+ "kibanaSavedObjectMeta": {
+ "properties": {
+ "searchSourceJSON": {
+ "type": "text"
+ }
+ }
+ },
+ "savedSearchRefName": {
+ "type": "keyword"
+ },
+ "title": {
+ "type": "text"
+ },
+ "uiStateJSON": {
+ "type": "text"
+ },
+ "version": {
+ "type": "integer"
+ },
+ "visState": {
+ "type": "text"
+ }
+ }
+ }
+ }
+ },
+ "settings": {
+ "index": {
+ "auto_expand_replicas": "0-1",
+ "number_of_replicas": "0",
+ "number_of_shards": "1"
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/test/new_visualize_flow/index.ts b/test/new_visualize_flow/index.ts
new file mode 100644
index 0000000000000..e915525155990
--- /dev/null
+++ b/test/new_visualize_flow/index.ts
@@ -0,0 +1,27 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+import { FtrProviderContext } from '../functional/ftr_provider_context';
+
+// eslint-disable-next-line import/no-default-export
+export default function ({ loadTestFile }: FtrProviderContext) {
+ describe('New Visualize Flow', function () {
+ this.tags('ciGroup2');
+ loadTestFile(require.resolve('./dashboard_embedding'));
+ });
+}
diff --git a/test/plugin_functional/config.js b/test/plugin_functional/config.js
index 078eb9ee88a8e..f51fb5e1bade4 100644
--- a/test/plugin_functional/config.js
+++ b/test/plugin_functional/config.js
@@ -38,6 +38,7 @@ export default async function ({ readConfigFile }) {
require.resolve('./test_suites/management'),
require.resolve('./test_suites/doc_views'),
require.resolve('./test_suites/application_links'),
+ require.resolve('./test_suites/data_plugin'),
],
services: {
...functionalConfig.get('services'),
diff --git a/test/plugin_functional/plugins/index_patterns/kibana.json b/test/plugin_functional/plugins/index_patterns/kibana.json
new file mode 100644
index 0000000000000..e098950dc9677
--- /dev/null
+++ b/test/plugin_functional/plugins/index_patterns/kibana.json
@@ -0,0 +1,9 @@
+{
+ "id": "index_patterns_test_plugin",
+ "version": "0.0.1",
+ "kibanaVersion": "kibana",
+ "configPath": ["index_patterns_test_plugin"],
+ "server": true,
+ "ui": false,
+ "requiredPlugins": ["data"]
+}
diff --git a/test/plugin_functional/plugins/index_patterns/package.json b/test/plugin_functional/plugins/index_patterns/package.json
new file mode 100644
index 0000000000000..eaba6ca624bd8
--- /dev/null
+++ b/test/plugin_functional/plugins/index_patterns/package.json
@@ -0,0 +1,17 @@
+{
+ "name": "index_patterns_test_plugin",
+ "version": "1.0.0",
+ "main": "target/test/plugin_functional/plugins/index_patterns_test_plugin",
+ "kibana": {
+ "version": "kibana",
+ "templateVersion": "1.0.0"
+ },
+ "license": "Apache-2.0",
+ "scripts": {
+ "kbn": "node ../../../../scripts/kbn.js",
+ "build": "rm -rf './target' && tsc"
+ },
+ "devDependencies": {
+ "typescript": "3.9.5"
+ }
+}
\ No newline at end of file
diff --git a/test/plugin_functional/plugins/index_patterns/server/index.ts b/test/plugin_functional/plugins/index_patterns/server/index.ts
new file mode 100644
index 0000000000000..0c99dd30c9cb6
--- /dev/null
+++ b/test/plugin_functional/plugins/index_patterns/server/index.ts
@@ -0,0 +1,30 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import { PluginInitializer } from 'kibana/server';
+import {
+ IndexPatternsTestPlugin,
+ IndexPatternsTestPluginSetup,
+ IndexPatternsTestPluginStart,
+} from './plugin';
+
+export const plugin: PluginInitializer<
+ IndexPatternsTestPluginSetup,
+ IndexPatternsTestPluginStart
+> = () => new IndexPatternsTestPlugin();
diff --git a/test/plugin_functional/plugins/index_patterns/server/plugin.ts b/test/plugin_functional/plugins/index_patterns/server/plugin.ts
new file mode 100644
index 0000000000000..ffc70136ccffa
--- /dev/null
+++ b/test/plugin_functional/plugins/index_patterns/server/plugin.ts
@@ -0,0 +1,111 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import { CoreSetup, Plugin } from 'kibana/server';
+import { schema } from '@kbn/config-schema';
+import { PluginStart as DataPluginStart } from '../../../../../src/plugins/data/server';
+
+export interface IndexPatternsTestStartDeps {
+ data: DataPluginStart;
+}
+
+export class IndexPatternsTestPlugin
+ implements
+ Plugin<
+ IndexPatternsTestPluginSetup,
+ IndexPatternsTestPluginStart,
+ {},
+ IndexPatternsTestStartDeps
+ > {
+ public setup(core: CoreSetup) {
+ const router = core.http.createRouter();
+
+ router.get(
+ { path: '/api/index-patterns-plugin/get-all', validate: false },
+ async (context, req, res) => {
+ const [, { data }] = await core.getStartServices();
+ const service = await data.indexPatterns.indexPatternsServiceFactory(req);
+ const ids = await service.getIds();
+ return res.ok({ body: ids });
+ }
+ );
+
+ router.get(
+ {
+ path: '/api/index-patterns-plugin/get/{id}',
+ validate: {
+ params: schema.object({
+ id: schema.string(),
+ }),
+ },
+ },
+ async (context, req, res) => {
+ const id = (req.params as Record).id;
+ const [, { data }] = await core.getStartServices();
+ const service = await data.indexPatterns.indexPatternsServiceFactory(req);
+ const ip = await service.get(id);
+ return res.ok({ body: ip.toSpec() });
+ }
+ );
+
+ router.get(
+ {
+ path: '/api/index-patterns-plugin/update/{id}',
+ validate: {
+ params: schema.object({
+ id: schema.string(),
+ }),
+ },
+ },
+ async (context, req, res) => {
+ const [, { data }] = await core.getStartServices();
+ const id = (req.params as Record).id;
+ const service = await data.indexPatterns.indexPatternsServiceFactory(req);
+ const ip = await service.get(id);
+ await ip.save();
+ return res.ok();
+ }
+ );
+
+ router.get(
+ {
+ path: '/api/index-patterns-plugin/delete/{id}',
+ validate: {
+ params: schema.object({
+ id: schema.string(),
+ }),
+ },
+ },
+ async (context, req, res) => {
+ const [, { data }] = await core.getStartServices();
+ const id = (req.params as Record).id;
+ const service = await data.indexPatterns.indexPatternsServiceFactory(req);
+ const ip = await service.get(id);
+ await ip.destroy();
+ return res.ok();
+ }
+ );
+ }
+
+ public start() {}
+ public stop() {}
+}
+
+export type IndexPatternsTestPluginSetup = ReturnType;
+export type IndexPatternsTestPluginStart = ReturnType;
diff --git a/test/plugin_functional/plugins/index_patterns/tsconfig.json b/test/plugin_functional/plugins/index_patterns/tsconfig.json
new file mode 100644
index 0000000000000..6f0c32ad30601
--- /dev/null
+++ b/test/plugin_functional/plugins/index_patterns/tsconfig.json
@@ -0,0 +1,14 @@
+{
+ "extends": "../../../../tsconfig.json",
+ "compilerOptions": {
+ "outDir": "./target",
+ "skipLibCheck": true
+ },
+ "include": [
+ "index.ts",
+ "server/**/*.ts",
+ "server/**/*.tsx",
+ "../../../../typings/**/*",
+ ],
+ "exclude": []
+}
diff --git a/test/plugin_functional/test_suites/data_plugin/index.ts b/test/plugin_functional/test_suites/data_plugin/index.ts
new file mode 100644
index 0000000000000..1c3f118135ffa
--- /dev/null
+++ b/test/plugin_functional/test_suites/data_plugin/index.ts
@@ -0,0 +1,25 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+// @ts-expect-error
+export default function ({ loadTestFile }) {
+ describe('data plugin', () => {
+ loadTestFile(require.resolve('./index_patterns'));
+ });
+}
diff --git a/test/plugin_functional/test_suites/data_plugin/index_patterns.ts b/test/plugin_functional/test_suites/data_plugin/index_patterns.ts
new file mode 100644
index 0000000000000..481e9d76e3acc
--- /dev/null
+++ b/test/plugin_functional/test_suites/data_plugin/index_patterns.ts
@@ -0,0 +1,64 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+import expect from '@kbn/expect';
+import { PluginFunctionalProviderContext } from '../../services';
+import '../../plugins/core_provider_plugin/types';
+
+// eslint-disable-next-line import/no-default-export
+export default function ({ getService, getPageObjects }: PluginFunctionalProviderContext) {
+ const supertest = getService('supertest');
+ const esArchiver = getService('esArchiver');
+ const PageObjects = getPageObjects(['common', 'settings']);
+
+ describe('index patterns', function () {
+ let indexPatternId = '';
+ before(async () => {
+ await esArchiver.loadIfNeeded(
+ '../functional/fixtures/es_archiver/getting_started/shakespeare'
+ );
+ await PageObjects.common.navigateToApp('settings');
+ await PageObjects.settings.createIndexPattern('shakespeare', '');
+ });
+
+ it('can get all ids', async () => {
+ const body = await (await supertest.get('/api/index-patterns-plugin/get-all').expect(200))
+ .body;
+ indexPatternId = body[0];
+ expect(body.length > 0).to.equal(true);
+ });
+
+ it('can get index pattern by id', async () => {
+ const body = await (
+ await supertest.get(`/api/index-patterns-plugin/get/${indexPatternId}`).expect(200)
+ ).body;
+ expect(body.fields.length > 0).to.equal(true);
+ });
+
+ it('can update index pattern', async () => {
+ const body = await (
+ await supertest.get(`/api/index-patterns-plugin/update/${indexPatternId}`).expect(200)
+ ).body;
+ expect(body).to.eql({});
+ });
+
+ it('can delete index pattern', async () => {
+ await supertest.get(`/api/index-patterns-plugin/delete/${indexPatternId}`).expect(200);
+ });
+ });
+}
diff --git a/x-pack/dev-tools/jest/create_jest_config.js b/x-pack/dev-tools/jest/create_jest_config.js
index 9b6db8b74458b..a0574dbdf36da 100644
--- a/x-pack/dev-tools/jest/create_jest_config.js
+++ b/x-pack/dev-tools/jest/create_jest_config.js
@@ -9,7 +9,7 @@ export function createJestConfig({ kibanaDirectory, rootDir, xPackKibanaDirector
return {
rootDir,
roots: ['/plugins', '/legacy/plugins', '/legacy/server'],
- moduleFileExtensions: ['js', 'json', 'ts', 'tsx', 'node'],
+ moduleFileExtensions: ['js', 'mjs', 'json', 'ts', 'tsx', 'node'],
moduleNameMapper: {
'@elastic/eui$': `${kibanaDirectory}/node_modules/@elastic/eui/test-env`,
'@elastic/eui/lib/(.*)?': `${kibanaDirectory}/node_modules/@elastic/eui/test-env/$1`,
@@ -32,11 +32,11 @@ export function createJestConfig({ kibanaDirectory, rootDir, xPackKibanaDirector
'^(!!)?file-loader!': fileMockPath,
},
collectCoverageFrom: [
- 'legacy/plugins/**/*.{js,jsx,ts,tsx}',
- 'legacy/server/**/*.{js,jsx,ts,tsx}',
- 'plugins/**/*.{js,jsx,ts,tsx}',
+ 'legacy/plugins/**/*.{js,mjs,jsx,ts,tsx}',
+ 'legacy/server/**/*.{js,mjs,jsx,ts,tsx}',
+ 'plugins/**/*.{js,mjs,jsx,ts,tsx}',
'!**/{__test__,__snapshots__,__examples__,integration_tests,tests}/**',
- '!**/*.test.{js,ts,tsx}',
+ '!**/*.test.{js,mjs,ts,tsx}',
'!**/flot-charts/**',
'!**/test/**',
'!**/build/**',
@@ -60,7 +60,7 @@ export function createJestConfig({ kibanaDirectory, rootDir, xPackKibanaDirector
`${kibanaDirectory}/src/dev/jest/setup/react_testing_library.js`,
],
testEnvironment: 'jest-environment-jsdom-thirteen',
- testMatch: ['**/*.test.{js,ts,tsx}'],
+ testMatch: ['**/*.test.{js,mjs,ts,tsx}'],
testRunner: 'jest-circus/runner',
transform: {
'^.+\\.(js|tsx?)$': `${kibanaDirectory}/src/dev/jest/babel_transform.js`,
diff --git a/x-pack/plugins/apm/jest.config.js b/x-pack/plugins/apm/jest.config.js
index 43bdeb583c819..2f9d8a37376d9 100644
--- a/x-pack/plugins/apm/jest.config.js
+++ b/x-pack/plugins/apm/jest.config.js
@@ -29,10 +29,10 @@ module.exports = {
roots: [`${rootDir}/common`, `${rootDir}/public`, `${rootDir}/server`],
collectCoverage: true,
collectCoverageFrom: [
- '**/*.{js,jsx,ts,tsx}',
+ '**/*.{js,mjs,jsx,ts,tsx}',
'!**/{__test__,__snapshots__,__examples__,integration_tests,tests}/**',
- '!**/*.stories.{js,ts,tsx}',
- '!**/*.test.{js,ts,tsx}',
+ '!**/*.stories.{js,mjs,ts,tsx}',
+ '!**/*.test.{js,mjs,ts,tsx}',
'!**/dev_docs/**',
'!**/e2e/**',
'!**/scripts/**',
diff --git a/x-pack/plugins/apm/public/services/rest/observability_dashboard.ts b/x-pack/plugins/apm/public/services/rest/observability_dashboard.ts
index 2221904932b63..4614e06cbd45d 100644
--- a/x-pack/plugins/apm/public/services/rest/observability_dashboard.ts
+++ b/x-pack/plugins/apm/public/services/rest/observability_dashboard.ts
@@ -6,9 +6,10 @@
import { i18n } from '@kbn/i18n';
import { sum } from 'lodash';
-// eslint-disable-next-line @kbn/eslint/no-restricted-paths
-import { FetchDataParams } from '../../../../observability/public/data_handler';
-import { ApmFetchDataResponse } from '../../../../observability/public/typings/fetch_data_response';
+import {
+ ApmFetchDataResponse,
+ FetchDataParams,
+} from '../../../../observability/public';
import { callApmApi } from './createCallApmApi';
import { Theme } from '../../utils/get_theme';
diff --git a/x-pack/plugins/apm/server/lib/observability_dashboard/get_transaction_coordinates.ts b/x-pack/plugins/apm/server/lib/observability_dashboard/get_transaction_coordinates.ts
index 78ed11d839ad2..e78a3c1cec24a 100644
--- a/x-pack/plugins/apm/server/lib/observability_dashboard/get_transaction_coordinates.ts
+++ b/x-pack/plugins/apm/server/lib/observability_dashboard/get_transaction_coordinates.ts
@@ -9,7 +9,7 @@
* you may not use this file except in compliance with the Elastic License.
*/
import { rangeFilter } from '../../../common/utils/range_filter';
-import { Coordinates } from '../../../../observability/public/typings/fetch_data_response';
+import { Coordinates } from '../../../../observability/public';
import { PROCESSOR_EVENT } from '../../../common/elasticsearch_fieldnames';
import { Setup, SetupTimeRange } from '../helpers/setup_request';
import { ProcessorEvent } from '../../../common/processor_event';
diff --git a/x-pack/plugins/infra/common/alerting/logs/types.ts b/x-pack/plugins/infra/common/alerting/logs/types.ts
index cbfffbfd8f940..884a813d74c86 100644
--- a/x-pack/plugins/infra/common/alerting/logs/types.ts
+++ b/x-pack/plugins/infra/common/alerting/logs/types.ts
@@ -4,6 +4,8 @@
* you may not use this file except in compliance with the Elastic License.
*/
import { i18n } from '@kbn/i18n';
+import * as rt from 'io-ts';
+import { commonSearchSuccessResponseFieldsRT } from '../../utils/elasticsearch_runtime_types';
export const LOG_DOCUMENT_COUNT_ALERT_TYPE_ID = 'logs.alert.document.count';
@@ -20,6 +22,19 @@ export enum Comparator {
NOT_MATCH_PHRASE = 'does not match phrase',
}
+const ComparatorRT = rt.keyof({
+ [Comparator.GT]: null,
+ [Comparator.GT_OR_EQ]: null,
+ [Comparator.LT]: null,
+ [Comparator.LT_OR_EQ]: null,
+ [Comparator.EQ]: null,
+ [Comparator.NOT_EQ]: null,
+ [Comparator.MATCH]: null,
+ [Comparator.NOT_MATCH]: null,
+ [Comparator.MATCH_PHRASE]: null,
+ [Comparator.NOT_MATCH_PHRASE]: null,
+});
+
// Maps our comparators to i18n strings, some comparators have more specific wording
// depending on the field type the comparator is being used with.
export const ComparatorToi18nMap = {
@@ -74,22 +89,78 @@ export enum AlertStates {
ERROR,
}
-export interface DocumentCount {
- comparator: Comparator;
- value: number;
-}
+const DocumentCountRT = rt.type({
+ comparator: ComparatorRT,
+ value: rt.number,
+});
-export interface Criterion {
- field: string;
- comparator: Comparator;
- value: string | number;
-}
+export type DocumentCount = rt.TypeOf;
-export interface LogDocumentCountAlertParams {
- count: DocumentCount;
- criteria: Criterion[];
- timeUnit: 's' | 'm' | 'h' | 'd';
- timeSize: number;
-}
+const CriterionRT = rt.type({
+ field: rt.string,
+ comparator: ComparatorRT,
+ value: rt.union([rt.string, rt.number]),
+});
+
+export type Criterion = rt.TypeOf;
+
+const TimeUnitRT = rt.union([rt.literal('s'), rt.literal('m'), rt.literal('h'), rt.literal('d')]);
+export type TimeUnit = rt.TypeOf;
+
+export const LogDocumentCountAlertParamsRT = rt.intersection([
+ rt.type({
+ count: DocumentCountRT,
+ criteria: rt.array(CriterionRT),
+ timeUnit: TimeUnitRT,
+ timeSize: rt.number,
+ }),
+ rt.partial({
+ groupBy: rt.array(rt.string),
+ }),
+]);
+
+export type LogDocumentCountAlertParams = rt.TypeOf;
+
+export const UngroupedSearchQueryResponseRT = rt.intersection([
+ commonSearchSuccessResponseFieldsRT,
+ rt.type({
+ hits: rt.type({
+ total: rt.type({
+ value: rt.number,
+ }),
+ }),
+ }),
+]);
+
+export type UngroupedSearchQueryResponse = rt.TypeOf;
+
+export const GroupedSearchQueryResponseRT = rt.intersection([
+ commonSearchSuccessResponseFieldsRT,
+ rt.type({
+ aggregations: rt.type({
+ groups: rt.intersection([
+ rt.type({
+ buckets: rt.array(
+ rt.type({
+ key: rt.record(rt.string, rt.string),
+ doc_count: rt.number,
+ filtered_results: rt.type({
+ doc_count: rt.number,
+ }),
+ })
+ ),
+ }),
+ rt.partial({
+ after_key: rt.record(rt.string, rt.string),
+ }),
+ ]),
+ }),
+ hits: rt.type({
+ total: rt.type({
+ value: rt.number,
+ }),
+ }),
+ }),
+]);
-export type TimeUnit = 's' | 'm' | 'h' | 'd';
+export type GroupedSearchQueryResponse = rt.TypeOf;
diff --git a/x-pack/plugins/infra/common/utils/elasticsearch_runtime_types.ts b/x-pack/plugins/infra/common/utils/elasticsearch_runtime_types.ts
new file mode 100644
index 0000000000000..a48c65d648b25
--- /dev/null
+++ b/x-pack/plugins/infra/common/utils/elasticsearch_runtime_types.ts
@@ -0,0 +1,18 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import * as rt from 'io-ts';
+
+export const commonSearchSuccessResponseFieldsRT = rt.type({
+ _shards: rt.type({
+ total: rt.number,
+ successful: rt.number,
+ skipped: rt.number,
+ failed: rt.number,
+ }),
+ timed_out: rt.boolean,
+ took: rt.number,
+});
diff --git a/x-pack/plugins/infra/kibana.json b/x-pack/plugins/infra/kibana.json
index 4e23f1985d450..e5ce1b1cd96f8 100644
--- a/x-pack/plugins/infra/kibana.json
+++ b/x-pack/plugins/infra/kibana.json
@@ -13,9 +13,7 @@
"alerts",
"triggers_actions_ui"
],
- "optionalPlugins": [
- "ml"
- ],
+ "optionalPlugins": ["ml", "observability"],
"server": true,
"ui": true,
"configPath": ["xpack", "infra"]
diff --git a/x-pack/plugins/infra/public/apps/common_providers.tsx b/x-pack/plugins/infra/public/apps/common_providers.tsx
index facb0f1539a10..9e4917856d8b2 100644
--- a/x-pack/plugins/infra/public/apps/common_providers.tsx
+++ b/x-pack/plugins/infra/public/apps/common_providers.tsx
@@ -12,7 +12,7 @@ import {
KibanaContextProvider,
} from '../../../../../src/plugins/kibana_react/public';
import { TriggersActionsProvider } from '../utils/triggers_actions_context';
-import { ClientPluginDeps } from '../types';
+import { InfraClientStartDeps } from '../types';
import { TriggersAndActionsUIPublicPluginStart } from '../../../triggers_actions_ui/public';
import { ApolloClientContext } from '../utils/apollo_context';
import { EuiThemeProvider } from '../../../observability/public';
@@ -37,7 +37,7 @@ export const CommonInfraProviders: React.FC<{
export const CoreProviders: React.FC<{
core: CoreStart;
- plugins: ClientPluginDeps;
+ plugins: InfraClientStartDeps;
}> = ({ children, core, plugins }) => {
return (
diff --git a/x-pack/plugins/infra/public/apps/logs_app.tsx b/x-pack/plugins/infra/public/apps/logs_app.tsx
index e0251522bb24c..528d90b2a3a23 100644
--- a/x-pack/plugins/infra/public/apps/logs_app.tsx
+++ b/x-pack/plugins/infra/public/apps/logs_app.tsx
@@ -15,14 +15,14 @@ import '../index.scss';
import { NotFoundPage } from '../pages/404';
import { LinkToLogsPage } from '../pages/link_to/link_to_logs';
import { LogsPage } from '../pages/logs';
-import { ClientPluginDeps } from '../types';
+import { InfraClientStartDeps } from '../types';
import { createApolloClient } from '../utils/apollo_client';
import { CommonInfraProviders, CoreProviders } from './common_providers';
import { prepareMountElement } from './common_styles';
export const renderApp = (
core: CoreStart,
- plugins: ClientPluginDeps,
+ plugins: InfraClientStartDeps,
{ element, history }: AppMountParameters
) => {
const apolloClient = createApolloClient(core.http.fetch);
@@ -43,7 +43,7 @@ const LogsApp: React.FC<{
apolloClient: ApolloClient<{}>;
core: CoreStart;
history: History;
- plugins: ClientPluginDeps;
+ plugins: InfraClientStartDeps;
}> = ({ apolloClient, core, history, plugins }) => {
const uiCapabilities = core.application.capabilities;
diff --git a/x-pack/plugins/infra/public/apps/metrics_app.tsx b/x-pack/plugins/infra/public/apps/metrics_app.tsx
index 8713abe0510a6..3069490466938 100644
--- a/x-pack/plugins/infra/public/apps/metrics_app.tsx
+++ b/x-pack/plugins/infra/public/apps/metrics_app.tsx
@@ -16,7 +16,7 @@ import { NotFoundPage } from '../pages/404';
import { LinkToMetricsPage } from '../pages/link_to/link_to_metrics';
import { InfrastructurePage } from '../pages/metrics';
import { MetricDetail } from '../pages/metrics/metric_detail';
-import { ClientPluginDeps } from '../types';
+import { InfraClientStartDeps } from '../types';
import { createApolloClient } from '../utils/apollo_client';
import { RedirectWithQueryParams } from '../utils/redirect_with_query_params';
import { CommonInfraProviders, CoreProviders } from './common_providers';
@@ -24,7 +24,7 @@ import { prepareMountElement } from './common_styles';
export const renderApp = (
core: CoreStart,
- plugins: ClientPluginDeps,
+ plugins: InfraClientStartDeps,
{ element, history }: AppMountParameters
) => {
const apolloClient = createApolloClient(core.http.fetch);
@@ -45,7 +45,7 @@ const MetricsApp: React.FC<{
apolloClient: ApolloClient<{}>;
core: CoreStart;
history: History;
- plugins: ClientPluginDeps;
+ plugins: InfraClientStartDeps;
}> = ({ apolloClient, core, history, plugins }) => {
const uiCapabilities = core.application.capabilities;
diff --git a/x-pack/plugins/infra/public/components/alerting/logs/expression_editor/editor.tsx b/x-pack/plugins/infra/public/components/alerting/logs/expression_editor/editor.tsx
index 9e4e78ca392fd..295e60552cce5 100644
--- a/x-pack/plugins/infra/public/components/alerting/logs/expression_editor/editor.tsx
+++ b/x-pack/plugins/infra/public/components/alerting/logs/expression_editor/editor.tsx
@@ -22,6 +22,7 @@ import { DocumentCount } from './document_count';
import { Criteria } from './criteria';
import { useSourceId } from '../../../../containers/source_id';
import { LogSourceProvider, useLogSourceContext } from '../../../../containers/logs/log_source';
+import { GroupByExpression } from '../../shared/group_by_expression/group_by_expression';
export interface ExpressionCriteria {
field?: string;
@@ -121,7 +122,6 @@ export const Editor: React.FC = (props) => {
const { setAlertParams, alertParams, errors } = props;
const [hasSetDefaults, setHasSetDefaults] = useState(false);
const { sourceStatus } = useLogSourceContext();
-
useMount(() => {
for (const [key, value] of Object.entries({ ...DEFAULT_EXPRESSION, ...alertParams })) {
setAlertParams(key, value);
@@ -140,6 +140,17 @@ export const Editor: React.FC = (props) => {
/* eslint-disable-next-line react-hooks/exhaustive-deps */
}, [sourceStatus]);
+ const groupByFields = useMemo(() => {
+ if (sourceStatus?.logIndexFields) {
+ return sourceStatus.logIndexFields.filter((field) => {
+ return field.type === 'string' && field.aggregatable;
+ });
+ } else {
+ return [];
+ }
+ /* eslint-disable-next-line react-hooks/exhaustive-deps */
+ }, [sourceStatus]);
+
const updateCount = useCallback(
(countParams) => {
const nextCountParams = { ...alertParams.count, ...countParams };
@@ -172,6 +183,13 @@ export const Editor: React.FC = (props) => {
[setAlertParams]
);
+ const updateGroupBy = useCallback(
+ (groups: string[]) => {
+ setAlertParams('groupBy', groups);
+ },
+ [setAlertParams]
+ );
+
const addCriterion = useCallback(() => {
const nextCriteria = alertParams?.criteria
? [...alertParams.criteria, DEFAULT_CRITERIA]
@@ -219,6 +237,12 @@ export const Editor: React.FC = (props) => {
errors={errors as { [key: string]: string[] }}
/>
+
+
void;
+ label?: string;
+}
+
+const DEFAULT_GROUP_BY_LABEL = i18n.translate('xpack.infra.alerting.alertFlyout.groupByLabel', {
+ defaultMessage: 'Group By',
+});
+
+const EVERYTHING_PLACEHOLDER = i18n.translate(
+ 'xpack.infra.alerting.alertFlyout.groupBy.placeholder',
+ {
+ defaultMessage: 'Nothing (ungrouped)',
+ }
+);
+
+export const GroupByExpression: React.FC = ({
+ selectedGroups = [],
+ fields,
+ label,
+ onChange,
+}) => {
+ const [isPopoverOpen, setIsPopoverOpen] = useState(false);
+
+ const expressionValue = useMemo(() => {
+ return selectedGroups.length > 0 ? selectedGroups.join(', ') : EVERYTHING_PLACEHOLDER;
+ }, [selectedGroups]);
+
+ const labelProp = label ?? DEFAULT_GROUP_BY_LABEL;
+
+ return (
+
+
+ setIsPopoverOpen(true)}
+ />
+ }
+ isOpen={isPopoverOpen}
+ closePopover={() => setIsPopoverOpen(false)}
+ ownFocus
+ panelPaddingSize="s"
+ anchorPosition="downLeft"
+ >
+
+ {labelProp}
+
+
+
+
+
+ );
+};
diff --git a/x-pack/plugins/infra/public/components/alerting/shared/group_by_expression/selector.tsx b/x-pack/plugins/infra/public/components/alerting/shared/group_by_expression/selector.tsx
new file mode 100644
index 0000000000000..7a6a7ff77335b
--- /dev/null
+++ b/x-pack/plugins/infra/public/components/alerting/shared/group_by_expression/selector.tsx
@@ -0,0 +1,56 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { EuiComboBox } from '@elastic/eui';
+import React, { useCallback, useMemo } from 'react';
+import { IFieldType } from 'src/plugins/data/public';
+
+interface Props {
+ selectedGroups?: string[];
+ onChange: (groupBy: string[]) => void;
+ fields: IFieldType[];
+ label: string;
+ placeholder: string;
+}
+
+export const GroupBySelector = ({
+ onChange,
+ fields,
+ selectedGroups = [],
+ label,
+ placeholder,
+}: Props) => {
+ const handleChange = useCallback(
+ (selectedOptions: Array<{ label: string }>) => {
+ const groupBy = selectedOptions.map((option) => option.label);
+ onChange(groupBy);
+ },
+ [onChange]
+ );
+
+ const formattedSelectedGroups = useMemo(() => {
+ return selectedGroups.map((group) => ({ label: group }));
+ }, [selectedGroups]);
+
+ const options = useMemo(() => {
+ return fields.filter((field) => field.aggregatable).map((field) => ({ label: field.name }));
+ }, [fields]);
+
+ return (
+
+
+
+ );
+};
diff --git a/x-pack/plugins/infra/public/index.ts b/x-pack/plugins/infra/public/index.ts
index 8f2d37fa1daa9..cadf9a4837866 100644
--- a/x-pack/plugins/infra/public/index.ts
+++ b/x-pack/plugins/infra/public/index.ts
@@ -5,14 +5,19 @@
*/
import { PluginInitializer, PluginInitializerContext } from 'kibana/public';
-import { ClientSetup, ClientStart, Plugin } from './plugin';
-import { ClientPluginsSetup, ClientPluginsStart } from './types';
+import { Plugin } from './plugin';
+import {
+ InfraClientSetupExports,
+ InfraClientStartExports,
+ InfraClientSetupDeps,
+ InfraClientStartDeps,
+} from './types';
export const plugin: PluginInitializer<
- ClientSetup,
- ClientStart,
- ClientPluginsSetup,
- ClientPluginsStart
+ InfraClientSetupExports,
+ InfraClientStartExports,
+ InfraClientSetupDeps,
+ InfraClientStartDeps
> = (context: PluginInitializerContext) => {
return new Plugin(context);
};
diff --git a/x-pack/plugins/infra/public/plugin.ts b/x-pack/plugins/infra/public/plugin.ts
index 496e788efc060..1b28945320bb6 100644
--- a/x-pack/plugins/infra/public/plugin.ts
+++ b/x-pack/plugins/infra/public/plugin.ts
@@ -4,35 +4,40 @@
* you may not use this file except in compliance with the Elastic License.
*/
import { i18n } from '@kbn/i18n';
-import {
- AppMountParameters,
- CoreSetup,
- CoreStart,
- Plugin as PluginClass,
- PluginInitializerContext,
-} from 'kibana/public';
+import { AppMountParameters, PluginInitializerContext } from 'kibana/public';
import { DEFAULT_APP_CATEGORIES } from '../../../../src/core/public';
import { createMetricThresholdAlertType } from './alerting/metric_threshold';
import { createInventoryMetricAlertType } from './alerting/inventory';
import { getAlertType as getLogsAlertType } from './components/alerting/logs/log_threshold_alert_type';
import { registerStartSingleton } from './legacy_singletons';
import { registerFeatures } from './register_feature';
-import { ClientPluginsSetup, ClientPluginsStart } from './types';
-
-export type ClientSetup = void;
-export type ClientStart = void;
+import {
+ InfraClientSetupDeps,
+ InfraClientStartDeps,
+ InfraClientCoreSetup,
+ InfraClientCoreStart,
+ InfraClientPluginClass,
+} from './types';
+import { getLogsHasDataFetcher, getLogsOverviewDataFetcher } from './utils/logs_overview_fetchers';
-export class Plugin
- implements PluginClass {
+export class Plugin implements InfraClientPluginClass {
constructor(_context: PluginInitializerContext) {}
- setup(core: CoreSetup, pluginsSetup: ClientPluginsSetup) {
+ setup(core: InfraClientCoreSetup, pluginsSetup: InfraClientSetupDeps) {
registerFeatures(pluginsSetup.home);
pluginsSetup.triggers_actions_ui.alertTypeRegistry.register(createInventoryMetricAlertType());
pluginsSetup.triggers_actions_ui.alertTypeRegistry.register(getLogsAlertType());
pluginsSetup.triggers_actions_ui.alertTypeRegistry.register(createMetricThresholdAlertType());
+ if (pluginsSetup.observability) {
+ pluginsSetup.observability.dashboard.register({
+ appName: 'infra_logs',
+ hasData: getLogsHasDataFetcher(core.getStartServices),
+ fetchData: getLogsOverviewDataFetcher(core.getStartServices),
+ });
+ }
+
core.application.register({
id: 'logs',
title: i18n.translate('xpack.infra.logs.pluginTitle', {
@@ -43,20 +48,11 @@ export class Plugin
appRoute: '/app/logs',
category: DEFAULT_APP_CATEGORIES.observability,
mount: async (params: AppMountParameters) => {
+ // mount callback should not use setup dependencies, get start dependencies instead
const [coreStart, pluginsStart] = await core.getStartServices();
const { renderApp } = await import('./apps/logs_app');
- return renderApp(
- coreStart,
- {
- data: pluginsStart.data,
- dataEnhanced: pluginsSetup.dataEnhanced,
- home: pluginsSetup.home,
- triggers_actions_ui: pluginsStart.triggers_actions_ui,
- usageCollection: pluginsSetup.usageCollection,
- },
- params
- );
+ return renderApp(coreStart, pluginsStart, params);
},
});
@@ -70,20 +66,11 @@ export class Plugin
appRoute: '/app/metrics',
category: DEFAULT_APP_CATEGORIES.observability,
mount: async (params: AppMountParameters) => {
+ // mount callback should not use setup dependencies, get start dependencies instead
const [coreStart, pluginsStart] = await core.getStartServices();
const { renderApp } = await import('./apps/metrics_app');
- return renderApp(
- coreStart,
- {
- data: pluginsStart.data,
- dataEnhanced: pluginsSetup.dataEnhanced,
- home: pluginsSetup.home,
- triggers_actions_ui: pluginsStart.triggers_actions_ui,
- usageCollection: pluginsSetup.usageCollection,
- },
- params
- );
+ return renderApp(coreStart, pluginsStart, params);
},
});
@@ -102,7 +89,9 @@ export class Plugin
});
}
- start(core: CoreStart, _plugins: ClientPluginsStart) {
+ start(core: InfraClientCoreStart, _plugins: InfraClientStartDeps) {
registerStartSingleton(core);
}
+
+ stop() {}
}
diff --git a/x-pack/plugins/infra/public/types.ts b/x-pack/plugins/infra/public/types.ts
index 8181da3301c92..357f07265ac6e 100644
--- a/x-pack/plugins/infra/public/types.ts
+++ b/x-pack/plugins/infra/public/types.ts
@@ -4,22 +4,42 @@
* you may not use this file except in compliance with the Elastic License.
*/
+import { CoreSetup, CoreStart, Plugin as PluginClass } from 'kibana/public';
import { DataPublicPluginStart } from '../../../../src/plugins/data/public';
import { HomePublicPluginSetup } from '../../../../src/plugins/home/public';
-import { UsageCollectionSetup } from '../../../../src/plugins/usage_collection/public';
+import {
+ UsageCollectionSetup,
+ UsageCollectionStart,
+} from '../../../../src/plugins/usage_collection/public';
import { TriggersAndActionsUIPublicPluginSetup } from '../../../plugins/triggers_actions_ui/public';
-import { DataEnhancedSetup } from '../../data_enhanced/public';
+import { DataEnhancedSetup, DataEnhancedStart } from '../../data_enhanced/public';
+import { ObservabilityPluginSetup, ObservabilityPluginStart } from '../../observability/public';
-export interface ClientPluginsSetup {
+// Our own setup and start contract values
+export type InfraClientSetupExports = void;
+export type InfraClientStartExports = void;
+
+export interface InfraClientSetupDeps {
dataEnhanced: DataEnhancedSetup;
home: HomePublicPluginSetup;
+ observability: ObservabilityPluginSetup;
triggers_actions_ui: TriggersAndActionsUIPublicPluginSetup;
usageCollection: UsageCollectionSetup;
}
-export interface ClientPluginsStart {
+export interface InfraClientStartDeps {
data: DataPublicPluginStart;
+ dataEnhanced: DataEnhancedStart;
+ observability: ObservabilityPluginStart;
triggers_actions_ui: TriggersAndActionsUIPublicPluginSetup;
+ usageCollection: UsageCollectionStart;
}
-export type ClientPluginDeps = ClientPluginsSetup & ClientPluginsStart;
+export type InfraClientCoreSetup = CoreSetup;
+export type InfraClientCoreStart = CoreStart;
+export type InfraClientPluginClass = PluginClass<
+ InfraClientSetupExports,
+ InfraClientStartExports,
+ InfraClientSetupDeps,
+ InfraClientStartDeps
+>;
diff --git a/x-pack/plugins/infra/public/utils/logs_overview_fetchers.ts b/x-pack/plugins/infra/public/utils/logs_overview_fetchers.ts
new file mode 100644
index 0000000000000..46a0edf75b756
--- /dev/null
+++ b/x-pack/plugins/infra/public/utils/logs_overview_fetchers.ts
@@ -0,0 +1,93 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { InfraClientCoreSetup } from '../types';
+import { LogsFetchDataResponse } from '../../../observability/public';
+
+export function getLogsHasDataFetcher(getStartServices: InfraClientCoreSetup['getStartServices']) {
+ return async () => {
+ // if you need the data plugin, this is how you get it
+ // const [, startPlugins] = await getStartServices();
+ // const { data } = startPlugins;
+
+ // if you need a core dep, we need to pass in more than just getStartServices
+
+ // perform query
+ return true;
+ };
+}
+
+export function getLogsOverviewDataFetcher(
+ getStartServices: InfraClientCoreSetup['getStartServices']
+) {
+ return async (): Promise => {
+ // if you need the data plugin, this is how you get it
+ // const [, startPlugins] = await getStartServices();
+ // const { data } = startPlugins;
+
+ // if you need a core dep, we need to pass in more than just getStartServices
+
+ // perform query
+ return {
+ title: 'Log rate',
+ appLink: 'TBD', // TODO: what format should this be in, relative I assume?
+ stats: {
+ nginx: {
+ type: 'number',
+ label: 'nginx',
+ value: 345341,
+ },
+ 'elasticsearch.audit': {
+ type: 'number',
+ label: 'elasticsearch.audit',
+ value: 164929,
+ },
+ 'haproxy.log': {
+ type: 'number',
+ label: 'haproxy.log',
+ value: 51101,
+ },
+ },
+ // Note: My understanding is that these series coordinates will be
+ // combined into objects that look like:
+ // { x: timestamp, y: value, g: label (e.g. nginx) }
+ // so they fit the stacked bar chart API
+ // https://elastic.github.io/elastic-charts/?path=/story/bar-chart--stacked-with-axis-and-legend
+ series: {
+ nginx: {
+ label: 'nginx',
+ coordinates: [
+ { x: 1593000000000, y: 10014 },
+ { x: 1593000900000, y: 12827 },
+ { x: 1593001800000, y: 2946 },
+ { x: 1593002700000, y: 14298 },
+ { x: 1593003600000, y: 4096 },
+ ],
+ },
+ 'elasticsearch.audit': {
+ label: 'elasticsearch.audit',
+ coordinates: [
+ { x: 1593000000000, y: 5676 },
+ { x: 1593000900000, y: 6783 },
+ { x: 1593001800000, y: 2394 },
+ { x: 1593002700000, y: 4554 },
+ { x: 1593003600000, y: 5659 },
+ ],
+ },
+ 'haproxy.log': {
+ label: 'haproxy.log',
+ coordinates: [
+ { x: 1593000000000, y: 9085 },
+ { x: 1593000900000, y: 9002 },
+ { x: 1593001800000, y: 3940 },
+ { x: 1593002700000, y: 5451 },
+ { x: 1593003600000, y: 9133 },
+ ],
+ },
+ },
+ };
+ };
+}
diff --git a/x-pack/plugins/infra/server/lib/adapters/framework/adapter_types.ts b/x-pack/plugins/infra/server/lib/adapters/framework/adapter_types.ts
index 905b7dfa314bd..018e5098a4291 100644
--- a/x-pack/plugins/infra/server/lib/adapters/framework/adapter_types.ts
+++ b/x-pack/plugins/infra/server/lib/adapters/framework/adapter_types.ts
@@ -60,6 +60,7 @@ export interface InfraDatabaseSearchResponse
skipped: number;
failed: number;
};
+ timed_out: boolean;
aggregations?: Aggregations;
hits: {
total: {
diff --git a/x-pack/plugins/infra/server/lib/alerting/log_threshold/log_threshold_executor.test.ts b/x-pack/plugins/infra/server/lib/alerting/log_threshold/log_threshold_executor.test.ts
index a3b9e85458416..4f1e81e0b2c40 100644
--- a/x-pack/plugins/infra/server/lib/alerting/log_threshold/log_threshold_executor.test.ts
+++ b/x-pack/plugins/infra/server/lib/alerting/log_threshold/log_threshold_executor.test.ts
@@ -55,7 +55,7 @@ services.alertInstanceFactory.mockImplementation((instanceId: string) => {
* Helper functions
*/
function getAlertState(instanceId: string): AlertStates {
- const alert = alertInstances.get(instanceId);
+ const alert = alertInstances.get(`${instanceId}-*`);
if (alert) {
return alert.state.alertState;
} else {
@@ -73,11 +73,26 @@ const executor = (createLogThresholdExecutor('test', libsMock) as unknown) as (o
// Wrapper to test
type Comparison = [number, Comparator, number];
+
async function callExecutor(
[value, comparator, threshold]: Comparison,
criteria: Criterion[] = []
) {
- services.callCluster.mockImplementationOnce(async (..._) => ({ count: value }));
+ services.callCluster.mockImplementationOnce(async (..._) => ({
+ _shards: {
+ total: 1,
+ successful: 1,
+ skipped: 0,
+ failed: 0,
+ },
+ timed_out: false,
+ took: 123456789,
+ hits: {
+ total: {
+ value,
+ },
+ },
+ }));
return await executor({
services,
@@ -90,222 +105,427 @@ async function callExecutor(
});
}
-describe('Comparators trigger alerts correctly', () => {
- it('does not alert when counts do not reach the threshold', async () => {
- await callExecutor([0, Comparator.GT, 1]);
- expect(getAlertState('test')).toBe(AlertStates.OK);
+describe('Ungrouped alerts', () => {
+ describe('Comparators trigger alerts correctly', () => {
+ it('does not alert when counts do not reach the threshold', async () => {
+ await callExecutor([0, Comparator.GT, 1]);
+ expect(getAlertState('test')).toBe(AlertStates.OK);
- await callExecutor([0, Comparator.GT_OR_EQ, 1]);
- expect(getAlertState('test')).toBe(AlertStates.OK);
+ await callExecutor([0, Comparator.GT_OR_EQ, 1]);
+ expect(getAlertState('test')).toBe(AlertStates.OK);
- await callExecutor([1, Comparator.LT, 0]);
- expect(getAlertState('test')).toBe(AlertStates.OK);
+ await callExecutor([1, Comparator.LT, 0]);
+ expect(getAlertState('test')).toBe(AlertStates.OK);
- await callExecutor([1, Comparator.LT_OR_EQ, 0]);
- expect(getAlertState('test')).toBe(AlertStates.OK);
- });
+ await callExecutor([1, Comparator.LT_OR_EQ, 0]);
+ expect(getAlertState('test')).toBe(AlertStates.OK);
+ });
- it('alerts when counts reach the threshold', async () => {
- await callExecutor([2, Comparator.GT, 1]);
- expect(getAlertState('test')).toBe(AlertStates.ALERT);
+ it('alerts when counts reach the threshold', async () => {
+ await callExecutor([2, Comparator.GT, 1]);
+ expect(getAlertState('test')).toBe(AlertStates.ALERT);
- await callExecutor([1, Comparator.GT_OR_EQ, 1]);
- expect(getAlertState('test')).toBe(AlertStates.ALERT);
+ await callExecutor([1, Comparator.GT_OR_EQ, 1]);
+ expect(getAlertState('test')).toBe(AlertStates.ALERT);
- await callExecutor([1, Comparator.LT, 2]);
- expect(getAlertState('test')).toBe(AlertStates.ALERT);
+ await callExecutor([1, Comparator.LT, 2]);
+ expect(getAlertState('test')).toBe(AlertStates.ALERT);
- await callExecutor([2, Comparator.LT_OR_EQ, 2]);
- expect(getAlertState('test')).toBe(AlertStates.ALERT);
+ await callExecutor([2, Comparator.LT_OR_EQ, 2]);
+ expect(getAlertState('test')).toBe(AlertStates.ALERT);
+ });
});
-});
-describe('Comparators create the correct ES queries', () => {
- beforeEach(() => {
- services.callCluster.mockReset();
- });
+ describe('Comparators create the correct ES queries', () => {
+ beforeEach(() => {
+ services.callCluster.mockReset();
+ });
- it('Works with `Comparator.EQ`', async () => {
- await callExecutor(
- [2, Comparator.GT, 1], // Not relevant
- [{ field: 'foo', comparator: Comparator.EQ, value: 'bar' }]
- );
-
- const query = services.callCluster.mock.calls[0][1]!;
- expect(query.body).toMatchObject({
- query: {
- bool: {
- must: [{ term: { foo: { value: 'bar' } } }],
+ it('Works with `Comparator.EQ`', async () => {
+ await callExecutor(
+ [2, Comparator.GT, 1], // Not relevant
+ [{ field: 'foo', comparator: Comparator.EQ, value: 'bar' }]
+ );
+
+ const query = services.callCluster.mock.calls[0][1]!;
+
+ expect(query.body).toMatchObject({
+ track_total_hits: true,
+ query: {
+ bool: {
+ filter: [
+ {
+ range: {
+ '@timestamp': {
+ format: 'epoch_millis',
+ },
+ },
+ },
+ {
+ term: {
+ foo: {
+ value: 'bar',
+ },
+ },
+ },
+ ],
+ },
},
- },
+ size: 0,
+ });
});
- });
- it('works with `Comparator.NOT_EQ`', async () => {
- await callExecutor(
- [2, Comparator.GT, 1], // Not relevant
- [{ field: 'foo', comparator: Comparator.NOT_EQ, value: 'bar' }]
- );
-
- const query = services.callCluster.mock.calls[0][1]!;
- expect(query.body).toMatchObject({
- query: {
- bool: {
- must_not: [{ term: { foo: { value: 'bar' } } }],
+ it('works with `Comparator.NOT_EQ`', async () => {
+ await callExecutor(
+ [2, Comparator.GT, 1], // Not relevant
+ [{ field: 'foo', comparator: Comparator.NOT_EQ, value: 'bar' }]
+ );
+
+ const query = services.callCluster.mock.calls[0][1]!;
+
+ expect(query.body).toMatchObject({
+ track_total_hits: true,
+ query: {
+ bool: {
+ filter: [
+ {
+ range: {
+ '@timestamp': {
+ format: 'epoch_millis',
+ },
+ },
+ },
+ ],
+ must_not: [
+ {
+ term: {
+ foo: {
+ value: 'bar',
+ },
+ },
+ },
+ ],
+ },
},
- },
+ size: 0,
+ });
});
- });
- it('works with `Comparator.MATCH`', async () => {
- await callExecutor(
- [2, Comparator.GT, 1], // Not relevant
- [{ field: 'foo', comparator: Comparator.MATCH, value: 'bar' }]
- );
-
- const query = services.callCluster.mock.calls[0][1]!;
- expect(query.body).toMatchObject({
- query: {
- bool: {
- must: [{ match: { foo: 'bar' } }],
+ it('works with `Comparator.MATCH`', async () => {
+ await callExecutor(
+ [2, Comparator.GT, 1], // Not relevant
+ [{ field: 'foo', comparator: Comparator.MATCH, value: 'bar' }]
+ );
+
+ const query = services.callCluster.mock.calls[0][1]!;
+
+ expect(query.body).toMatchObject({
+ track_total_hits: true,
+ query: {
+ bool: {
+ filter: [
+ {
+ range: {
+ '@timestamp': {
+ format: 'epoch_millis',
+ },
+ },
+ },
+ {
+ match: {
+ foo: 'bar',
+ },
+ },
+ ],
+ },
},
- },
+ size: 0,
+ });
});
- });
- it('works with `Comparator.NOT_MATCH`', async () => {
- await callExecutor(
- [2, Comparator.GT, 1], // Not relevant
- [{ field: 'foo', comparator: Comparator.NOT_MATCH, value: 'bar' }]
- );
-
- const query = services.callCluster.mock.calls[0][1]!;
- expect(query.body).toMatchObject({
- query: {
- bool: {
- must_not: [{ match: { foo: 'bar' } }],
+ it('works with `Comparator.NOT_MATCH`', async () => {
+ await callExecutor(
+ [2, Comparator.GT, 1], // Not relevant
+ [{ field: 'foo', comparator: Comparator.NOT_MATCH, value: 'bar' }]
+ );
+
+ const query = services.callCluster.mock.calls[0][1]!;
+
+ expect(query.body).toMatchObject({
+ track_total_hits: true,
+ query: {
+ bool: {
+ filter: [
+ {
+ range: {
+ '@timestamp': {
+ format: 'epoch_millis',
+ },
+ },
+ },
+ ],
+ must_not: [
+ {
+ match: {
+ foo: 'bar',
+ },
+ },
+ ],
+ },
},
- },
+ size: 0,
+ });
});
- });
- it('works with `Comparator.MATCH_PHRASE`', async () => {
- await callExecutor(
- [2, Comparator.GT, 1], // Not relevant
- [{ field: 'foo', comparator: Comparator.MATCH_PHRASE, value: 'bar' }]
- );
-
- const query = services.callCluster.mock.calls[0][1]!;
- expect(query.body).toMatchObject({
- query: {
- bool: {
- must: [{ match_phrase: { foo: 'bar' } }],
+ it('works with `Comparator.MATCH_PHRASE`', async () => {
+ await callExecutor(
+ [2, Comparator.GT, 1], // Not relevant
+ [{ field: 'foo', comparator: Comparator.MATCH_PHRASE, value: 'bar' }]
+ );
+
+ const query = services.callCluster.mock.calls[0][1]!;
+
+ expect(query.body).toMatchObject({
+ track_total_hits: true,
+ query: {
+ bool: {
+ filter: [
+ {
+ range: {
+ '@timestamp': {
+ format: 'epoch_millis',
+ },
+ },
+ },
+ {
+ match_phrase: {
+ foo: 'bar',
+ },
+ },
+ ],
+ },
},
- },
+ size: 0,
+ });
});
- });
- it('works with `Comparator.NOT_MATCH_PHRASE`', async () => {
- await callExecutor(
- [2, Comparator.GT, 1], // Not relevant
- [{ field: 'foo', comparator: Comparator.NOT_MATCH_PHRASE, value: 'bar' }]
- );
-
- const query = services.callCluster.mock.calls[0][1]!;
- expect(query.body).toMatchObject({
- query: {
- bool: {
- must_not: [{ match_phrase: { foo: 'bar' } }],
+ it('works with `Comparator.NOT_MATCH_PHRASE`', async () => {
+ await callExecutor(
+ [2, Comparator.GT, 1], // Not relevant
+ [{ field: 'foo', comparator: Comparator.NOT_MATCH_PHRASE, value: 'bar' }]
+ );
+
+ const query = services.callCluster.mock.calls[0][1]!;
+
+ expect(query.body).toMatchObject({
+ track_total_hits: true,
+ query: {
+ bool: {
+ filter: [
+ {
+ range: {
+ '@timestamp': {
+ format: 'epoch_millis',
+ },
+ },
+ },
+ ],
+ must_not: [
+ {
+ match_phrase: {
+ foo: 'bar',
+ },
+ },
+ ],
+ },
},
- },
+ size: 0,
+ });
});
- });
- it('works with `Comparator.GT`', async () => {
- await callExecutor(
- [2, Comparator.GT, 1], // Not relevant
- [{ field: 'foo', comparator: Comparator.GT, value: 1 }]
- );
-
- const query = services.callCluster.mock.calls[0][1]!;
- expect(query.body).toMatchObject({
- query: {
- bool: {
- must: [{ range: { foo: { gt: 1 } } }],
+ it('works with `Comparator.GT`', async () => {
+ await callExecutor(
+ [2, Comparator.GT, 1], // Not relevant
+ [{ field: 'foo', comparator: Comparator.GT, value: 1 }]
+ );
+
+ const query = services.callCluster.mock.calls[0][1]!;
+
+ expect(query.body).toMatchObject({
+ track_total_hits: true,
+ query: {
+ bool: {
+ filter: [
+ {
+ range: {
+ '@timestamp': {
+ format: 'epoch_millis',
+ },
+ },
+ },
+ {
+ range: {
+ foo: {
+ gt: 1,
+ },
+ },
+ },
+ ],
+ },
},
- },
+ size: 0,
+ });
});
- });
- it('works with `Comparator.GT_OR_EQ`', async () => {
- await callExecutor(
- [2, Comparator.GT, 1], // Not relevant
- [{ field: 'foo', comparator: Comparator.GT_OR_EQ, value: 1 }]
- );
-
- const query = services.callCluster.mock.calls[0][1]!;
- expect(query.body).toMatchObject({
- query: {
- bool: {
- must: [{ range: { foo: { gte: 1 } } }],
+ it('works with `Comparator.GT_OR_EQ`', async () => {
+ await callExecutor(
+ [2, Comparator.GT, 1], // Not relevant
+ [{ field: 'foo', comparator: Comparator.GT_OR_EQ, value: 1 }]
+ );
+
+ const query = services.callCluster.mock.calls[0][1]!;
+
+ expect(query.body).toMatchObject({
+ track_total_hits: true,
+ query: {
+ bool: {
+ filter: [
+ {
+ range: {
+ '@timestamp': {
+ format: 'epoch_millis',
+ },
+ },
+ },
+ {
+ range: {
+ foo: {
+ gte: 1,
+ },
+ },
+ },
+ ],
+ },
},
- },
+ size: 0,
+ });
});
- });
- it('works with `Comparator.LT`', async () => {
- await callExecutor(
- [2, Comparator.GT, 1], // Not relevant
- [{ field: 'foo', comparator: Comparator.LT, value: 1 }]
- );
-
- const query = services.callCluster.mock.calls[0][1]!;
- expect(query.body).toMatchObject({
- query: {
- bool: {
- must: [{ range: { foo: { lt: 1 } } }],
+ it('works with `Comparator.LT`', async () => {
+ await callExecutor(
+ [2, Comparator.GT, 1], // Not relevant
+ [{ field: 'foo', comparator: Comparator.LT, value: 1 }]
+ );
+
+ const query = services.callCluster.mock.calls[0][1]!;
+
+ expect(query.body).toMatchObject({
+ track_total_hits: true,
+ query: {
+ bool: {
+ filter: [
+ {
+ range: {
+ '@timestamp': {
+ format: 'epoch_millis',
+ },
+ },
+ },
+ {
+ range: {
+ foo: {
+ lt: 1,
+ },
+ },
+ },
+ ],
+ },
},
- },
+ size: 0,
+ });
});
- });
- it('works with `Comparator.LT_OR_EQ`', async () => {
- await callExecutor(
- [2, Comparator.GT, 1], // Not relevant
- [{ field: 'foo', comparator: Comparator.LT_OR_EQ, value: 1 }]
- );
-
- const query = services.callCluster.mock.calls[0][1]!;
- expect(query.body).toMatchObject({
- query: {
- bool: {
- must: [{ range: { foo: { lte: 1 } } }],
+ it('works with `Comparator.LT_OR_EQ`', async () => {
+ await callExecutor(
+ [2, Comparator.GT, 1], // Not relevant
+ [{ field: 'foo', comparator: Comparator.LT_OR_EQ, value: 1 }]
+ );
+
+ const query = services.callCluster.mock.calls[0][1]!;
+
+ expect(query.body).toMatchObject({
+ track_total_hits: true,
+ query: {
+ bool: {
+ filter: [
+ {
+ range: {
+ '@timestamp': {
+ format: 'epoch_millis',
+ },
+ },
+ },
+ {
+ range: {
+ foo: {
+ lte: 1,
+ },
+ },
+ },
+ ],
+ },
},
- },
+ size: 0,
+ });
});
});
-});
-describe('Multiple criteria create the right ES query', () => {
- beforeEach(() => {
- services.callCluster.mockReset();
- });
- it('works', async () => {
- await callExecutor(
- [2, Comparator.GT, 1], // Not relevant
- [
- { field: 'foo', comparator: Comparator.EQ, value: 'bar' },
- { field: 'http.status', comparator: Comparator.LT, value: 400 },
- ]
- );
-
- const query = services.callCluster.mock.calls[0][1]!;
- expect(query.body).toMatchObject({
- query: {
- bool: {
- must: [{ term: { foo: { value: 'bar' } } }, { range: { 'http.status': { lt: 400 } } }],
+ describe('Multiple criteria create the right ES query', () => {
+ beforeEach(() => {
+ services.callCluster.mockReset();
+ });
+ it('works', async () => {
+ await callExecutor(
+ [2, Comparator.GT, 1], // Not relevant
+ [
+ { field: 'foo', comparator: Comparator.EQ, value: 'bar' },
+ { field: 'http.status', comparator: Comparator.LT, value: 400 },
+ ]
+ );
+
+ const query = services.callCluster.mock.calls[0][1]!;
+
+ expect(query.body).toMatchObject({
+ track_total_hits: true,
+ query: {
+ bool: {
+ filter: [
+ {
+ range: {
+ '@timestamp': {
+ format: 'epoch_millis',
+ },
+ },
+ },
+ {
+ term: {
+ foo: {
+ value: 'bar',
+ },
+ },
+ },
+ {
+ range: {
+ 'http.status': {
+ lt: 400,
+ },
+ },
+ },
+ ],
+ },
},
- },
+ size: 0,
+ });
});
});
});
diff --git a/x-pack/plugins/infra/server/lib/alerting/log_threshold/log_threshold_executor.ts b/x-pack/plugins/infra/server/lib/alerting/log_threshold/log_threshold_executor.ts
index ee4e1fcb3f6e2..a2fd01f859385 100644
--- a/x-pack/plugins/infra/server/lib/alerting/log_threshold/log_threshold_executor.ts
+++ b/x-pack/plugins/infra/server/lib/alerting/log_threshold/log_threshold_executor.ts
@@ -11,10 +11,19 @@ import {
Comparator,
LogDocumentCountAlertParams,
Criterion,
+ GroupedSearchQueryResponseRT,
+ UngroupedSearchQueryResponseRT,
+ UngroupedSearchQueryResponse,
+ GroupedSearchQueryResponse,
+ LogDocumentCountAlertParamsRT,
} from '../../../../common/alerting/logs/types';
import { InfraBackendLibs } from '../../infra_types';
import { getIntervalInSeconds } from '../../../utils/get_interval_in_seconds';
import { InfraSource } from '../../../../common/http_api/source_api';
+import { decodeOrThrow } from '../../../../common/runtime_types';
+
+const UNGROUPED_FACTORY_KEY = '*';
+const COMPOSITE_GROUP_SIZE = 40;
const checkValueAgainstComparatorMap: {
[key: string]: (a: number, b: number) => boolean;
@@ -25,37 +34,42 @@ const checkValueAgainstComparatorMap: {
[Comparator.LT_OR_EQ]: (a: number, b: number) => a <= b,
};
-export const createLogThresholdExecutor = (alertUUID: string, libs: InfraBackendLibs) =>
+export const createLogThresholdExecutor = (alertId: string, libs: InfraBackendLibs) =>
async function ({ services, params }: AlertExecutorOptions) {
- const { count, criteria } = params as LogDocumentCountAlertParams;
const { alertInstanceFactory, savedObjectsClient, callCluster } = services;
const { sources } = libs;
+ const { groupBy } = params;
const sourceConfiguration = await sources.getSourceConfiguration(savedObjectsClient, 'default');
const indexPattern = sourceConfiguration.configuration.logAlias;
-
- const alertInstance = alertInstanceFactory(alertUUID);
+ const alertInstance = alertInstanceFactory(alertId);
try {
- const query = getESQuery(
- params as LogDocumentCountAlertParams,
- sourceConfiguration.configuration
- );
- const result = await getResults(query, indexPattern, callCluster);
-
- if (checkValueAgainstComparatorMap[count.comparator](result.count, count.value)) {
- alertInstance.scheduleActions(FIRED_ACTIONS.id, {
- matchingDocuments: result.count,
- conditions: createConditionsMessage(criteria),
- });
-
- alertInstance.replaceState({
- alertState: AlertStates.ALERT,
- });
+ const validatedParams = decodeOrThrow(LogDocumentCountAlertParamsRT)(params);
+
+ const query =
+ groupBy && groupBy.length > 0
+ ? getGroupedESQuery(validatedParams, sourceConfiguration.configuration, indexPattern)
+ : getUngroupedESQuery(validatedParams, sourceConfiguration.configuration, indexPattern);
+
+ if (!query) {
+ throw new Error('ES query could not be built from the provided alert params');
+ }
+
+ if (groupBy && groupBy.length > 0) {
+ processGroupByResults(
+ await getGroupedResults(query, callCluster),
+ validatedParams,
+ alertInstanceFactory,
+ alertId
+ );
} else {
- alertInstance.replaceState({
- alertState: AlertStates.OK,
- });
+ processUngroupedResults(
+ await getUngroupedResults(query, callCluster),
+ validatedParams,
+ alertInstanceFactory,
+ alertId
+ );
}
} catch (e) {
alertInstance.replaceState({
@@ -66,27 +80,82 @@ export const createLogThresholdExecutor = (alertUUID: string, libs: InfraBackend
}
};
-const getESQuery = (
+const processUngroupedResults = (
+ results: UngroupedSearchQueryResponse,
params: LogDocumentCountAlertParams,
- sourceConfiguration: InfraSource['configuration']
-): object => {
+ alertInstanceFactory: AlertExecutorOptions['services']['alertInstanceFactory'],
+ alertId: string
+) => {
+ const { count, criteria } = params;
+
+ const alertInstance = alertInstanceFactory(`${alertId}-${UNGROUPED_FACTORY_KEY}`);
+ const documentCount = results.hits.total.value;
+
+ if (checkValueAgainstComparatorMap[count.comparator](documentCount, count.value)) {
+ alertInstance.scheduleActions(FIRED_ACTIONS.id, {
+ matchingDocuments: documentCount,
+ conditions: createConditionsMessage(criteria),
+ group: null,
+ });
+
+ alertInstance.replaceState({
+ alertState: AlertStates.ALERT,
+ });
+ } else {
+ alertInstance.replaceState({
+ alertState: AlertStates.OK,
+ });
+ }
+};
+
+interface ReducedGroupByResults {
+ name: string;
+ documentCount: number;
+}
+
+const processGroupByResults = (
+ results: GroupedSearchQueryResponse['aggregations']['groups']['buckets'],
+ params: LogDocumentCountAlertParams,
+ alertInstanceFactory: AlertExecutorOptions['services']['alertInstanceFactory'],
+ alertId: string
+) => {
+ const { count, criteria } = params;
+
+ const groupResults = results.reduce((acc, groupBucket) => {
+ const groupName = Object.values(groupBucket.key).join(', ');
+ const groupResult = { name: groupName, documentCount: groupBucket.filtered_results.doc_count };
+ return [...acc, groupResult];
+ }, []);
+
+ groupResults.forEach((group) => {
+ const alertInstance = alertInstanceFactory(`${alertId}-${group.name}`);
+ const documentCount = group.documentCount;
+
+ if (checkValueAgainstComparatorMap[count.comparator](documentCount, count.value)) {
+ alertInstance.scheduleActions(FIRED_ACTIONS.id, {
+ matchingDocuments: documentCount,
+ conditions: createConditionsMessage(criteria),
+ group: group.name,
+ });
+
+ alertInstance.replaceState({
+ alertState: AlertStates.ALERT,
+ });
+ } else {
+ alertInstance.replaceState({
+ alertState: AlertStates.OK,
+ });
+ }
+ });
+};
+
+const buildFiltersFromCriteria = (params: LogDocumentCountAlertParams, timestampField: string) => {
const { timeSize, timeUnit, criteria } = params;
const interval = `${timeSize}${timeUnit}`;
const intervalAsSeconds = getIntervalInSeconds(interval);
+ const intervalAsMs = intervalAsSeconds * 1000;
const to = Date.now();
- const from = to - intervalAsSeconds * 1000;
-
- const rangeFilters = [
- {
- range: {
- [sourceConfiguration.fields.timestamp]: {
- gte: from,
- lte: to,
- format: 'epoch_millis',
- },
- },
- },
- ];
+ const from = to - intervalAsMs;
const positiveComparators = getPositiveComparators();
const negativeComparators = getNegativeComparators();
@@ -101,17 +170,121 @@ const getESQuery = (
// Negative assertions (things that "must not" match)
const mustNotFilters = buildFiltersForCriteria(negativeCriteria);
- const query = {
+ const rangeFilter = {
+ range: {
+ [timestampField]: {
+ gte: from,
+ lte: to,
+ format: 'epoch_millis',
+ },
+ },
+ };
+
+ // For group by scenarios we'll pad the time range by 1 x the interval size on the left (lte) and right (gte), this is so
+ // a wider net is cast to "capture" the groups. This is to account for scenarios where we want ascertain if
+ // there were "no documents" (less than 1 for example). In these cases we may be missing documents to build the groups
+ // and match / not match the criteria.
+ const groupedRangeFilter = {
+ range: {
+ [timestampField]: {
+ gte: from - intervalAsMs,
+ lte: to + intervalAsMs,
+ format: 'epoch_millis',
+ },
+ },
+ };
+
+ return { rangeFilter, groupedRangeFilter, mustFilters, mustNotFilters };
+};
+
+const getGroupedESQuery = (
+ params: LogDocumentCountAlertParams,
+ sourceConfiguration: InfraSource['configuration'],
+ index: string
+): object | undefined => {
+ const { groupBy } = params;
+
+ if (!groupBy || !groupBy.length) {
+ return;
+ }
+
+ const timestampField = sourceConfiguration.fields.timestamp;
+
+ const { rangeFilter, groupedRangeFilter, mustFilters, mustNotFilters } = buildFiltersFromCriteria(
+ params,
+ timestampField
+ );
+
+ const aggregations = {
+ groups: {
+ composite: {
+ size: COMPOSITE_GROUP_SIZE,
+ sources: groupBy.map((field, groupIndex) => ({
+ [`group-${groupIndex}-${field}`]: {
+ terms: { field },
+ },
+ })),
+ },
+ aggregations: {
+ filtered_results: {
+ filter: {
+ bool: {
+ // Scope the inner filtering back to the unpadded range
+ filter: [rangeFilter, ...mustFilters],
+ },
+ },
+ },
+ },
+ },
+ };
+
+ const body = {
query: {
bool: {
- filter: [...rangeFilters],
- ...(mustFilters.length > 0 && { must: mustFilters }),
+ filter: [groupedRangeFilter],
...(mustNotFilters.length > 0 && { must_not: mustNotFilters }),
},
},
+ aggregations,
+ size: 0,
};
- return query;
+ return {
+ index,
+ allowNoIndices: true,
+ ignoreUnavailable: true,
+ body,
+ };
+};
+
+const getUngroupedESQuery = (
+ params: LogDocumentCountAlertParams,
+ sourceConfiguration: InfraSource['configuration'],
+ index: string
+): object => {
+ const { rangeFilter, mustFilters, mustNotFilters } = buildFiltersFromCriteria(
+ params,
+ sourceConfiguration.fields.timestamp
+ );
+
+ const body = {
+ // Ensure we accurately track the hit count for the ungrouped case, otherwise we can only ensure accuracy up to 10,000.
+ track_total_hits: true,
+ query: {
+ bool: {
+ filter: [rangeFilter, ...mustFilters],
+ ...(mustNotFilters.length > 0 && { must_not: mustNotFilters }),
+ },
+ },
+ size: 0,
+ };
+
+ return {
+ index,
+ allowNoIndices: true,
+ ignoreUnavailable: true,
+ body,
+ };
};
type SupportedESQueryTypes = 'term' | 'match' | 'match_phrase' | 'range';
@@ -145,7 +318,6 @@ const buildCriterionQuery = (criterion: Criterion): Filter | undefined => {
},
},
};
- break;
case 'match': {
return {
match: {
@@ -221,15 +393,31 @@ const getQueryMappingForComparator = (comparator: Comparator) => {
return queryMappings[comparator];
};
-const getResults = async (
- query: object,
- index: string,
- callCluster: AlertServices['callCluster']
-) => {
- return await callCluster('count', {
- body: query,
- index,
- });
+const getUngroupedResults = async (query: object, callCluster: AlertServices['callCluster']) => {
+ return decodeOrThrow(UngroupedSearchQueryResponseRT)(await callCluster('search', query));
+};
+
+const getGroupedResults = async (query: object, callCluster: AlertServices['callCluster']) => {
+ let compositeGroupBuckets: GroupedSearchQueryResponse['aggregations']['groups']['buckets'] = [];
+ let lastAfterKey: GroupedSearchQueryResponse['aggregations']['groups']['after_key'] | undefined;
+
+ while (true) {
+ const queryWithAfterKey: any = { ...query };
+ queryWithAfterKey.body.aggregations.groups.composite.after = lastAfterKey;
+ const groupResponse: GroupedSearchQueryResponse = decodeOrThrow(GroupedSearchQueryResponseRT)(
+ await callCluster('search', queryWithAfterKey)
+ );
+ compositeGroupBuckets = [
+ ...compositeGroupBuckets,
+ ...groupResponse.aggregations.groups.buckets,
+ ];
+ lastAfterKey = groupResponse.aggregations.groups.after_key;
+ if (groupResponse.aggregations.groups.buckets.length < COMPOSITE_GROUP_SIZE) {
+ break;
+ }
+ }
+
+ return compositeGroupBuckets;
};
const createConditionsMessage = (criteria: LogDocumentCountAlertParams['criteria']) => {
diff --git a/x-pack/plugins/infra/server/lib/alerting/log_threshold/register_log_threshold_alert_type.ts b/x-pack/plugins/infra/server/lib/alerting/log_threshold/register_log_threshold_alert_type.ts
index ed7e82fe29e4c..43c298019b632 100644
--- a/x-pack/plugins/infra/server/lib/alerting/log_threshold/register_log_threshold_alert_type.ts
+++ b/x-pack/plugins/infra/server/lib/alerting/log_threshold/register_log_threshold_alert_type.ts
@@ -28,6 +28,13 @@ const conditionsActionVariableDescription = i18n.translate(
}
);
+const groupByActionVariableDescription = i18n.translate(
+ 'xpack.infra.logs.alerting.threshold.groupByActionVariableDescription',
+ {
+ defaultMessage: 'The name of the group responsible for triggering the alert',
+ }
+);
+
const countSchema = schema.object({
value: schema.number(),
comparator: schema.oneOf([
@@ -75,6 +82,7 @@ export async function registerLogThresholdAlertType(
criteria: schema.arrayOf(criteriaSchema),
timeUnit: schema.string(),
timeSize: schema.number(),
+ groupBy: schema.maybe(schema.arrayOf(schema.string())),
}),
},
defaultActionGroupId: FIRED_ACTIONS.id,
@@ -84,6 +92,7 @@ export async function registerLogThresholdAlertType(
context: [
{ name: 'matchingDocuments', description: documentCountActionVariableDescription },
{ name: 'conditions', description: conditionsActionVariableDescription },
+ { name: 'group', description: groupByActionVariableDescription },
],
},
producer: 'logs',
diff --git a/x-pack/plugins/ingest_manager/server/saved_objects/index.ts b/x-pack/plugins/ingest_manager/server/saved_objects/index.ts
index 470b808420136..1d412937e244f 100644
--- a/x-pack/plugins/ingest_manager/server/saved_objects/index.ts
+++ b/x-pack/plugins/ingest_manager/server/saved_objects/index.ts
@@ -65,9 +65,9 @@ const savedObjectTypes: { [key: string]: SavedObjectsType } = {
config_revision: { type: 'integer' },
config_newest_revision: { type: 'integer' },
default_api_key_id: { type: 'keyword' },
- default_api_key: { type: 'keyword' },
+ default_api_key: { type: 'binary', index: false },
updated_at: { type: 'date' },
- current_error_events: { type: 'text' },
+ current_error_events: { type: 'text', index: false },
packages: { type: 'keyword' },
},
},
@@ -83,7 +83,7 @@ const savedObjectTypes: { [key: string]: SavedObjectsType } = {
properties: {
agent_id: { type: 'keyword' },
type: { type: 'keyword' },
- data: { type: 'binary' },
+ data: { type: 'binary', index: false },
sent_at: { type: 'date' },
created_at: { type: 'date' },
},
@@ -130,7 +130,7 @@ const savedObjectTypes: { [key: string]: SavedObjectsType } = {
updated_at: { type: 'date' },
updated_by: { type: 'keyword' },
revision: { type: 'integer' },
- monitoring_enabled: { type: 'keyword' },
+ monitoring_enabled: { type: 'keyword', index: false },
},
},
migrations: {
@@ -148,7 +148,7 @@ const savedObjectTypes: { [key: string]: SavedObjectsType } = {
properties: {
name: { type: 'keyword' },
type: { type: 'keyword' },
- api_key: { type: 'binary' },
+ api_key: { type: 'binary', index: false },
api_key_id: { type: 'keyword' },
config_id: { type: 'keyword' },
created_at: { type: 'date' },
@@ -171,9 +171,9 @@ const savedObjectTypes: { [key: string]: SavedObjectsType } = {
type: { type: 'keyword' },
is_default: { type: 'boolean' },
hosts: { type: 'keyword' },
- ca_sha256: { type: 'keyword' },
- fleet_enroll_username: { type: 'binary' },
- fleet_enroll_password: { type: 'binary' },
+ ca_sha256: { type: 'keyword', index: false },
+ fleet_enroll_username: { type: 'binary', index: false },
+ fleet_enroll_password: { type: 'binary', index: false },
config: { type: 'flattened' },
},
},
@@ -202,6 +202,7 @@ const savedObjectTypes: { [key: string]: SavedObjectsType } = {
output_id: { type: 'keyword' },
inputs: {
type: 'nested',
+ enabled: false,
properties: {
type: { type: 'keyword' },
enabled: { type: 'boolean' },
diff --git a/x-pack/plugins/ingest_manager/server/services/setup.ts b/x-pack/plugins/ingest_manager/server/services/setup.ts
index 7a81a1db84b60..9cf1e5b368385 100644
--- a/x-pack/plugins/ingest_manager/server/services/setup.ts
+++ b/x-pack/plugins/ingest_manager/server/services/setup.ts
@@ -30,70 +30,93 @@ import { appContextService } from './app_context';
const FLEET_ENROLL_USERNAME = 'fleet_enroll';
const FLEET_ENROLL_ROLE = 'fleet_enroll';
+// the promise which tracks the setup
+let setupIngestStatus: Promise | undefined;
+// default resolve & reject to guard against "undefined is not a function" errors
+let onSetupResolve = () => {};
+let onSetupReject = (error: Error) => {};
+
export async function setupIngestManager(
soClient: SavedObjectsClientContract,
callCluster: CallESAsCurrentUser
) {
- const [installedPackages, defaultOutput, config] = await Promise.all([
- // packages installed by default
- ensureInstalledDefaultPackages(soClient, callCluster),
- outputService.ensureDefaultOutput(soClient),
- agentConfigService.ensureDefaultAgentConfig(soClient),
- ensureDefaultIndices(callCluster),
- settingsService.getSettings(soClient).catch((e: any) => {
- if (e.isBoom && e.output.statusCode === 404) {
- const http = appContextService.getHttpSetup();
- const serverInfo = http.getServerInfo();
- const basePath = http.basePath;
-
- const cloud = appContextService.getCloud();
- const cloudId = cloud?.isCloudEnabled && cloud.cloudId;
- const cloudUrl = cloudId && decodeCloudId(cloudId)?.kibanaUrl;
- const flagsUrl = appContextService.getConfig()?.fleet?.kibana?.host;
- const defaultUrl = url.format({
- protocol: serverInfo.protocol,
- hostname: serverInfo.host,
- port: serverInfo.port,
- pathname: basePath.serverBasePath,
- });
-
- return settingsService.saveSettings(soClient, {
- agent_auto_upgrade: true,
- package_auto_upgrade: true,
- kibana_url: cloudUrl || flagsUrl || defaultUrl,
- });
- }
-
- return Promise.reject(e);
- }),
- ]);
-
- // ensure default packages are added to the default conifg
- const configWithDatasource = await agentConfigService.get(soClient, config.id, true);
- if (!configWithDatasource) {
- throw new Error('Config not found');
- }
- if (
- configWithDatasource.datasources.length &&
- typeof configWithDatasource.datasources[0] === 'string'
- ) {
- throw new Error('Config not found');
+ // installation in progress
+ if (setupIngestStatus) {
+ await setupIngestStatus;
+ } else {
+ // create the initial promise
+ setupIngestStatus = new Promise((res, rej) => {
+ onSetupResolve = res;
+ onSetupReject = rej;
+ });
}
- for (const installedPackage of installedPackages) {
- const packageShouldBeInstalled = DEFAULT_AGENT_CONFIGS_PACKAGES.some(
- (packageName) => installedPackage.name === packageName
- );
- if (!packageShouldBeInstalled) {
- continue;
+ try {
+ const [installedPackages, defaultOutput, config] = await Promise.all([
+ // packages installed by default
+ ensureInstalledDefaultPackages(soClient, callCluster),
+ outputService.ensureDefaultOutput(soClient),
+ agentConfigService.ensureDefaultAgentConfig(soClient),
+ ensureDefaultIndices(callCluster),
+ settingsService.getSettings(soClient).catch((e: any) => {
+ if (e.isBoom && e.output.statusCode === 404) {
+ const http = appContextService.getHttpSetup();
+ const serverInfo = http.getServerInfo();
+ const basePath = http.basePath;
+
+ const cloud = appContextService.getCloud();
+ const cloudId = cloud?.isCloudEnabled && cloud.cloudId;
+ const cloudUrl = cloudId && decodeCloudId(cloudId)?.kibanaUrl;
+ const flagsUrl = appContextService.getConfig()?.fleet?.kibana?.host;
+ const defaultUrl = url.format({
+ protocol: serverInfo.protocol,
+ hostname: serverInfo.host,
+ port: serverInfo.port,
+ pathname: basePath.serverBasePath,
+ });
+
+ return settingsService.saveSettings(soClient, {
+ agent_auto_upgrade: true,
+ package_auto_upgrade: true,
+ kibana_url: cloudUrl || flagsUrl || defaultUrl,
+ });
+ }
+
+ return Promise.reject(e);
+ }),
+ ]);
+
+ // ensure default packages are added to the default conifg
+ const configWithDatasource = await agentConfigService.get(soClient, config.id, true);
+ if (!configWithDatasource) {
+ throw new Error('Config not found');
}
+ if (
+ configWithDatasource.datasources.length &&
+ typeof configWithDatasource.datasources[0] === 'string'
+ ) {
+ throw new Error('Config not found');
+ }
+ for (const installedPackage of installedPackages) {
+ const packageShouldBeInstalled = DEFAULT_AGENT_CONFIGS_PACKAGES.some(
+ (packageName) => installedPackage.name === packageName
+ );
+ if (!packageShouldBeInstalled) {
+ continue;
+ }
- const isInstalled = configWithDatasource.datasources.some((d: Datasource | string) => {
- return typeof d !== 'string' && d.package?.name === installedPackage.name;
- });
-
- if (!isInstalled) {
- await addPackageToConfig(soClient, installedPackage, configWithDatasource, defaultOutput);
+ const isInstalled = configWithDatasource.datasources.some((d: Datasource | string) => {
+ return typeof d !== 'string' && d.package?.name === installedPackage.name;
+ });
+ if (!isInstalled) {
+ await addPackageToConfig(soClient, installedPackage, configWithDatasource, defaultOutput);
+ }
}
+
+ // if everything works, resolve/succeed
+ onSetupResolve();
+ } catch (error) {
+ // if anything errors, reject/fail
+ onSetupReject(error);
}
}
@@ -135,7 +158,7 @@ export async function setupFleet(
},
});
- await outputService.invalidateCache();
+ outputService.invalidateCache();
// save fleet admin user
const defaultOutputId = await outputService.getDefaultOutputId(soClient);
diff --git a/x-pack/plugins/maps/public/classes/layers/solution_layers/security/security_index_pattern_utils.ts b/x-pack/plugins/maps/public/classes/layers/solution_layers/security/security_index_pattern_utils.ts
index 141b9133505b7..6ba27322757bf 100644
--- a/x-pack/plugins/maps/public/classes/layers/solution_layers/security/security_index_pattern_utils.ts
+++ b/x-pack/plugins/maps/public/classes/layers/solution_layers/security/security_index_pattern_utils.ts
@@ -6,9 +6,6 @@
/* eslint-disable @typescript-eslint/consistent-type-definitions */
import minimatch from 'minimatch';
-import { SimpleSavedObject } from 'src/core/public';
-// eslint-disable-next-line @kbn/eslint/no-restricted-paths
-import { IndexPatternSavedObjectAttrs } from 'src/plugins/data/common/index_patterns/index_patterns/index_patterns';
import { getIndexPatternService, getUiSettings } from '../../../../kibana_services';
export type IndexPatternMeta = {
@@ -29,13 +26,13 @@ export async function getSecurityIndexPatterns(): Promise {
const indexPatternCache = await getIndexPatternService().getCache();
return indexPatternCache!
- .filter((savedObject: SimpleSavedObject) => {
+ .filter((savedObject) => {
return (securityIndexPatternTitles as string[]).some((indexPatternTitle) => {
// glob matching index pattern title
return minimatch(indexPatternTitle, savedObject?.attributes?.title);
});
})
- .map((savedObject: SimpleSavedObject) => {
+ .map((savedObject) => {
return {
id: savedObject.id,
title: savedObject.attributes.title,
diff --git a/x-pack/plugins/maps/server/plugin.ts b/x-pack/plugins/maps/server/plugin.ts
index 60f3a9b68202c..dbcce50ac2b9a 100644
--- a/x-pack/plugins/maps/server/plugin.ts
+++ b/x-pack/plugins/maps/server/plugin.ts
@@ -15,7 +15,7 @@ import { getFlightsSavedObjects } from './sample_data/flights_saved_objects.js';
import { getWebLogsSavedObjects } from './sample_data/web_logs_saved_objects.js';
import { registerMapsUsageCollector } from './maps_telemetry/collectors/register';
import { APP_ID, APP_ICON, MAP_SAVED_OBJECT_TYPE, getExistingMapPath } from '../common/constants';
-import { mapSavedObjects } from './saved_objects';
+import { mapSavedObjects, mapsTelemetrySavedObjects } from './saved_objects';
import { MapsXPackConfig } from '../config';
// @ts-ignore
import { setInternalRepository } from './kibana_server_services';
@@ -191,6 +191,7 @@ export class MapsPlugin implements Plugin {
},
});
+ core.savedObjects.registerType(mapsTelemetrySavedObjects);
core.savedObjects.registerType(mapSavedObjects);
registerMapsUsageCollector(usageCollection, currentConfig);
diff --git a/x-pack/plugins/maps/server/saved_objects/index.ts b/x-pack/plugins/maps/server/saved_objects/index.ts
index 804d720a13ab0..c4b779183a2de 100644
--- a/x-pack/plugins/maps/server/saved_objects/index.ts
+++ b/x-pack/plugins/maps/server/saved_objects/index.ts
@@ -3,4 +3,5 @@
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
+export { mapsTelemetrySavedObjects } from './maps_telemetry';
export { mapSavedObjects } from './map';
diff --git a/x-pack/plugins/maps/server/saved_objects/maps_telemetry.ts b/x-pack/plugins/maps/server/saved_objects/maps_telemetry.ts
new file mode 100644
index 0000000000000..c0d36983f65cd
--- /dev/null
+++ b/x-pack/plugins/maps/server/saved_objects/maps_telemetry.ts
@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+import { SavedObjectsType } from 'src/core/server';
+
+/*
+ * The maps-telemetry saved object type isn't used, but in order to remove these fields from
+ * the mappings we register this type with `type: 'object', enabled: true` to remove all
+ * previous fields from the mappings until https://github.com/elastic/kibana/issues/67086 is
+ * solved.
+ */
+export const mapsTelemetrySavedObjects: SavedObjectsType = {
+ name: 'maps-telemetry',
+ hidden: false,
+ namespaceType: 'agnostic',
+ mappings: {
+ // @ts-ignore Core types don't support this since it's only really valid when removing a previously registered type
+ type: 'object',
+ enabled: false,
+ },
+};
diff --git a/x-pack/plugins/ml/public/application/app.tsx b/x-pack/plugins/ml/public/application/app.tsx
index 3df176ff25cb4..9539d530bab04 100644
--- a/x-pack/plugins/ml/public/application/app.tsx
+++ b/x-pack/plugins/ml/public/application/app.tsx
@@ -80,11 +80,11 @@ export const renderApp = (
deps.kibanaLegacy.loadFontAwesome();
- const mlLicense = setLicenseCache(deps.licensing);
-
appMountParams.onAppLeave((actions) => actions.default());
- ReactDOM.render(, appMountParams.element);
+ const mlLicense = setLicenseCache(deps.licensing, [
+ () => ReactDOM.render(, appMountParams.element),
+ ]);
return () => {
mlLicense.unsubscribe();
diff --git a/x-pack/plugins/ml/public/application/components/anomalies_table/anomaly_details.js b/x-pack/plugins/ml/public/application/components/anomalies_table/anomaly_details.js
index edc1790b3adac..7b979d74a329c 100644
--- a/x-pack/plugins/ml/public/application/components/anomalies_table/anomaly_details.js
+++ b/x-pack/plugins/ml/public/application/components/anomalies_table/anomaly_details.js
@@ -279,7 +279,7 @@ export class AnomalyDetails extends Component {
),
},
{
- id: 'Category examples',
+ id: 'category-examples',
name: i18n.translate('xpack.ml.anomaliesTable.anomalyDetails.categoryExamplesTitle', {
defaultMessage: 'Category examples',
}),
diff --git a/x-pack/plugins/ml/public/application/components/anomalies_table/anomaly_details.test.js b/x-pack/plugins/ml/public/application/components/anomalies_table/anomaly_details.test.js
index 9fd1ffc3b637f..78c036eac1903 100644
--- a/x-pack/plugins/ml/public/application/components/anomalies_table/anomaly_details.test.js
+++ b/x-pack/plugins/ml/public/application/components/anomalies_table/anomaly_details.test.js
@@ -67,7 +67,7 @@ describe('AnomalyDetails', () => {
tabIndex: 1,
};
const wrapper = shallowWithIntl();
- expect(wrapper.prop('initialSelectedTab').id).toBe('Category examples');
+ expect(wrapper.prop('initialSelectedTab').id).toBe('category-examples');
});
test('Renders with terms and regex when definition prop is not undefined', () => {
diff --git a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/page.tsx b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/page.tsx
index ff718277a88a7..e821428890046 100644
--- a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/page.tsx
+++ b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/page.tsx
@@ -149,13 +149,13 @@ export const Page: FC = ({ jobId }) => {
{jobId === undefined && (
)}
{jobId !== undefined && (
)}
diff --git a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_management/hooks/use_create_analytics_form/use_create_analytics_form.ts b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_management/hooks/use_create_analytics_form/use_create_analytics_form.ts
index 2de9a1dcadd4b..f95d2f572a406 100644
--- a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_management/hooks/use_create_analytics_form/use_create_analytics_form.ts
+++ b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_management/hooks/use_create_analytics_form/use_create_analytics_form.ts
@@ -8,7 +8,6 @@ import { useReducer } from 'react';
import { i18n } from '@kbn/i18n';
-import { SimpleSavedObject } from 'kibana/public';
import { getErrorMessage } from '../../../../../../../common/util/errors';
import { DeepReadonly } from '../../../../../../../common/types/common';
import { ml } from '../../../../../services/ml_api_service';
@@ -235,7 +234,7 @@ export const useCreateAnalyticsForm = (): CreateAnalyticsFormProps => {
// Set the index pattern titles which the user can choose as the source.
const indexPatternsMap: SourceIndexMap = {};
const savedObjects = (await mlContext.indexPatterns.getCache()) || [];
- savedObjects.forEach((obj: SimpleSavedObject>) => {
+ savedObjects.forEach((obj) => {
const title = obj?.attributes?.title;
if (title !== undefined) {
const id = obj?.id || '';
diff --git a/x-pack/plugins/ml/public/application/license/check_license.tsx b/x-pack/plugins/ml/public/application/license/check_license.tsx
index 3584ee8fbee4b..583eec7d75414 100644
--- a/x-pack/plugins/ml/public/application/license/check_license.tsx
+++ b/x-pack/plugins/ml/public/application/license/check_license.tsx
@@ -5,6 +5,7 @@
*/
import { LicensingPluginSetup } from '../../../../licensing/public';
+import { MlLicense } from '../../../common/license';
import { MlClientLicense } from './ml_client_license';
let mlLicense: MlClientLicense | null = null;
@@ -16,9 +17,12 @@ let mlLicense: MlClientLicense | null = null;
* @param {LicensingPluginSetup} licensingSetup
* @returns {MlClientLicense}
*/
-export function setLicenseCache(licensingSetup: LicensingPluginSetup) {
+export function setLicenseCache(
+ licensingSetup: LicensingPluginSetup,
+ postInitFunctions?: Array<(lic: MlLicense) => void>
+) {
mlLicense = new MlClientLicense();
- mlLicense.setup(licensingSetup.license$);
+ mlLicense.setup(licensingSetup.license$, postInitFunctions);
return mlLicense;
}
diff --git a/x-pack/plugins/ml/public/application/license/ml_client_license.test.ts b/x-pack/plugins/ml/public/application/license/ml_client_license.test.ts
new file mode 100644
index 0000000000000..b37d7cfaa00aa
--- /dev/null
+++ b/x-pack/plugins/ml/public/application/license/ml_client_license.test.ts
@@ -0,0 +1,59 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { Observable, Subject } from 'rxjs';
+import { ILicense } from '../../../../licensing/common/types';
+
+import { MlClientLicense } from './ml_client_license';
+
+describe('MlClientLicense', () => {
+ test('should miss the license update when initialized without postInitFunction', () => {
+ const mlLicense = new MlClientLicense();
+
+ // upon instantiation the full license doesn't get set
+ expect(mlLicense.isFullLicense()).toBe(false);
+
+ const license$ = new Subject();
+
+ mlLicense.setup(license$ as Observable);
+
+ // if the observable wasn't triggered the full license is still not set
+ expect(mlLicense.isFullLicense()).toBe(false);
+
+ license$.next({
+ check: () => ({ state: 'valid' }),
+ getFeature: () => ({ isEnabled: true }),
+ status: 'valid',
+ });
+
+ // once the observable triggered the license should be set
+ expect(mlLicense.isFullLicense()).toBe(true);
+ });
+
+ test('should not miss the license update when initialized with postInitFunction', (done) => {
+ const mlLicense = new MlClientLicense();
+
+ // upon instantiation the full license doesn't get set
+ expect(mlLicense.isFullLicense()).toBe(false);
+
+ const license$ = new Subject();
+
+ mlLicense.setup(license$ as Observable, [
+ (license) => {
+ // when passed in via postInitFunction callback, the license should be valid
+ // even if the license$ observable gets triggered after this setup.
+ expect(license.isFullLicense()).toBe(true);
+ done();
+ },
+ ]);
+
+ license$.next({
+ check: () => ({ state: 'valid' }),
+ getFeature: () => ({ isEnabled: true }),
+ status: 'valid',
+ });
+ });
+});
diff --git a/x-pack/plugins/observability/public/data_handler.ts b/x-pack/plugins/observability/public/data_handler.ts
index 65f2c52a4e320..39e702a332a8e 100644
--- a/x-pack/plugins/observability/public/data_handler.ts
+++ b/x-pack/plugins/observability/public/data_handler.ts
@@ -4,29 +4,9 @@
* you may not use this file except in compliance with the Elastic License.
*/
-import { ObservabilityFetchDataResponse, FetchDataResponse } from './typings/fetch_data_response';
+import { DataHandler } from './typings/fetch_overview_data';
import { ObservabilityApp } from '../typings/common';
-export interface FetchDataParams {
- // The start timestamp in milliseconds of the queried time interval
- startTime: string;
- // The end timestamp in milliseconds of the queried time interval
- endTime: string;
- // The aggregation bucket size in milliseconds if applicable to the data source
- bucketSize: string;
-}
-
-export type FetchData = (
- fetchDataParams: FetchDataParams
-) => Promise;
-
-export type HasData = () => Promise;
-
-interface DataHandler {
- fetchData: FetchData;
- hasData: HasData;
-}
-
const dataHandlers: Partial> = {};
export function registerDataHandler({
diff --git a/x-pack/plugins/observability/public/index.ts b/x-pack/plugins/observability/public/index.ts
index fcb569f535d76..d2f1d246f79ec 100644
--- a/x-pack/plugins/observability/public/index.ts
+++ b/x-pack/plugins/observability/public/index.ts
@@ -5,16 +5,16 @@
*/
import { PluginInitializerContext, PluginInitializer } from 'kibana/public';
-import { Plugin, ObservabilityPluginSetup } from './plugin';
+import { Plugin, ObservabilityPluginSetup, ObservabilityPluginStart } from './plugin';
-export const plugin: PluginInitializer = (
+export { ObservabilityPluginSetup, ObservabilityPluginStart };
+
+export const plugin: PluginInitializer = (
context: PluginInitializerContext
) => {
return new Plugin(context);
};
-export { ObservabilityPluginSetup };
-
export * from './components/action_menu';
export {
diff --git a/x-pack/plugins/observability/public/plugin.ts b/x-pack/plugins/observability/public/plugin.ts
index c20e8c7b75d49..bbda1026606f1 100644
--- a/x-pack/plugins/observability/public/plugin.ts
+++ b/x-pack/plugins/observability/public/plugin.ts
@@ -16,7 +16,9 @@ export interface ObservabilityPluginSetup {
dashboard: { register: typeof registerDataHandler };
}
-export class Plugin implements PluginClass {
+export type ObservabilityPluginStart = void;
+
+export class Plugin implements PluginClass {
constructor(context: PluginInitializerContext) {}
public setup(core: CoreSetup) {
diff --git a/x-pack/plugins/observability/public/typings/fetch_data_response/index.d.ts b/x-pack/plugins/observability/public/typings/fetch_overview_data/index.ts
similarity index 68%
rename from x-pack/plugins/observability/public/typings/fetch_data_response/index.d.ts
rename to x-pack/plugins/observability/public/typings/fetch_overview_data/index.ts
index 06e86d1096cfc..e65d1779520cf 100644
--- a/x-pack/plugins/observability/public/typings/fetch_data_response/index.d.ts
+++ b/x-pack/plugins/observability/public/typings/fetch_overview_data/index.ts
@@ -4,6 +4,8 @@
* you may not use this file except in compliance with the Elastic License.
*/
+import { ObservabilityApp } from '../../../typings/common';
+
interface Stat {
type: 'number' | 'percent' | 'bytesPerSecond';
label: string;
@@ -22,6 +24,26 @@ interface Series {
color?: string;
}
+export interface FetchDataParams {
+ // The start timestamp in milliseconds of the queried time interval
+ startTime: string;
+ // The end timestamp in milliseconds of the queried time interval
+ endTime: string;
+ // The aggregation bucket size in milliseconds if applicable to the data source
+ bucketSize: string;
+}
+
+export type FetchData = (
+ fetchDataParams: FetchDataParams
+) => Promise;
+
+export type HasData = () => Promise;
+
+export interface DataHandler {
+ fetchData: FetchData;
+ hasData: HasData;
+}
+
export interface FetchDataResponse {
title: string;
appLink: string;
diff --git a/x-pack/plugins/observability/public/typings/index.ts b/x-pack/plugins/observability/public/typings/index.ts
index 3da2febc73efd..5cc2c613881df 100644
--- a/x-pack/plugins/observability/public/typings/index.ts
+++ b/x-pack/plugins/observability/public/typings/index.ts
@@ -6,3 +6,4 @@
export * from './eui_draggable';
export * from './eui_styled_components';
+export * from './fetch_overview_data';
diff --git a/x-pack/plugins/security_solution/public/common/lib/connectors/jira/translations.ts b/x-pack/plugins/security_solution/public/common/lib/connectors/jira/translations.ts
index bcb2c49a0de74..d7abf77a58d4c 100644
--- a/x-pack/plugins/security_solution/public/common/lib/connectors/jira/translations.ts
+++ b/x-pack/plugins/security_solution/public/common/lib/connectors/jira/translations.ts
@@ -11,7 +11,7 @@ export * from '../translations';
export const JIRA_DESC = i18n.translate(
'xpack.securitySolution.case.connectors.jira.selectMessageText',
{
- defaultMessage: 'Push or update SIEM case data to a new issue in Jira',
+ defaultMessage: 'Push or update Security case data to a new issue in Jira',
}
);
diff --git a/x-pack/plugins/security_solution/public/common/lib/connectors/servicenow/translations.ts b/x-pack/plugins/security_solution/public/common/lib/connectors/servicenow/translations.ts
index 0f06a4259e070..b3e58dcd5b6be 100644
--- a/x-pack/plugins/security_solution/public/common/lib/connectors/servicenow/translations.ts
+++ b/x-pack/plugins/security_solution/public/common/lib/connectors/servicenow/translations.ts
@@ -11,7 +11,7 @@ export * from '../translations';
export const SERVICENOW_DESC = i18n.translate(
'xpack.securitySolution.case.connectors.servicenow.selectMessageText',
{
- defaultMessage: 'Push or update SIEM case data to a new incident in ServiceNow',
+ defaultMessage: 'Push or update Security case data to a new incident in ServiceNow',
}
);
diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/host_details.tsx b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/host_details.tsx
index 80c4e2f379c7c..66abf993770a7 100644
--- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/host_details.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/host_details.tsx
@@ -19,7 +19,7 @@ import React, { memo, useMemo } from 'react';
import { FormattedMessage } from '@kbn/i18n/react';
import { i18n } from '@kbn/i18n';
import { HostMetadata } from '../../../../../../common/endpoint/types';
-import { useHostSelector, useHostLogsUrl, useAgentDetailsIngestUrl } from '../hooks';
+import { useHostSelector, useAgentDetailsIngestUrl } from '../hooks';
import { useNavigateToAppEventHandler } from '../../../../../common/hooks/endpoint/use_navigate_to_app_event_handler';
import { policyResponseStatus, uiQueryParams } from '../../store/selectors';
import { POLICY_STATUS_TO_HEALTH_COLOR } from '../host_constants';
@@ -51,7 +51,6 @@ const LinkToExternalApp = styled.div`
const openReassignFlyoutSearch = '?openReassignFlyout=true';
export const HostDetails = memo(({ details }: { details: HostMetadata }) => {
- const { url: logsUrl, appId: logsAppId, appPath: logsAppPath } = useHostLogsUrl(details.host.id);
const agentId = details.elastic.agent.id;
const {
url: agentDetailsUrl,
@@ -78,12 +77,6 @@ export const HostDetails = memo(({ details }: { details: HostMetadata }) => {
}),
description: ,
},
- {
- title: i18n.translate('xpack.securitySolution.endpoint.host.details.alerts', {
- defaultMessage: 'Alerts',
- }),
- description: '0',
- },
];
}, [details]);
@@ -251,22 +244,6 @@ export const HostDetails = memo(({ details }: { details: HostMetadata }) => {
listItems={detailsResultsLower}
data-test-subj="hostDetailsLowerList"
/>
-
-
-
-
-
-
-
-
);
});
diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/hooks.ts b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/hooks.ts
index c072c812edbb5..68198b691da40 100644
--- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/hooks.ts
+++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/hooks.ts
@@ -21,22 +21,6 @@ export function useHostSelector(selector: (state: HostState) => TSele
});
}
-/**
- * Returns an object that contains Kibana Logs app and URL information for a given host id
- * @param hostId
- */
-export const useHostLogsUrl = (hostId: string): { url: string; appId: string; appPath: string } => {
- const { services } = useKibana();
- return useMemo(() => {
- const appPath = `/stream?logFilter=(expression:'host.id:${hostId}',kind:kuery)`;
- return {
- url: `${services.application.getUrlForApp('logs')}${appPath}`,
- appId: 'logs',
- appPath,
- };
- }, [hostId, services.application]);
-};
-
/**
* Returns an object that contains Ingest app and URL information
*/
diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.test.tsx b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.test.tsx
index 68943797ea07e..073e2a07457ff 100644
--- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.test.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.test.tsx
@@ -278,7 +278,6 @@ describe('when on the hosts page', () => {
agentId = hostDetails.metadata.elastic.agent.id;
coreStart.http.get.mockReturnValue(Promise.resolve(hostDetails));
- coreStart.application.getUrlForApp.mockReturnValue('/app/logs');
reactTestingLibrary.act(() => {
history.push({
@@ -433,30 +432,6 @@ describe('when on the hosts page', () => {
});
});
- it('should include the link to logs', async () => {
- const renderResult = render();
- const linkToLogs = await renderResult.findByTestId('hostDetailsLinkToLogs');
- expect(linkToLogs).not.toBeNull();
- expect(linkToLogs.textContent).toEqual('Endpoint Logs');
- expect(linkToLogs.getAttribute('href')).toEqual(
- "/app/logs/stream?logFilter=(expression:'host.id:1',kind:kuery)"
- );
- });
-
- describe('when link to logs is clicked', () => {
- beforeEach(async () => {
- const renderResult = render();
- const linkToLogs = await renderResult.findByTestId('hostDetailsLinkToLogs');
- reactTestingLibrary.act(() => {
- reactTestingLibrary.fireEvent.click(linkToLogs);
- });
- });
-
- it('should navigate to logs without full page refresh', () => {
- expect(coreStart.application.navigateToApp.mock.calls).toHaveLength(1);
- });
- });
-
describe('when showing host Policy Response panel', () => {
let renderResult: ReturnType;
beforeEach(async () => {
diff --git a/x-pack/plugins/telemetry_collection_xpack/server/telemetry_collection/__snapshots__/get_stats_with_xpack.test.ts.snap b/x-pack/plugins/telemetry_collection_xpack/server/telemetry_collection/__snapshots__/get_stats_with_xpack.test.ts.snap
index 1a70504dc9391..ed82dc65eb410 100644
--- a/x-pack/plugins/telemetry_collection_xpack/server/telemetry_collection/__snapshots__/get_stats_with_xpack.test.ts.snap
+++ b/x-pack/plugins/telemetry_collection_xpack/server/telemetry_collection/__snapshots__/get_stats_with_xpack.test.ts.snap
@@ -4,7 +4,27 @@ exports[`Telemetry Collection: Get Aggregated Stats OSS-like telemetry (no licen
Array [
Object {
"cluster_name": "test",
- "cluster_stats": Object {},
+ "cluster_stats": Object {
+ "nodes": Object {
+ "usage": Object {
+ "nodes": Array [
+ Object {
+ "aggregations": Object {
+ "terms": Object {
+ "bytes": 2,
+ },
+ },
+ "node_id": "some_node_id",
+ "rest_actions": Object {
+ "nodes_usage_action": 1,
+ },
+ "since": 1588616945163,
+ "timestamp": 1588617023177,
+ },
+ ],
+ },
+ },
+ },
"cluster_uuid": "test",
"collection": "local",
"stack_stats": Object {
@@ -62,7 +82,27 @@ exports[`Telemetry Collection: Get Aggregated Stats X-Pack telemetry (license +
Array [
Object {
"cluster_name": "test",
- "cluster_stats": Object {},
+ "cluster_stats": Object {
+ "nodes": Object {
+ "usage": Object {
+ "nodes": Array [
+ Object {
+ "aggregations": Object {
+ "terms": Object {
+ "bytes": 2,
+ },
+ },
+ "node_id": "some_node_id",
+ "rest_actions": Object {
+ "nodes_usage_action": 1,
+ },
+ "since": 1588616945163,
+ "timestamp": 1588617023177,
+ },
+ ],
+ },
+ },
+ },
"cluster_uuid": "test",
"collection": "local",
"stack_stats": Object {
diff --git a/x-pack/plugins/telemetry_collection_xpack/server/telemetry_collection/get_stats_with_xpack.test.ts b/x-pack/plugins/telemetry_collection_xpack/server/telemetry_collection/get_stats_with_xpack.test.ts
index 5dfe3d3e99a7f..a8311933f0531 100644
--- a/x-pack/plugins/telemetry_collection_xpack/server/telemetry_collection/get_stats_with_xpack.test.ts
+++ b/x-pack/plugins/telemetry_collection_xpack/server/telemetry_collection/get_stats_with_xpack.test.ts
@@ -28,6 +28,20 @@ const kibana = {
rain: { chances: 2 },
snow: { chances: 0 },
};
+const nodesUsage = {
+ some_node_id: {
+ timestamp: 1588617023177,
+ since: 1588616945163,
+ rest_actions: {
+ nodes_usage_action: 1,
+ },
+ aggregations: {
+ terms: {
+ bytes: 2,
+ },
+ },
+ },
+};
const getContext = () => ({
version: '8675309-snapshot',
@@ -47,6 +61,11 @@ describe('Telemetry Collection: Get Aggregated Stats', () => {
if (options.path === '/_license' || options.path === '/_xpack/usage') {
// eslint-disable-next-line no-throw-literal
throw { statusCode: 404 };
+ } else if (options.path === '/_nodes/usage') {
+ return {
+ cluster_name: 'test cluster',
+ nodes: nodesUsage,
+ };
}
return {};
case 'info':
@@ -81,6 +100,12 @@ describe('Telemetry Collection: Get Aggregated Stats', () => {
if (options.path === '/_xpack/usage') {
return {};
}
+ if (options.path === '/_nodes/usage') {
+ return {
+ cluster_name: 'test cluster',
+ nodes: nodesUsage,
+ };
+ }
case 'info':
return { cluster_uuid: 'test', cluster_name: 'test', version: { number: '8.0.0' } };
default:
diff --git a/x-pack/test/apm_api_integration/basic/config.ts b/x-pack/test/apm_api_integration/basic/config.ts
index 541fe9ec023bc..03b8b21bf3232 100644
--- a/x-pack/test/apm_api_integration/basic/config.ts
+++ b/x-pack/test/apm_api_integration/basic/config.ts
@@ -6,7 +6,6 @@
import { createTestConfig } from '../common/config';
-// eslint-disable-next-line import/no-default-export
export default createTestConfig({
license: 'basic',
name: 'X-Pack APM API integration tests (basic)',
diff --git a/x-pack/test/apm_api_integration/basic/tests/agent_configuration.ts b/x-pack/test/apm_api_integration/basic/tests/agent_configuration.ts
index 9f39da2037f8e..7b99622cc4657 100644
--- a/x-pack/test/apm_api_integration/basic/tests/agent_configuration.ts
+++ b/x-pack/test/apm_api_integration/basic/tests/agent_configuration.ts
@@ -8,7 +8,6 @@ import expect from '@kbn/expect';
import { AgentConfigurationIntake } from '../../../../plugins/apm/common/agent_configuration/configuration_types';
import { FtrProviderContext } from '../../common/ftr_provider_context';
-// eslint-disable-next-line import/no-default-export
export default function agentConfigurationTests({ getService }: FtrProviderContext) {
const supertestRead = getService('supertestAsApmReadUser');
const supertestWrite = getService('supertestAsApmWriteUser');
diff --git a/x-pack/test/apm_api_integration/basic/tests/annotations.ts b/x-pack/test/apm_api_integration/basic/tests/annotations.ts
index c522ebcfb5c65..e0659fe195f93 100644
--- a/x-pack/test/apm_api_integration/basic/tests/annotations.ts
+++ b/x-pack/test/apm_api_integration/basic/tests/annotations.ts
@@ -8,7 +8,6 @@ import expect from '@kbn/expect';
import { JsonObject } from 'src/plugins/kibana_utils/common';
import { FtrProviderContext } from '../../common/ftr_provider_context';
-// eslint-disable-next-line import/no-default-export
export default function annotationApiTests({ getService }: FtrProviderContext) {
const supertestWrite = getService('supertestAsApmAnnotationsWriteUser');
diff --git a/x-pack/test/apm_api_integration/basic/tests/custom_link.ts b/x-pack/test/apm_api_integration/basic/tests/custom_link.ts
index 77fdc83523ca6..ec93d2b3a3b41 100644
--- a/x-pack/test/apm_api_integration/basic/tests/custom_link.ts
+++ b/x-pack/test/apm_api_integration/basic/tests/custom_link.ts
@@ -8,7 +8,6 @@ import expect from '@kbn/expect';
import { CustomLink } from '../../../../plugins/apm/common/custom_link/custom_link_types';
import { FtrProviderContext } from '../../common/ftr_provider_context';
-// eslint-disable-next-line import/no-default-export
export default function customLinksTests({ getService }: FtrProviderContext) {
const supertestRead = getService('supertestAsApmReadUser');
const supertestWrite = getService('supertestAsApmWriteUser');
diff --git a/x-pack/test/apm_api_integration/basic/tests/feature_controls.ts b/x-pack/test/apm_api_integration/basic/tests/feature_controls.ts
index 42cbef69abbec..400d0d294bf02 100644
--- a/x-pack/test/apm_api_integration/basic/tests/feature_controls.ts
+++ b/x-pack/test/apm_api_integration/basic/tests/feature_controls.ts
@@ -7,7 +7,6 @@
import expect from '@kbn/expect';
import { FtrProviderContext } from '../../common/ftr_provider_context';
-// eslint-disable-next-line import/no-default-export
export default function featureControlsTests({ getService }: FtrProviderContext) {
const supertest = getService('supertestAsApmWriteUser');
const supertestWithoutAuth = getService('supertestWithoutAuth');
diff --git a/x-pack/test/apm_api_integration/basic/tests/index.ts b/x-pack/test/apm_api_integration/basic/tests/index.ts
index 7c7e5a8dd93cc..02185b0761c5b 100644
--- a/x-pack/test/apm_api_integration/basic/tests/index.ts
+++ b/x-pack/test/apm_api_integration/basic/tests/index.ts
@@ -5,7 +5,6 @@
*/
import { FtrProviderContext } from '../../common/ftr_provider_context';
-// eslint-disable-next-line import/no-default-export
export default function apmApiIntegrationTests({ loadTestFile }: FtrProviderContext) {
describe('APM specs (basic)', function () {
this.tags('ciGroup1');
@@ -14,5 +13,6 @@ export default function apmApiIntegrationTests({ loadTestFile }: FtrProviderCont
loadTestFile(require.resolve('./feature_controls'));
loadTestFile(require.resolve('./agent_configuration'));
loadTestFile(require.resolve('./custom_link'));
+ loadTestFile(require.resolve('./service_maps'));
});
}
diff --git a/x-pack/test/apm_api_integration/basic/tests/service_maps.ts b/x-pack/test/apm_api_integration/basic/tests/service_maps.ts
new file mode 100644
index 0000000000000..64910d2b45632
--- /dev/null
+++ b/x-pack/test/apm_api_integration/basic/tests/service_maps.ts
@@ -0,0 +1,25 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import expect from '@kbn/expect';
+import { FtrProviderContext } from '../../common/ftr_provider_context';
+
+export default function serviceMapsApiTests({ getService }: FtrProviderContext) {
+ const supertest = getService('supertest');
+
+ describe('Service Maps', () => {
+ it('should only be available to users with Platinum license (or higher)', async () => {
+ const response = await supertest.get(
+ '/api/apm/service-map?start=2020-06-28T10%3A24%3A46.055Z&end=2020-06-29T10%3A24%3A46.055Z'
+ );
+
+ expect(response.status).to.be(403);
+ expect(response.body.message).to.be(
+ "In order to access Service Maps, you must be subscribed to an Elastic Platinum license. With it, you'll have the ability to visualize your entire application stack along with your APM data."
+ );
+ });
+ });
+}
diff --git a/x-pack/test/apm_api_integration/trial/config.ts b/x-pack/test/apm_api_integration/trial/config.ts
index ca5b11d469c47..94a6f808603c1 100644
--- a/x-pack/test/apm_api_integration/trial/config.ts
+++ b/x-pack/test/apm_api_integration/trial/config.ts
@@ -6,7 +6,6 @@
import { createTestConfig } from '../common/config';
-// eslint-disable-next-line import/no-default-export
export default createTestConfig({
license: 'trial',
name: 'X-Pack APM API integration tests (trial)',
diff --git a/x-pack/test/apm_api_integration/trial/fixtures/es_archiver/8.0.0/data.json.gz b/x-pack/test/apm_api_integration/trial/fixtures/es_archiver/8.0.0/data.json.gz
new file mode 100644
index 0000000000000..e9360878b7bb7
Binary files /dev/null and b/x-pack/test/apm_api_integration/trial/fixtures/es_archiver/8.0.0/data.json.gz differ
diff --git a/x-pack/test/apm_api_integration/trial/fixtures/es_archiver/8.0.0/mappings.json b/x-pack/test/apm_api_integration/trial/fixtures/es_archiver/8.0.0/mappings.json
new file mode 100644
index 0000000000000..5e9f9f52be8d3
--- /dev/null
+++ b/x-pack/test/apm_api_integration/trial/fixtures/es_archiver/8.0.0/mappings.json
@@ -0,0 +1,25698 @@
+{
+ "type": "index",
+ "value": {
+ "aliases": {
+ "apm-8.0.0-error": {
+ "is_write_index": true
+ }
+ },
+ "index": "apm-8.0.0-error-000001",
+ "mappings": {
+ "_meta": {
+ "beat": "apm",
+ "version": "8.0.0"
+ },
+ "date_detection": false,
+ "dynamic_templates": [
+ {
+ "labels": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "container.labels": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "container.labels.*"
+ }
+ },
+ {
+ "dns.answers": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "dns.answers.*"
+ }
+ },
+ {
+ "log.syslog": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "log.syslog.*"
+ }
+ },
+ {
+ "network.inner": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "network.inner.*"
+ }
+ },
+ {
+ "observer.egress": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "observer.egress.*"
+ }
+ },
+ {
+ "observer.ingress": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "observer.ingress.*"
+ }
+ },
+ {
+ "fields": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "fields.*"
+ }
+ },
+ {
+ "docker.container.labels": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "docker.container.labels.*"
+ }
+ },
+ {
+ "kubernetes.labels.*": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "path_match": "kubernetes.labels.*"
+ }
+ },
+ {
+ "kubernetes.annotations.*": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "path_match": "kubernetes.annotations.*"
+ }
+ },
+ {
+ "labels_string": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_boolean": {
+ "mapping": {
+ "type": "boolean"
+ },
+ "match_mapping_type": "boolean",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "transaction.marks": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "transaction.marks.*"
+ }
+ },
+ {
+ "transaction.marks.*.*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "transaction.marks.*.*"
+ }
+ },
+ {
+ "strings_as_keyword": {
+ "mapping": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "match_mapping_type": "string"
+ }
+ }
+ ],
+ "properties": {
+ "@timestamp": {
+ "type": "date"
+ },
+ "agent": {
+ "dynamic": "false",
+ "properties": {
+ "ephemeral_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hostname": {
+ "path": "agent.name",
+ "type": "alias"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "child": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "client": {
+ "dynamic": "false",
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "cloud": {
+ "properties": {
+ "account": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "availability_zone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "image": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "instance": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "machine": {
+ "dynamic": "false",
+ "properties": {
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "project": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "provider": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "container": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "image": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "tag": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "labels": {
+ "type": "object"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "runtime": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "destination": {
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "dll": {
+ "properties": {
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "pe": {
+ "properties": {
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "dns": {
+ "properties": {
+ "answers": {
+ "properties": {
+ "class": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "data": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ttl": {
+ "type": "long"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "header_flags": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "op_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "question": {
+ "properties": {
+ "class": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subdomain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "resolved_ip": {
+ "type": "ip"
+ },
+ "response_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "docker": {
+ "properties": {
+ "container": {
+ "properties": {
+ "labels": {
+ "type": "object"
+ }
+ }
+ }
+ }
+ },
+ "ecs": {
+ "properties": {
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "error": {
+ "dynamic": "false",
+ "properties": {
+ "code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "culprit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "exception": {
+ "properties": {
+ "code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "handled": {
+ "type": "boolean"
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "module": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "grouping_key": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "log": {
+ "properties": {
+ "level": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "logger_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "param_message": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "stack_trace": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "event": {
+ "properties": {
+ "action": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "category": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "created": {
+ "type": "date"
+ },
+ "dataset": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "duration": {
+ "type": "long"
+ },
+ "end": {
+ "type": "date"
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ingested": {
+ "type": "date"
+ },
+ "kind": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "module": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "outcome": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "provider": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "risk_score": {
+ "type": "float"
+ },
+ "risk_score_norm": {
+ "type": "float"
+ },
+ "sequence": {
+ "type": "long"
+ },
+ "severity": {
+ "type": "long"
+ },
+ "start": {
+ "type": "date"
+ },
+ "timezone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "url": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "experimental": {
+ "dynamic": "true",
+ "type": "object"
+ },
+ "fields": {
+ "type": "object"
+ },
+ "file": {
+ "properties": {
+ "accessed": {
+ "type": "date"
+ },
+ "attributes": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "created": {
+ "type": "date"
+ },
+ "ctime": {
+ "type": "date"
+ },
+ "device": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "directory": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "drive_letter": {
+ "ignore_above": 1,
+ "type": "keyword"
+ },
+ "extension": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "gid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "inode": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mime_type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mode": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mtime": {
+ "type": "date"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "owner": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "pe": {
+ "properties": {
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "size": {
+ "type": "long"
+ },
+ "target_path": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "host": {
+ "dynamic": "false",
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "containerized": {
+ "type": "boolean"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hostname": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "os": {
+ "properties": {
+ "build": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "codename": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uptime": {
+ "type": "long"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "http": {
+ "dynamic": "false",
+ "properties": {
+ "request": {
+ "properties": {
+ "body": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ },
+ "content": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "headers": {
+ "enabled": false,
+ "type": "object"
+ },
+ "method": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "referrer": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "response": {
+ "properties": {
+ "body": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ },
+ "content": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "finished": {
+ "type": "boolean"
+ },
+ "headers": {
+ "enabled": false,
+ "type": "object"
+ },
+ "status_code": {
+ "type": "long"
+ }
+ }
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "interface": {
+ "properties": {
+ "alias": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "kubernetes": {
+ "dynamic": "false",
+ "properties": {
+ "annotations": {
+ "properties": {
+ "*": {
+ "type": "object"
+ }
+ }
+ },
+ "container": {
+ "properties": {
+ "image": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "deployment": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "labels": {
+ "properties": {
+ "*": {
+ "type": "object"
+ }
+ }
+ },
+ "namespace": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "node": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pod": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "replicaset": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "statefulset": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "labels": {
+ "dynamic": "true",
+ "properties": {
+ "foo": {
+ "type": "keyword"
+ },
+ "lorem": {
+ "type": "keyword"
+ },
+ "multi-line": {
+ "type": "keyword"
+ },
+ "this-is-a-very-long-tag-name-without-any-spaces": {
+ "type": "keyword"
+ }
+ }
+ },
+ "log": {
+ "properties": {
+ "level": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "logger": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "origin": {
+ "properties": {
+ "file": {
+ "properties": {
+ "line": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "function": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "original": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "syslog": {
+ "properties": {
+ "facility": {
+ "properties": {
+ "code": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "priority": {
+ "type": "long"
+ },
+ "severity": {
+ "properties": {
+ "code": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "network": {
+ "properties": {
+ "application": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "community_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "direction": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "forwarded_ip": {
+ "type": "ip"
+ },
+ "iana_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "inner": {
+ "properties": {
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "packets": {
+ "type": "long"
+ },
+ "protocol": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "transport": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "observer": {
+ "dynamic": "false",
+ "properties": {
+ "egress": {
+ "properties": {
+ "interface": {
+ "properties": {
+ "alias": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "zone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hostname": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ingress": {
+ "properties": {
+ "interface": {
+ "properties": {
+ "alias": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "zone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "listening": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "os": {
+ "properties": {
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "serial_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "vendor": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version_major": {
+ "type": "byte"
+ }
+ }
+ },
+ "organization": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "os": {
+ "properties": {
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "package": {
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "build_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "checksum": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "install_scope": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "installed": {
+ "type": "date"
+ },
+ "license": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "size": {
+ "type": "long"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "parent": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pe": {
+ "properties": {
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "process": {
+ "dynamic": "false",
+ "properties": {
+ "args": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "args_count": {
+ "type": "long"
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "command_line": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "entity_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "executable": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "exit_code": {
+ "type": "long"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "parent": {
+ "properties": {
+ "args": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "args_count": {
+ "type": "long"
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "command_line": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "entity_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "executable": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "exit_code": {
+ "type": "long"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "pgid": {
+ "type": "long"
+ },
+ "pid": {
+ "type": "long"
+ },
+ "ppid": {
+ "type": "long"
+ },
+ "start": {
+ "type": "date"
+ },
+ "thread": {
+ "properties": {
+ "id": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "title": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uptime": {
+ "type": "long"
+ },
+ "working_directory": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pe": {
+ "properties": {
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pgid": {
+ "type": "long"
+ },
+ "pid": {
+ "type": "long"
+ },
+ "ppid": {
+ "type": "long"
+ },
+ "start": {
+ "type": "date"
+ },
+ "thread": {
+ "properties": {
+ "id": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "title": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uptime": {
+ "type": "long"
+ },
+ "working_directory": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "processor": {
+ "properties": {
+ "event": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "profile": {
+ "dynamic": "false",
+ "properties": {
+ "alloc_objects": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "alloc_space": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "cpu": {
+ "properties": {
+ "ns": {
+ "type": "long"
+ }
+ }
+ },
+ "duration": {
+ "type": "long"
+ },
+ "inuse_objects": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "inuse_space": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "samples": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "stack": {
+ "dynamic": "false",
+ "properties": {
+ "filename": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "function": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "line": {
+ "type": "long"
+ }
+ }
+ },
+ "top": {
+ "dynamic": "false",
+ "properties": {
+ "filename": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "function": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "line": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "registry": {
+ "properties": {
+ "data": {
+ "properties": {
+ "bytes": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "strings": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hive": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "key": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "value": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "related": {
+ "properties": {
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "user": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "rule": {
+ "properties": {
+ "author": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "category": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "license": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ruleset": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uuid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "server": {
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "service": {
+ "dynamic": "false",
+ "properties": {
+ "environment": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ephemeral_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "framework": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "language": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "node": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "runtime": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "state": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "source": {
+ "dynamic": "false",
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "sourcemap": {
+ "dynamic": "false",
+ "properties": {
+ "bundle_filepath": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "service": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "span": {
+ "dynamic": "false",
+ "properties": {
+ "action": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "db": {
+ "dynamic": "false",
+ "properties": {
+ "link": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "rows_affected": {
+ "type": "long"
+ }
+ }
+ },
+ "destination": {
+ "dynamic": "false",
+ "properties": {
+ "service": {
+ "dynamic": "false",
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "resource": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "duration": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "message": {
+ "dynamic": "false",
+ "properties": {
+ "age": {
+ "properties": {
+ "ms": {
+ "type": "long"
+ }
+ }
+ },
+ "queue": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "self_time": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "sum": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "start": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "subtype": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sync": {
+ "type": "boolean"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "system": {
+ "properties": {
+ "cpu": {
+ "properties": {
+ "total": {
+ "properties": {
+ "norm": {
+ "properties": {
+ "pct": {
+ "scaling_factor": 1000,
+ "type": "scaled_float"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "memory": {
+ "properties": {
+ "actual": {
+ "properties": {
+ "free": {
+ "type": "long"
+ }
+ }
+ },
+ "total": {
+ "type": "long"
+ }
+ }
+ },
+ "process": {
+ "properties": {
+ "cpu": {
+ "properties": {
+ "total": {
+ "properties": {
+ "norm": {
+ "properties": {
+ "pct": {
+ "scaling_factor": 1000,
+ "type": "scaled_float"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "memory": {
+ "properties": {
+ "rss": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "size": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "tags": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "threat": {
+ "properties": {
+ "framework": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "tactic": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "technique": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "timeseries": {
+ "properties": {
+ "instance": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "timestamp": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "tls": {
+ "properties": {
+ "cipher": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "client": {
+ "properties": {
+ "certificate": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "certificate_chain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "issuer": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ja3": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "server_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "supported_ciphers": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "curve": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "established": {
+ "type": "boolean"
+ },
+ "next_protocol": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "resumed": {
+ "type": "boolean"
+ },
+ "server": {
+ "properties": {
+ "certificate": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "certificate_chain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "issuer": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ja3s": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "subject": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version_protocol": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "trace": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "tracing": {
+ "properties": {
+ "trace": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "transaction": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "transaction": {
+ "dynamic": "false",
+ "properties": {
+ "breakdown": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "duration": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "histogram": {
+ "type": "histogram"
+ },
+ "sum": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "marks": {
+ "dynamic": "true",
+ "properties": {
+ "*": {
+ "properties": {
+ "*": {
+ "dynamic": "true",
+ "type": "object"
+ }
+ }
+ }
+ }
+ },
+ "message": {
+ "dynamic": "false",
+ "properties": {
+ "age": {
+ "properties": {
+ "ms": {
+ "type": "long"
+ }
+ }
+ },
+ "queue": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "result": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "root": {
+ "type": "boolean"
+ },
+ "sampled": {
+ "type": "boolean"
+ },
+ "self_time": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "sum": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "span_count": {
+ "properties": {
+ "dropped": {
+ "type": "long"
+ }
+ }
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "url": {
+ "dynamic": "false",
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "extension": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "fragment": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "password": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "port": {
+ "type": "long"
+ },
+ "query": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "scheme": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "username": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "user": {
+ "dynamic": "false",
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "user_agent": {
+ "dynamic": "false",
+ "properties": {
+ "device": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "os": {
+ "properties": {
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "view spans": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "vulnerability": {
+ "properties": {
+ "category": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "classification": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "enumeration": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "report_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "scanner": {
+ "properties": {
+ "vendor": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "score": {
+ "properties": {
+ "base": {
+ "type": "float"
+ },
+ "environmental": {
+ "type": "float"
+ },
+ "temporal": {
+ "type": "float"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "severity": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "settings": {
+ "index": {
+ "codec": "best_compression",
+ "lifecycle": {
+ "name": "apm-rollover-30-days",
+ "rollover_alias": "apm-8.0.0-error"
+ },
+ "mapping": {
+ "total_fields": {
+ "limit": "2000"
+ }
+ },
+ "number_of_replicas": "0",
+ "number_of_shards": "1",
+ "priority": "100",
+ "query": {
+ "default_field": [
+ "message",
+ "tags",
+ "agent.ephemeral_id",
+ "agent.id",
+ "agent.name",
+ "agent.type",
+ "agent.version",
+ "as.organization.name",
+ "client.address",
+ "client.as.organization.name",
+ "client.domain",
+ "client.geo.city_name",
+ "client.geo.continent_name",
+ "client.geo.country_iso_code",
+ "client.geo.country_name",
+ "client.geo.name",
+ "client.geo.region_iso_code",
+ "client.geo.region_name",
+ "client.mac",
+ "client.registered_domain",
+ "client.top_level_domain",
+ "client.user.domain",
+ "client.user.email",
+ "client.user.full_name",
+ "client.user.group.domain",
+ "client.user.group.id",
+ "client.user.group.name",
+ "client.user.hash",
+ "client.user.id",
+ "client.user.name",
+ "cloud.account.id",
+ "cloud.availability_zone",
+ "cloud.instance.id",
+ "cloud.instance.name",
+ "cloud.machine.type",
+ "cloud.provider",
+ "cloud.region",
+ "container.id",
+ "container.image.name",
+ "container.image.tag",
+ "container.name",
+ "container.runtime",
+ "destination.address",
+ "destination.as.organization.name",
+ "destination.domain",
+ "destination.geo.city_name",
+ "destination.geo.continent_name",
+ "destination.geo.country_iso_code",
+ "destination.geo.country_name",
+ "destination.geo.name",
+ "destination.geo.region_iso_code",
+ "destination.geo.region_name",
+ "destination.mac",
+ "destination.registered_domain",
+ "destination.top_level_domain",
+ "destination.user.domain",
+ "destination.user.email",
+ "destination.user.full_name",
+ "destination.user.group.domain",
+ "destination.user.group.id",
+ "destination.user.group.name",
+ "destination.user.hash",
+ "destination.user.id",
+ "destination.user.name",
+ "dns.answers.class",
+ "dns.answers.data",
+ "dns.answers.name",
+ "dns.answers.type",
+ "dns.header_flags",
+ "dns.id",
+ "dns.op_code",
+ "dns.question.class",
+ "dns.question.name",
+ "dns.question.registered_domain",
+ "dns.question.subdomain",
+ "dns.question.top_level_domain",
+ "dns.question.type",
+ "dns.response_code",
+ "dns.type",
+ "ecs.version",
+ "error.code",
+ "error.id",
+ "error.message",
+ "error.stack_trace",
+ "error.type",
+ "event.action",
+ "event.category",
+ "event.code",
+ "event.dataset",
+ "event.hash",
+ "event.id",
+ "event.kind",
+ "event.module",
+ "event.original",
+ "event.outcome",
+ "event.provider",
+ "event.timezone",
+ "event.type",
+ "file.device",
+ "file.directory",
+ "file.extension",
+ "file.gid",
+ "file.group",
+ "file.hash.md5",
+ "file.hash.sha1",
+ "file.hash.sha256",
+ "file.hash.sha512",
+ "file.inode",
+ "file.mode",
+ "file.name",
+ "file.owner",
+ "file.path",
+ "file.target_path",
+ "file.type",
+ "file.uid",
+ "geo.city_name",
+ "geo.continent_name",
+ "geo.country_iso_code",
+ "geo.country_name",
+ "geo.name",
+ "geo.region_iso_code",
+ "geo.region_name",
+ "group.domain",
+ "group.id",
+ "group.name",
+ "hash.md5",
+ "hash.sha1",
+ "hash.sha256",
+ "hash.sha512",
+ "host.architecture",
+ "host.geo.city_name",
+ "host.geo.continent_name",
+ "host.geo.country_iso_code",
+ "host.geo.country_name",
+ "host.geo.name",
+ "host.geo.region_iso_code",
+ "host.geo.region_name",
+ "host.hostname",
+ "host.id",
+ "host.mac",
+ "host.name",
+ "host.os.family",
+ "host.os.full",
+ "host.os.kernel",
+ "host.os.name",
+ "host.os.platform",
+ "host.os.version",
+ "host.type",
+ "host.user.domain",
+ "host.user.email",
+ "host.user.full_name",
+ "host.user.group.domain",
+ "host.user.group.id",
+ "host.user.group.name",
+ "host.user.hash",
+ "host.user.id",
+ "host.user.name",
+ "http.request.body.content",
+ "http.request.method",
+ "http.request.referrer",
+ "http.response.body.content",
+ "http.version",
+ "log.level",
+ "log.logger",
+ "log.origin.file.name",
+ "log.origin.function",
+ "log.original",
+ "log.syslog.facility.name",
+ "log.syslog.severity.name",
+ "network.application",
+ "network.community_id",
+ "network.direction",
+ "network.iana_number",
+ "network.name",
+ "network.protocol",
+ "network.transport",
+ "network.type",
+ "observer.geo.city_name",
+ "observer.geo.continent_name",
+ "observer.geo.country_iso_code",
+ "observer.geo.country_name",
+ "observer.geo.name",
+ "observer.geo.region_iso_code",
+ "observer.geo.region_name",
+ "observer.hostname",
+ "observer.mac",
+ "observer.name",
+ "observer.os.family",
+ "observer.os.full",
+ "observer.os.kernel",
+ "observer.os.name",
+ "observer.os.platform",
+ "observer.os.version",
+ "observer.product",
+ "observer.serial_number",
+ "observer.type",
+ "observer.vendor",
+ "observer.version",
+ "organization.id",
+ "organization.name",
+ "os.family",
+ "os.full",
+ "os.kernel",
+ "os.name",
+ "os.platform",
+ "os.version",
+ "package.architecture",
+ "package.checksum",
+ "package.description",
+ "package.install_scope",
+ "package.license",
+ "package.name",
+ "package.path",
+ "package.version",
+ "process.args",
+ "text",
+ "process.executable",
+ "process.hash.md5",
+ "process.hash.sha1",
+ "process.hash.sha256",
+ "process.hash.sha512",
+ "process.name",
+ "text",
+ "text",
+ "text",
+ "text",
+ "text",
+ "process.thread.name",
+ "process.title",
+ "process.working_directory",
+ "server.address",
+ "server.as.organization.name",
+ "server.domain",
+ "server.geo.city_name",
+ "server.geo.continent_name",
+ "server.geo.country_iso_code",
+ "server.geo.country_name",
+ "server.geo.name",
+ "server.geo.region_iso_code",
+ "server.geo.region_name",
+ "server.mac",
+ "server.registered_domain",
+ "server.top_level_domain",
+ "server.user.domain",
+ "server.user.email",
+ "server.user.full_name",
+ "server.user.group.domain",
+ "server.user.group.id",
+ "server.user.group.name",
+ "server.user.hash",
+ "server.user.id",
+ "server.user.name",
+ "service.ephemeral_id",
+ "service.id",
+ "service.name",
+ "service.node.name",
+ "service.state",
+ "service.type",
+ "service.version",
+ "source.address",
+ "source.as.organization.name",
+ "source.domain",
+ "source.geo.city_name",
+ "source.geo.continent_name",
+ "source.geo.country_iso_code",
+ "source.geo.country_name",
+ "source.geo.name",
+ "source.geo.region_iso_code",
+ "source.geo.region_name",
+ "source.mac",
+ "source.registered_domain",
+ "source.top_level_domain",
+ "source.user.domain",
+ "source.user.email",
+ "source.user.full_name",
+ "source.user.group.domain",
+ "source.user.group.id",
+ "source.user.group.name",
+ "source.user.hash",
+ "source.user.id",
+ "source.user.name",
+ "threat.framework",
+ "threat.tactic.id",
+ "threat.tactic.name",
+ "threat.tactic.reference",
+ "threat.technique.id",
+ "threat.technique.name",
+ "threat.technique.reference",
+ "tracing.trace.id",
+ "tracing.transaction.id",
+ "url.domain",
+ "url.extension",
+ "url.fragment",
+ "url.full",
+ "url.original",
+ "url.password",
+ "url.path",
+ "url.query",
+ "url.registered_domain",
+ "url.scheme",
+ "url.top_level_domain",
+ "url.username",
+ "user.domain",
+ "user.email",
+ "user.full_name",
+ "user.group.domain",
+ "user.group.id",
+ "user.group.name",
+ "user.hash",
+ "user.id",
+ "user.name",
+ "user_agent.device.name",
+ "user_agent.name",
+ "text",
+ "user_agent.original",
+ "user_agent.os.family",
+ "user_agent.os.full",
+ "user_agent.os.kernel",
+ "user_agent.os.name",
+ "user_agent.os.platform",
+ "user_agent.os.version",
+ "user_agent.version",
+ "text",
+ "timeseries.instance",
+ "cloud.project.id",
+ "cloud.image.id",
+ "host.os.build",
+ "host.os.codename",
+ "kubernetes.pod.name",
+ "kubernetes.pod.uid",
+ "kubernetes.namespace",
+ "kubernetes.node.name",
+ "kubernetes.replicaset.name",
+ "kubernetes.deployment.name",
+ "kubernetes.statefulset.name",
+ "kubernetes.container.name",
+ "kubernetes.container.image",
+ "processor.name",
+ "processor.event",
+ "url.scheme",
+ "url.full",
+ "url.domain",
+ "url.path",
+ "url.query",
+ "url.fragment",
+ "http.version",
+ "http.request.method",
+ "http.request.referrer",
+ "service.name",
+ "service.version",
+ "service.environment",
+ "service.node.name",
+ "service.language.name",
+ "service.language.version",
+ "service.runtime.name",
+ "service.runtime.version",
+ "service.framework.name",
+ "service.framework.version",
+ "transaction.id",
+ "transaction.type",
+ "text",
+ "transaction.name",
+ "span.type",
+ "span.subtype",
+ "trace.id",
+ "parent.id",
+ "agent.name",
+ "agent.version",
+ "agent.ephemeral_id",
+ "container.id",
+ "kubernetes.namespace",
+ "kubernetes.node.name",
+ "kubernetes.pod.name",
+ "kubernetes.pod.uid",
+ "host.architecture",
+ "host.hostname",
+ "host.name",
+ "host.os.platform",
+ "process.args",
+ "process.title",
+ "observer.listening",
+ "observer.hostname",
+ "observer.version",
+ "observer.type",
+ "user.name",
+ "user.id",
+ "user.email",
+ "destination.address",
+ "text",
+ "user_agent.original",
+ "user_agent.name",
+ "user_agent.version",
+ "user_agent.device.name",
+ "user_agent.os.platform",
+ "user_agent.os.name",
+ "user_agent.os.full",
+ "user_agent.os.family",
+ "user_agent.os.version",
+ "user_agent.os.kernel",
+ "cloud.account.id",
+ "cloud.account.name",
+ "cloud.availability_zone",
+ "cloud.instance.id",
+ "cloud.instance.name",
+ "cloud.machine.type",
+ "cloud.project.id",
+ "cloud.project.name",
+ "cloud.provider",
+ "cloud.region",
+ "error.id",
+ "error.culprit",
+ "error.grouping_key",
+ "error.exception.code",
+ "error.exception.message",
+ "error.exception.module",
+ "error.exception.type",
+ "error.log.level",
+ "error.log.logger_name",
+ "error.log.message",
+ "error.log.param_message",
+ "profile.top.id",
+ "profile.top.function",
+ "profile.top.filename",
+ "profile.stack.id",
+ "profile.stack.function",
+ "profile.stack.filename",
+ "sourcemap.service.name",
+ "sourcemap.service.version",
+ "sourcemap.bundle_filepath",
+ "view spans",
+ "child.id",
+ "span.id",
+ "span.name",
+ "span.action",
+ "span.db.link",
+ "span.destination.service.type",
+ "span.destination.service.name",
+ "span.destination.service.resource",
+ "span.message.queue.name",
+ "transaction.result",
+ "transaction.message.queue.name",
+ "fields.*"
+ ]
+ },
+ "refresh_interval": "1ms"
+ }
+ }
+ }
+}
+
+{
+ "type": "index",
+ "value": {
+ "aliases": {
+ "apm-8.0.0-metric": {
+ "is_write_index": true
+ }
+ },
+ "index": "apm-8.0.0-metric-000001",
+ "mappings": {
+ "_meta": {
+ "beat": "apm",
+ "version": "8.0.0"
+ },
+ "date_detection": false,
+ "dynamic_templates": [
+ {
+ "labels": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "container.labels": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "container.labels.*"
+ }
+ },
+ {
+ "dns.answers": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "dns.answers.*"
+ }
+ },
+ {
+ "log.syslog": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "log.syslog.*"
+ }
+ },
+ {
+ "network.inner": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "network.inner.*"
+ }
+ },
+ {
+ "observer.egress": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "observer.egress.*"
+ }
+ },
+ {
+ "observer.ingress": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "observer.ingress.*"
+ }
+ },
+ {
+ "fields": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "fields.*"
+ }
+ },
+ {
+ "docker.container.labels": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "docker.container.labels.*"
+ }
+ },
+ {
+ "kubernetes.labels.*": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "path_match": "kubernetes.labels.*"
+ }
+ },
+ {
+ "kubernetes.annotations.*": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "path_match": "kubernetes.annotations.*"
+ }
+ },
+ {
+ "labels_string": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_boolean": {
+ "mapping": {
+ "type": "boolean"
+ },
+ "match_mapping_type": "boolean",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "transaction.marks": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "transaction.marks.*"
+ }
+ },
+ {
+ "transaction.marks.*.*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "transaction.marks.*.*"
+ }
+ },
+ {
+ "strings_as_keyword": {
+ "mapping": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "match_mapping_type": "string"
+ }
+ }
+ ],
+ "properties": {
+ "@timestamp": {
+ "type": "date"
+ },
+ "agent": {
+ "dynamic": "false",
+ "properties": {
+ "ephemeral_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hostname": {
+ "path": "agent.name",
+ "type": "alias"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "child": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "client": {
+ "dynamic": "false",
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "cloud": {
+ "properties": {
+ "account": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "availability_zone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "image": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "instance": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "machine": {
+ "dynamic": "false",
+ "properties": {
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "project": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "provider": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "container": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "image": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "tag": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "labels": {
+ "type": "object"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "runtime": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "destination": {
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "dll": {
+ "properties": {
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "pe": {
+ "properties": {
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "dns": {
+ "properties": {
+ "answers": {
+ "properties": {
+ "class": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "data": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ttl": {
+ "type": "long"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "header_flags": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "op_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "question": {
+ "properties": {
+ "class": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subdomain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "resolved_ip": {
+ "type": "ip"
+ },
+ "response_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "docker": {
+ "properties": {
+ "container": {
+ "properties": {
+ "labels": {
+ "type": "object"
+ }
+ }
+ }
+ }
+ },
+ "ecs": {
+ "properties": {
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "error": {
+ "dynamic": "false",
+ "properties": {
+ "code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "culprit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "exception": {
+ "properties": {
+ "code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "handled": {
+ "type": "boolean"
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "module": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "grouping_key": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "log": {
+ "properties": {
+ "level": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "logger_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "param_message": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "stack_trace": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "event": {
+ "properties": {
+ "action": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "category": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "created": {
+ "type": "date"
+ },
+ "dataset": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "duration": {
+ "type": "long"
+ },
+ "end": {
+ "type": "date"
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ingested": {
+ "type": "date"
+ },
+ "kind": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "module": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "outcome": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "provider": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "risk_score": {
+ "type": "float"
+ },
+ "risk_score_norm": {
+ "type": "float"
+ },
+ "sequence": {
+ "type": "long"
+ },
+ "severity": {
+ "type": "long"
+ },
+ "start": {
+ "type": "date"
+ },
+ "timezone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "url": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "experimental": {
+ "dynamic": "true",
+ "type": "object"
+ },
+ "fields": {
+ "type": "object"
+ },
+ "file": {
+ "properties": {
+ "accessed": {
+ "type": "date"
+ },
+ "attributes": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "created": {
+ "type": "date"
+ },
+ "ctime": {
+ "type": "date"
+ },
+ "device": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "directory": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "drive_letter": {
+ "ignore_above": 1,
+ "type": "keyword"
+ },
+ "extension": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "gid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "inode": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mime_type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mode": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mtime": {
+ "type": "date"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "owner": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "pe": {
+ "properties": {
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "size": {
+ "type": "long"
+ },
+ "target_path": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "host": {
+ "dynamic": "false",
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "containerized": {
+ "type": "boolean"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hostname": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "os": {
+ "properties": {
+ "build": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "codename": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uptime": {
+ "type": "long"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "http": {
+ "dynamic": "false",
+ "properties": {
+ "request": {
+ "properties": {
+ "body": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ },
+ "content": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "headers": {
+ "enabled": false,
+ "type": "object"
+ },
+ "method": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "referrer": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "response": {
+ "properties": {
+ "body": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ },
+ "content": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "finished": {
+ "type": "boolean"
+ },
+ "headers": {
+ "enabled": false,
+ "type": "object"
+ },
+ "status_code": {
+ "type": "long"
+ }
+ }
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "interface": {
+ "properties": {
+ "alias": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "jvm": {
+ "properties": {
+ "gc": {
+ "properties": {
+ "alloc": {
+ "type": "float"
+ },
+ "count": {
+ "type": "long"
+ },
+ "time": {
+ "type": "long"
+ }
+ }
+ },
+ "memory": {
+ "properties": {
+ "heap": {
+ "properties": {
+ "committed": {
+ "type": "float"
+ },
+ "max": {
+ "type": "float"
+ },
+ "used": {
+ "type": "float"
+ }
+ }
+ },
+ "non_heap": {
+ "properties": {
+ "committed": {
+ "type": "float"
+ },
+ "max": {
+ "type": "long"
+ },
+ "used": {
+ "type": "float"
+ }
+ }
+ }
+ }
+ },
+ "thread": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "kubernetes": {
+ "dynamic": "false",
+ "properties": {
+ "annotations": {
+ "properties": {
+ "*": {
+ "type": "object"
+ }
+ }
+ },
+ "container": {
+ "properties": {
+ "image": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "deployment": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "labels": {
+ "properties": {
+ "*": {
+ "type": "object"
+ }
+ }
+ },
+ "namespace": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "node": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pod": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "replicaset": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "statefulset": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "labels": {
+ "dynamic": "true",
+ "properties": {
+ "env": {
+ "type": "keyword"
+ },
+ "hostname": {
+ "type": "keyword"
+ },
+ "name": {
+ "type": "keyword"
+ }
+ }
+ },
+ "log": {
+ "properties": {
+ "level": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "logger": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "origin": {
+ "properties": {
+ "file": {
+ "properties": {
+ "line": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "function": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "original": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "syslog": {
+ "properties": {
+ "facility": {
+ "properties": {
+ "code": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "priority": {
+ "type": "long"
+ },
+ "severity": {
+ "properties": {
+ "code": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "network": {
+ "properties": {
+ "application": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "community_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "direction": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "forwarded_ip": {
+ "type": "ip"
+ },
+ "iana_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "inner": {
+ "properties": {
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "packets": {
+ "type": "long"
+ },
+ "protocol": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "transport": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "nodejs": {
+ "properties": {
+ "eventloop": {
+ "properties": {
+ "delay": {
+ "properties": {
+ "avg": {
+ "properties": {
+ "ms": {
+ "type": "long"
+ }
+ }
+ },
+ "ns": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "handles": {
+ "properties": {
+ "active": {
+ "type": "long"
+ }
+ }
+ },
+ "memory": {
+ "properties": {
+ "arrayBuffers": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "external": {
+ "properties": {
+ "bytes": {
+ "type": "float"
+ }
+ }
+ },
+ "heap": {
+ "properties": {
+ "allocated": {
+ "properties": {
+ "bytes": {
+ "type": "float"
+ }
+ }
+ },
+ "used": {
+ "properties": {
+ "bytes": {
+ "type": "float"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "requests": {
+ "properties": {
+ "active": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "observer": {
+ "dynamic": "false",
+ "properties": {
+ "egress": {
+ "properties": {
+ "interface": {
+ "properties": {
+ "alias": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "zone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hostname": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ingress": {
+ "properties": {
+ "interface": {
+ "properties": {
+ "alias": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "zone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "listening": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "os": {
+ "properties": {
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "serial_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "vendor": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version_major": {
+ "type": "byte"
+ }
+ }
+ },
+ "organization": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "os": {
+ "properties": {
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "package": {
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "build_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "checksum": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "install_scope": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "installed": {
+ "type": "date"
+ },
+ "license": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "size": {
+ "type": "long"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "parent": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pe": {
+ "properties": {
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "process": {
+ "dynamic": "false",
+ "properties": {
+ "args": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "args_count": {
+ "type": "long"
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "command_line": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "entity_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "executable": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "exit_code": {
+ "type": "long"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "parent": {
+ "properties": {
+ "args": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "args_count": {
+ "type": "long"
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "command_line": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "entity_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "executable": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "exit_code": {
+ "type": "long"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "pgid": {
+ "type": "long"
+ },
+ "pid": {
+ "type": "long"
+ },
+ "ppid": {
+ "type": "long"
+ },
+ "start": {
+ "type": "date"
+ },
+ "thread": {
+ "properties": {
+ "id": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "title": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uptime": {
+ "type": "long"
+ },
+ "working_directory": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pe": {
+ "properties": {
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pgid": {
+ "type": "long"
+ },
+ "pid": {
+ "type": "long"
+ },
+ "ppid": {
+ "type": "long"
+ },
+ "start": {
+ "type": "date"
+ },
+ "thread": {
+ "properties": {
+ "id": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "title": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uptime": {
+ "type": "long"
+ },
+ "working_directory": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "processor": {
+ "properties": {
+ "event": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "profile": {
+ "dynamic": "false",
+ "properties": {
+ "alloc_objects": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "alloc_space": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "cpu": {
+ "properties": {
+ "ns": {
+ "type": "long"
+ }
+ }
+ },
+ "duration": {
+ "type": "long"
+ },
+ "inuse_objects": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "inuse_space": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "samples": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "stack": {
+ "dynamic": "false",
+ "properties": {
+ "filename": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "function": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "line": {
+ "type": "long"
+ }
+ }
+ },
+ "top": {
+ "dynamic": "false",
+ "properties": {
+ "filename": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "function": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "line": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "registry": {
+ "properties": {
+ "data": {
+ "properties": {
+ "bytes": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "strings": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hive": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "key": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "value": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "related": {
+ "properties": {
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "user": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "rule": {
+ "properties": {
+ "author": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "category": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "license": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ruleset": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uuid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "server": {
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "service": {
+ "dynamic": "false",
+ "properties": {
+ "environment": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ephemeral_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "framework": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "language": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "node": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "runtime": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "state": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "source": {
+ "dynamic": "false",
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "sourcemap": {
+ "dynamic": "false",
+ "properties": {
+ "bundle_filepath": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "service": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "span": {
+ "dynamic": "false",
+ "properties": {
+ "action": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "db": {
+ "dynamic": "false",
+ "properties": {
+ "link": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "rows_affected": {
+ "type": "long"
+ }
+ }
+ },
+ "destination": {
+ "dynamic": "false",
+ "properties": {
+ "service": {
+ "dynamic": "false",
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "resource": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "duration": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "message": {
+ "dynamic": "false",
+ "properties": {
+ "age": {
+ "properties": {
+ "ms": {
+ "type": "long"
+ }
+ }
+ },
+ "queue": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "self_time": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "sum": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "start": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "subtype": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sync": {
+ "type": "boolean"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "system": {
+ "properties": {
+ "cpu": {
+ "properties": {
+ "total": {
+ "properties": {
+ "norm": {
+ "properties": {
+ "pct": {
+ "scaling_factor": 1000,
+ "type": "scaled_float"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "memory": {
+ "properties": {
+ "actual": {
+ "properties": {
+ "free": {
+ "type": "long"
+ }
+ }
+ },
+ "total": {
+ "type": "long"
+ }
+ }
+ },
+ "process": {
+ "properties": {
+ "cpu": {
+ "properties": {
+ "system": {
+ "properties": {
+ "norm": {
+ "properties": {
+ "pct": {
+ "type": "float"
+ }
+ }
+ }
+ }
+ },
+ "total": {
+ "properties": {
+ "norm": {
+ "properties": {
+ "pct": {
+ "scaling_factor": 1000,
+ "type": "scaled_float"
+ }
+ }
+ }
+ }
+ },
+ "user": {
+ "properties": {
+ "norm": {
+ "properties": {
+ "pct": {
+ "type": "float"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "memory": {
+ "properties": {
+ "rss": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "size": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "tags": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "threat": {
+ "properties": {
+ "framework": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "tactic": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "technique": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "timeseries": {
+ "properties": {
+ "instance": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "timestamp": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "tls": {
+ "properties": {
+ "cipher": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "client": {
+ "properties": {
+ "certificate": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "certificate_chain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "issuer": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ja3": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "server_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "supported_ciphers": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "curve": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "established": {
+ "type": "boolean"
+ },
+ "next_protocol": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "resumed": {
+ "type": "boolean"
+ },
+ "server": {
+ "properties": {
+ "certificate": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "certificate_chain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "issuer": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ja3s": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "subject": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version_protocol": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "trace": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "tracing": {
+ "properties": {
+ "trace": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "transaction": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "transaction": {
+ "dynamic": "false",
+ "properties": {
+ "breakdown": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "duration": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "histogram": {
+ "type": "histogram"
+ },
+ "sum": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "marks": {
+ "dynamic": "true",
+ "properties": {
+ "*": {
+ "properties": {
+ "*": {
+ "dynamic": "true",
+ "type": "object"
+ }
+ }
+ }
+ }
+ },
+ "message": {
+ "dynamic": "false",
+ "properties": {
+ "age": {
+ "properties": {
+ "ms": {
+ "type": "long"
+ }
+ }
+ },
+ "queue": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "result": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "root": {
+ "type": "boolean"
+ },
+ "sampled": {
+ "type": "boolean"
+ },
+ "self_time": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "sum": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "span_count": {
+ "properties": {
+ "dropped": {
+ "type": "long"
+ }
+ }
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "url": {
+ "dynamic": "false",
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "extension": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "fragment": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "password": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "port": {
+ "type": "long"
+ },
+ "query": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "scheme": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "username": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "user": {
+ "dynamic": "false",
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "user_agent": {
+ "dynamic": "false",
+ "properties": {
+ "device": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "os": {
+ "properties": {
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "view spans": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "vulnerability": {
+ "properties": {
+ "category": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "classification": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "enumeration": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "report_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "scanner": {
+ "properties": {
+ "vendor": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "score": {
+ "properties": {
+ "base": {
+ "type": "float"
+ },
+ "environmental": {
+ "type": "float"
+ },
+ "temporal": {
+ "type": "float"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "severity": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "settings": {
+ "index": {
+ "codec": "best_compression",
+ "lifecycle": {
+ "name": "apm-rollover-30-days",
+ "rollover_alias": "apm-8.0.0-metric"
+ },
+ "mapping": {
+ "total_fields": {
+ "limit": "2000"
+ }
+ },
+ "number_of_replicas": "0",
+ "number_of_shards": "1",
+ "priority": "100",
+ "query": {
+ "default_field": [
+ "message",
+ "tags",
+ "agent.ephemeral_id",
+ "agent.id",
+ "agent.name",
+ "agent.type",
+ "agent.version",
+ "as.organization.name",
+ "client.address",
+ "client.as.organization.name",
+ "client.domain",
+ "client.geo.city_name",
+ "client.geo.continent_name",
+ "client.geo.country_iso_code",
+ "client.geo.country_name",
+ "client.geo.name",
+ "client.geo.region_iso_code",
+ "client.geo.region_name",
+ "client.mac",
+ "client.registered_domain",
+ "client.top_level_domain",
+ "client.user.domain",
+ "client.user.email",
+ "client.user.full_name",
+ "client.user.group.domain",
+ "client.user.group.id",
+ "client.user.group.name",
+ "client.user.hash",
+ "client.user.id",
+ "client.user.name",
+ "cloud.account.id",
+ "cloud.availability_zone",
+ "cloud.instance.id",
+ "cloud.instance.name",
+ "cloud.machine.type",
+ "cloud.provider",
+ "cloud.region",
+ "container.id",
+ "container.image.name",
+ "container.image.tag",
+ "container.name",
+ "container.runtime",
+ "destination.address",
+ "destination.as.organization.name",
+ "destination.domain",
+ "destination.geo.city_name",
+ "destination.geo.continent_name",
+ "destination.geo.country_iso_code",
+ "destination.geo.country_name",
+ "destination.geo.name",
+ "destination.geo.region_iso_code",
+ "destination.geo.region_name",
+ "destination.mac",
+ "destination.registered_domain",
+ "destination.top_level_domain",
+ "destination.user.domain",
+ "destination.user.email",
+ "destination.user.full_name",
+ "destination.user.group.domain",
+ "destination.user.group.id",
+ "destination.user.group.name",
+ "destination.user.hash",
+ "destination.user.id",
+ "destination.user.name",
+ "dns.answers.class",
+ "dns.answers.data",
+ "dns.answers.name",
+ "dns.answers.type",
+ "dns.header_flags",
+ "dns.id",
+ "dns.op_code",
+ "dns.question.class",
+ "dns.question.name",
+ "dns.question.registered_domain",
+ "dns.question.subdomain",
+ "dns.question.top_level_domain",
+ "dns.question.type",
+ "dns.response_code",
+ "dns.type",
+ "ecs.version",
+ "error.code",
+ "error.id",
+ "error.message",
+ "error.stack_trace",
+ "error.type",
+ "event.action",
+ "event.category",
+ "event.code",
+ "event.dataset",
+ "event.hash",
+ "event.id",
+ "event.kind",
+ "event.module",
+ "event.original",
+ "event.outcome",
+ "event.provider",
+ "event.timezone",
+ "event.type",
+ "file.device",
+ "file.directory",
+ "file.extension",
+ "file.gid",
+ "file.group",
+ "file.hash.md5",
+ "file.hash.sha1",
+ "file.hash.sha256",
+ "file.hash.sha512",
+ "file.inode",
+ "file.mode",
+ "file.name",
+ "file.owner",
+ "file.path",
+ "file.target_path",
+ "file.type",
+ "file.uid",
+ "geo.city_name",
+ "geo.continent_name",
+ "geo.country_iso_code",
+ "geo.country_name",
+ "geo.name",
+ "geo.region_iso_code",
+ "geo.region_name",
+ "group.domain",
+ "group.id",
+ "group.name",
+ "hash.md5",
+ "hash.sha1",
+ "hash.sha256",
+ "hash.sha512",
+ "host.architecture",
+ "host.geo.city_name",
+ "host.geo.continent_name",
+ "host.geo.country_iso_code",
+ "host.geo.country_name",
+ "host.geo.name",
+ "host.geo.region_iso_code",
+ "host.geo.region_name",
+ "host.hostname",
+ "host.id",
+ "host.mac",
+ "host.name",
+ "host.os.family",
+ "host.os.full",
+ "host.os.kernel",
+ "host.os.name",
+ "host.os.platform",
+ "host.os.version",
+ "host.type",
+ "host.user.domain",
+ "host.user.email",
+ "host.user.full_name",
+ "host.user.group.domain",
+ "host.user.group.id",
+ "host.user.group.name",
+ "host.user.hash",
+ "host.user.id",
+ "host.user.name",
+ "http.request.body.content",
+ "http.request.method",
+ "http.request.referrer",
+ "http.response.body.content",
+ "http.version",
+ "log.level",
+ "log.logger",
+ "log.origin.file.name",
+ "log.origin.function",
+ "log.original",
+ "log.syslog.facility.name",
+ "log.syslog.severity.name",
+ "network.application",
+ "network.community_id",
+ "network.direction",
+ "network.iana_number",
+ "network.name",
+ "network.protocol",
+ "network.transport",
+ "network.type",
+ "observer.geo.city_name",
+ "observer.geo.continent_name",
+ "observer.geo.country_iso_code",
+ "observer.geo.country_name",
+ "observer.geo.name",
+ "observer.geo.region_iso_code",
+ "observer.geo.region_name",
+ "observer.hostname",
+ "observer.mac",
+ "observer.name",
+ "observer.os.family",
+ "observer.os.full",
+ "observer.os.kernel",
+ "observer.os.name",
+ "observer.os.platform",
+ "observer.os.version",
+ "observer.product",
+ "observer.serial_number",
+ "observer.type",
+ "observer.vendor",
+ "observer.version",
+ "organization.id",
+ "organization.name",
+ "os.family",
+ "os.full",
+ "os.kernel",
+ "os.name",
+ "os.platform",
+ "os.version",
+ "package.architecture",
+ "package.checksum",
+ "package.description",
+ "package.install_scope",
+ "package.license",
+ "package.name",
+ "package.path",
+ "package.version",
+ "process.args",
+ "text",
+ "process.executable",
+ "process.hash.md5",
+ "process.hash.sha1",
+ "process.hash.sha256",
+ "process.hash.sha512",
+ "process.name",
+ "text",
+ "text",
+ "text",
+ "text",
+ "text",
+ "process.thread.name",
+ "process.title",
+ "process.working_directory",
+ "server.address",
+ "server.as.organization.name",
+ "server.domain",
+ "server.geo.city_name",
+ "server.geo.continent_name",
+ "server.geo.country_iso_code",
+ "server.geo.country_name",
+ "server.geo.name",
+ "server.geo.region_iso_code",
+ "server.geo.region_name",
+ "server.mac",
+ "server.registered_domain",
+ "server.top_level_domain",
+ "server.user.domain",
+ "server.user.email",
+ "server.user.full_name",
+ "server.user.group.domain",
+ "server.user.group.id",
+ "server.user.group.name",
+ "server.user.hash",
+ "server.user.id",
+ "server.user.name",
+ "service.ephemeral_id",
+ "service.id",
+ "service.name",
+ "service.node.name",
+ "service.state",
+ "service.type",
+ "service.version",
+ "source.address",
+ "source.as.organization.name",
+ "source.domain",
+ "source.geo.city_name",
+ "source.geo.continent_name",
+ "source.geo.country_iso_code",
+ "source.geo.country_name",
+ "source.geo.name",
+ "source.geo.region_iso_code",
+ "source.geo.region_name",
+ "source.mac",
+ "source.registered_domain",
+ "source.top_level_domain",
+ "source.user.domain",
+ "source.user.email",
+ "source.user.full_name",
+ "source.user.group.domain",
+ "source.user.group.id",
+ "source.user.group.name",
+ "source.user.hash",
+ "source.user.id",
+ "source.user.name",
+ "threat.framework",
+ "threat.tactic.id",
+ "threat.tactic.name",
+ "threat.tactic.reference",
+ "threat.technique.id",
+ "threat.technique.name",
+ "threat.technique.reference",
+ "tracing.trace.id",
+ "tracing.transaction.id",
+ "url.domain",
+ "url.extension",
+ "url.fragment",
+ "url.full",
+ "url.original",
+ "url.password",
+ "url.path",
+ "url.query",
+ "url.registered_domain",
+ "url.scheme",
+ "url.top_level_domain",
+ "url.username",
+ "user.domain",
+ "user.email",
+ "user.full_name",
+ "user.group.domain",
+ "user.group.id",
+ "user.group.name",
+ "user.hash",
+ "user.id",
+ "user.name",
+ "user_agent.device.name",
+ "user_agent.name",
+ "text",
+ "user_agent.original",
+ "user_agent.os.family",
+ "user_agent.os.full",
+ "user_agent.os.kernel",
+ "user_agent.os.name",
+ "user_agent.os.platform",
+ "user_agent.os.version",
+ "user_agent.version",
+ "text",
+ "timeseries.instance",
+ "cloud.project.id",
+ "cloud.image.id",
+ "host.os.build",
+ "host.os.codename",
+ "kubernetes.pod.name",
+ "kubernetes.pod.uid",
+ "kubernetes.namespace",
+ "kubernetes.node.name",
+ "kubernetes.replicaset.name",
+ "kubernetes.deployment.name",
+ "kubernetes.statefulset.name",
+ "kubernetes.container.name",
+ "kubernetes.container.image",
+ "processor.name",
+ "processor.event",
+ "url.scheme",
+ "url.full",
+ "url.domain",
+ "url.path",
+ "url.query",
+ "url.fragment",
+ "http.version",
+ "http.request.method",
+ "http.request.referrer",
+ "service.name",
+ "service.version",
+ "service.environment",
+ "service.node.name",
+ "service.language.name",
+ "service.language.version",
+ "service.runtime.name",
+ "service.runtime.version",
+ "service.framework.name",
+ "service.framework.version",
+ "transaction.id",
+ "transaction.type",
+ "text",
+ "transaction.name",
+ "span.type",
+ "span.subtype",
+ "trace.id",
+ "parent.id",
+ "agent.name",
+ "agent.version",
+ "agent.ephemeral_id",
+ "container.id",
+ "kubernetes.namespace",
+ "kubernetes.node.name",
+ "kubernetes.pod.name",
+ "kubernetes.pod.uid",
+ "host.architecture",
+ "host.hostname",
+ "host.name",
+ "host.os.platform",
+ "process.args",
+ "process.title",
+ "observer.listening",
+ "observer.hostname",
+ "observer.version",
+ "observer.type",
+ "user.name",
+ "user.id",
+ "user.email",
+ "destination.address",
+ "text",
+ "user_agent.original",
+ "user_agent.name",
+ "user_agent.version",
+ "user_agent.device.name",
+ "user_agent.os.platform",
+ "user_agent.os.name",
+ "user_agent.os.full",
+ "user_agent.os.family",
+ "user_agent.os.version",
+ "user_agent.os.kernel",
+ "cloud.account.id",
+ "cloud.account.name",
+ "cloud.availability_zone",
+ "cloud.instance.id",
+ "cloud.instance.name",
+ "cloud.machine.type",
+ "cloud.project.id",
+ "cloud.project.name",
+ "cloud.provider",
+ "cloud.region",
+ "error.id",
+ "error.culprit",
+ "error.grouping_key",
+ "error.exception.code",
+ "error.exception.message",
+ "error.exception.module",
+ "error.exception.type",
+ "error.log.level",
+ "error.log.logger_name",
+ "error.log.message",
+ "error.log.param_message",
+ "profile.top.id",
+ "profile.top.function",
+ "profile.top.filename",
+ "profile.stack.id",
+ "profile.stack.function",
+ "profile.stack.filename",
+ "sourcemap.service.name",
+ "sourcemap.service.version",
+ "sourcemap.bundle_filepath",
+ "view spans",
+ "child.id",
+ "span.id",
+ "span.name",
+ "span.action",
+ "span.db.link",
+ "span.destination.service.type",
+ "span.destination.service.name",
+ "span.destination.service.resource",
+ "span.message.queue.name",
+ "transaction.result",
+ "transaction.message.queue.name",
+ "fields.*"
+ ]
+ },
+ "refresh_interval": "1ms"
+ }
+ }
+ }
+}
+
+{
+ "type": "index",
+ "value": {
+ "aliases": {
+ },
+ "index": "apm-8.0.0-onboarding-2020.06.29",
+ "mappings": {
+ "_meta": {
+ "beat": "apm",
+ "version": "8.0.0"
+ },
+ "date_detection": false,
+ "dynamic_templates": [
+ {
+ "labels": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "container.labels": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "container.labels.*"
+ }
+ },
+ {
+ "dns.answers": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "dns.answers.*"
+ }
+ },
+ {
+ "log.syslog": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "log.syslog.*"
+ }
+ },
+ {
+ "network.inner": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "network.inner.*"
+ }
+ },
+ {
+ "observer.egress": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "observer.egress.*"
+ }
+ },
+ {
+ "observer.ingress": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "observer.ingress.*"
+ }
+ },
+ {
+ "fields": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "fields.*"
+ }
+ },
+ {
+ "docker.container.labels": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "docker.container.labels.*"
+ }
+ },
+ {
+ "kubernetes.labels.*": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "path_match": "kubernetes.labels.*"
+ }
+ },
+ {
+ "kubernetes.annotations.*": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "path_match": "kubernetes.annotations.*"
+ }
+ },
+ {
+ "labels_string": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_boolean": {
+ "mapping": {
+ "type": "boolean"
+ },
+ "match_mapping_type": "boolean",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "transaction.marks": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "transaction.marks.*"
+ }
+ },
+ {
+ "transaction.marks.*.*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "transaction.marks.*.*"
+ }
+ },
+ {
+ "strings_as_keyword": {
+ "mapping": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "match_mapping_type": "string"
+ }
+ }
+ ],
+ "properties": {
+ "@timestamp": {
+ "type": "date"
+ },
+ "agent": {
+ "dynamic": "false",
+ "properties": {
+ "ephemeral_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hostname": {
+ "path": "agent.name",
+ "type": "alias"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "child": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "client": {
+ "dynamic": "false",
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "cloud": {
+ "properties": {
+ "account": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "availability_zone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "image": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "instance": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "machine": {
+ "dynamic": "false",
+ "properties": {
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "project": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "provider": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "container": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "image": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "tag": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "labels": {
+ "type": "object"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "runtime": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "destination": {
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "dll": {
+ "properties": {
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "pe": {
+ "properties": {
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "dns": {
+ "properties": {
+ "answers": {
+ "properties": {
+ "class": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "data": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ttl": {
+ "type": "long"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "header_flags": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "op_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "question": {
+ "properties": {
+ "class": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subdomain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "resolved_ip": {
+ "type": "ip"
+ },
+ "response_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "docker": {
+ "properties": {
+ "container": {
+ "properties": {
+ "labels": {
+ "type": "object"
+ }
+ }
+ }
+ }
+ },
+ "ecs": {
+ "properties": {
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "error": {
+ "dynamic": "false",
+ "properties": {
+ "code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "culprit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "exception": {
+ "properties": {
+ "code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "handled": {
+ "type": "boolean"
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "module": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "grouping_key": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "log": {
+ "properties": {
+ "level": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "logger_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "param_message": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "stack_trace": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "event": {
+ "properties": {
+ "action": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "category": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "created": {
+ "type": "date"
+ },
+ "dataset": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "duration": {
+ "type": "long"
+ },
+ "end": {
+ "type": "date"
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ingested": {
+ "type": "date"
+ },
+ "kind": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "module": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "outcome": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "provider": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "risk_score": {
+ "type": "float"
+ },
+ "risk_score_norm": {
+ "type": "float"
+ },
+ "sequence": {
+ "type": "long"
+ },
+ "severity": {
+ "type": "long"
+ },
+ "start": {
+ "type": "date"
+ },
+ "timezone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "url": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "experimental": {
+ "dynamic": "true",
+ "type": "object"
+ },
+ "fields": {
+ "type": "object"
+ },
+ "file": {
+ "properties": {
+ "accessed": {
+ "type": "date"
+ },
+ "attributes": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "created": {
+ "type": "date"
+ },
+ "ctime": {
+ "type": "date"
+ },
+ "device": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "directory": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "drive_letter": {
+ "ignore_above": 1,
+ "type": "keyword"
+ },
+ "extension": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "gid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "inode": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mime_type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mode": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mtime": {
+ "type": "date"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "owner": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "pe": {
+ "properties": {
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "size": {
+ "type": "long"
+ },
+ "target_path": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "host": {
+ "dynamic": "false",
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "containerized": {
+ "type": "boolean"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hostname": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "os": {
+ "properties": {
+ "build": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "codename": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uptime": {
+ "type": "long"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "http": {
+ "dynamic": "false",
+ "properties": {
+ "request": {
+ "properties": {
+ "body": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ },
+ "content": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "headers": {
+ "enabled": false,
+ "type": "object"
+ },
+ "method": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "referrer": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "response": {
+ "properties": {
+ "body": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ },
+ "content": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "finished": {
+ "type": "boolean"
+ },
+ "headers": {
+ "enabled": false,
+ "type": "object"
+ },
+ "status_code": {
+ "type": "long"
+ }
+ }
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "interface": {
+ "properties": {
+ "alias": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "kubernetes": {
+ "dynamic": "false",
+ "properties": {
+ "annotations": {
+ "properties": {
+ "*": {
+ "type": "object"
+ }
+ }
+ },
+ "container": {
+ "properties": {
+ "image": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "deployment": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "labels": {
+ "properties": {
+ "*": {
+ "type": "object"
+ }
+ }
+ },
+ "namespace": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "node": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pod": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "replicaset": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "statefulset": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "labels": {
+ "dynamic": "true",
+ "type": "object"
+ },
+ "log": {
+ "properties": {
+ "level": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "logger": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "origin": {
+ "properties": {
+ "file": {
+ "properties": {
+ "line": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "function": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "original": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "syslog": {
+ "properties": {
+ "facility": {
+ "properties": {
+ "code": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "priority": {
+ "type": "long"
+ },
+ "severity": {
+ "properties": {
+ "code": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "network": {
+ "properties": {
+ "application": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "community_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "direction": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "forwarded_ip": {
+ "type": "ip"
+ },
+ "iana_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "inner": {
+ "properties": {
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "packets": {
+ "type": "long"
+ },
+ "protocol": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "transport": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "observer": {
+ "dynamic": "false",
+ "properties": {
+ "egress": {
+ "properties": {
+ "interface": {
+ "properties": {
+ "alias": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "zone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hostname": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ingress": {
+ "properties": {
+ "interface": {
+ "properties": {
+ "alias": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "zone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "listening": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "os": {
+ "properties": {
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "serial_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "vendor": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version_major": {
+ "type": "byte"
+ }
+ }
+ },
+ "organization": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "os": {
+ "properties": {
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "package": {
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "build_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "checksum": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "install_scope": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "installed": {
+ "type": "date"
+ },
+ "license": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "size": {
+ "type": "long"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "parent": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pe": {
+ "properties": {
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "process": {
+ "dynamic": "false",
+ "properties": {
+ "args": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "args_count": {
+ "type": "long"
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "command_line": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "entity_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "executable": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "exit_code": {
+ "type": "long"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "parent": {
+ "properties": {
+ "args": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "args_count": {
+ "type": "long"
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "command_line": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "entity_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "executable": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "exit_code": {
+ "type": "long"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "pgid": {
+ "type": "long"
+ },
+ "pid": {
+ "type": "long"
+ },
+ "ppid": {
+ "type": "long"
+ },
+ "start": {
+ "type": "date"
+ },
+ "thread": {
+ "properties": {
+ "id": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "title": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uptime": {
+ "type": "long"
+ },
+ "working_directory": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pe": {
+ "properties": {
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pgid": {
+ "type": "long"
+ },
+ "pid": {
+ "type": "long"
+ },
+ "ppid": {
+ "type": "long"
+ },
+ "start": {
+ "type": "date"
+ },
+ "thread": {
+ "properties": {
+ "id": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "title": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uptime": {
+ "type": "long"
+ },
+ "working_directory": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "processor": {
+ "properties": {
+ "event": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "profile": {
+ "dynamic": "false",
+ "properties": {
+ "alloc_objects": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "alloc_space": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "cpu": {
+ "properties": {
+ "ns": {
+ "type": "long"
+ }
+ }
+ },
+ "duration": {
+ "type": "long"
+ },
+ "inuse_objects": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "inuse_space": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "samples": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "stack": {
+ "dynamic": "false",
+ "properties": {
+ "filename": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "function": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "line": {
+ "type": "long"
+ }
+ }
+ },
+ "top": {
+ "dynamic": "false",
+ "properties": {
+ "filename": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "function": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "line": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "registry": {
+ "properties": {
+ "data": {
+ "properties": {
+ "bytes": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "strings": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hive": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "key": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "value": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "related": {
+ "properties": {
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "user": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "rule": {
+ "properties": {
+ "author": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "category": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "license": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ruleset": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uuid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "server": {
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "service": {
+ "dynamic": "false",
+ "properties": {
+ "environment": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ephemeral_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "framework": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "language": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "node": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "runtime": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "state": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "source": {
+ "dynamic": "false",
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "sourcemap": {
+ "dynamic": "false",
+ "properties": {
+ "bundle_filepath": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "service": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "span": {
+ "dynamic": "false",
+ "properties": {
+ "action": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "db": {
+ "dynamic": "false",
+ "properties": {
+ "link": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "rows_affected": {
+ "type": "long"
+ }
+ }
+ },
+ "destination": {
+ "dynamic": "false",
+ "properties": {
+ "service": {
+ "dynamic": "false",
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "resource": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "duration": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "message": {
+ "dynamic": "false",
+ "properties": {
+ "age": {
+ "properties": {
+ "ms": {
+ "type": "long"
+ }
+ }
+ },
+ "queue": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "self_time": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "sum": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "start": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "subtype": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sync": {
+ "type": "boolean"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "system": {
+ "properties": {
+ "cpu": {
+ "properties": {
+ "total": {
+ "properties": {
+ "norm": {
+ "properties": {
+ "pct": {
+ "scaling_factor": 1000,
+ "type": "scaled_float"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "memory": {
+ "properties": {
+ "actual": {
+ "properties": {
+ "free": {
+ "type": "long"
+ }
+ }
+ },
+ "total": {
+ "type": "long"
+ }
+ }
+ },
+ "process": {
+ "properties": {
+ "cpu": {
+ "properties": {
+ "total": {
+ "properties": {
+ "norm": {
+ "properties": {
+ "pct": {
+ "scaling_factor": 1000,
+ "type": "scaled_float"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "memory": {
+ "properties": {
+ "rss": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "size": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "tags": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "threat": {
+ "properties": {
+ "framework": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "tactic": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "technique": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "timeseries": {
+ "properties": {
+ "instance": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "timestamp": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "tls": {
+ "properties": {
+ "cipher": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "client": {
+ "properties": {
+ "certificate": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "certificate_chain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "issuer": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ja3": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "server_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "supported_ciphers": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "curve": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "established": {
+ "type": "boolean"
+ },
+ "next_protocol": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "resumed": {
+ "type": "boolean"
+ },
+ "server": {
+ "properties": {
+ "certificate": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "certificate_chain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "issuer": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ja3s": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "subject": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version_protocol": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "trace": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "tracing": {
+ "properties": {
+ "trace": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "transaction": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "transaction": {
+ "dynamic": "false",
+ "properties": {
+ "breakdown": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "duration": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "histogram": {
+ "type": "histogram"
+ },
+ "sum": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "marks": {
+ "dynamic": "true",
+ "properties": {
+ "*": {
+ "properties": {
+ "*": {
+ "dynamic": "true",
+ "type": "object"
+ }
+ }
+ }
+ }
+ },
+ "message": {
+ "dynamic": "false",
+ "properties": {
+ "age": {
+ "properties": {
+ "ms": {
+ "type": "long"
+ }
+ }
+ },
+ "queue": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "result": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "root": {
+ "type": "boolean"
+ },
+ "sampled": {
+ "type": "boolean"
+ },
+ "self_time": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "sum": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "span_count": {
+ "properties": {
+ "dropped": {
+ "type": "long"
+ }
+ }
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "url": {
+ "dynamic": "false",
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "extension": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "fragment": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "password": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "port": {
+ "type": "long"
+ },
+ "query": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "scheme": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "username": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "user": {
+ "dynamic": "false",
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "user_agent": {
+ "dynamic": "false",
+ "properties": {
+ "device": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "os": {
+ "properties": {
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "view spans": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "vulnerability": {
+ "properties": {
+ "category": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "classification": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "enumeration": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "report_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "scanner": {
+ "properties": {
+ "vendor": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "score": {
+ "properties": {
+ "base": {
+ "type": "float"
+ },
+ "environmental": {
+ "type": "float"
+ },
+ "temporal": {
+ "type": "float"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "severity": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "settings": {
+ "index": {
+ "codec": "best_compression",
+ "mapping": {
+ "total_fields": {
+ "limit": "2000"
+ }
+ },
+ "number_of_replicas": "0",
+ "number_of_shards": "1",
+ "query": {
+ "default_field": [
+ "message",
+ "tags",
+ "agent.ephemeral_id",
+ "agent.id",
+ "agent.name",
+ "agent.type",
+ "agent.version",
+ "as.organization.name",
+ "client.address",
+ "client.as.organization.name",
+ "client.domain",
+ "client.geo.city_name",
+ "client.geo.continent_name",
+ "client.geo.country_iso_code",
+ "client.geo.country_name",
+ "client.geo.name",
+ "client.geo.region_iso_code",
+ "client.geo.region_name",
+ "client.mac",
+ "client.registered_domain",
+ "client.top_level_domain",
+ "client.user.domain",
+ "client.user.email",
+ "client.user.full_name",
+ "client.user.group.domain",
+ "client.user.group.id",
+ "client.user.group.name",
+ "client.user.hash",
+ "client.user.id",
+ "client.user.name",
+ "cloud.account.id",
+ "cloud.availability_zone",
+ "cloud.instance.id",
+ "cloud.instance.name",
+ "cloud.machine.type",
+ "cloud.provider",
+ "cloud.region",
+ "container.id",
+ "container.image.name",
+ "container.image.tag",
+ "container.name",
+ "container.runtime",
+ "destination.address",
+ "destination.as.organization.name",
+ "destination.domain",
+ "destination.geo.city_name",
+ "destination.geo.continent_name",
+ "destination.geo.country_iso_code",
+ "destination.geo.country_name",
+ "destination.geo.name",
+ "destination.geo.region_iso_code",
+ "destination.geo.region_name",
+ "destination.mac",
+ "destination.registered_domain",
+ "destination.top_level_domain",
+ "destination.user.domain",
+ "destination.user.email",
+ "destination.user.full_name",
+ "destination.user.group.domain",
+ "destination.user.group.id",
+ "destination.user.group.name",
+ "destination.user.hash",
+ "destination.user.id",
+ "destination.user.name",
+ "dns.answers.class",
+ "dns.answers.data",
+ "dns.answers.name",
+ "dns.answers.type",
+ "dns.header_flags",
+ "dns.id",
+ "dns.op_code",
+ "dns.question.class",
+ "dns.question.name",
+ "dns.question.registered_domain",
+ "dns.question.subdomain",
+ "dns.question.top_level_domain",
+ "dns.question.type",
+ "dns.response_code",
+ "dns.type",
+ "ecs.version",
+ "error.code",
+ "error.id",
+ "error.message",
+ "error.stack_trace",
+ "error.type",
+ "event.action",
+ "event.category",
+ "event.code",
+ "event.dataset",
+ "event.hash",
+ "event.id",
+ "event.kind",
+ "event.module",
+ "event.original",
+ "event.outcome",
+ "event.provider",
+ "event.timezone",
+ "event.type",
+ "file.device",
+ "file.directory",
+ "file.extension",
+ "file.gid",
+ "file.group",
+ "file.hash.md5",
+ "file.hash.sha1",
+ "file.hash.sha256",
+ "file.hash.sha512",
+ "file.inode",
+ "file.mode",
+ "file.name",
+ "file.owner",
+ "file.path",
+ "file.target_path",
+ "file.type",
+ "file.uid",
+ "geo.city_name",
+ "geo.continent_name",
+ "geo.country_iso_code",
+ "geo.country_name",
+ "geo.name",
+ "geo.region_iso_code",
+ "geo.region_name",
+ "group.domain",
+ "group.id",
+ "group.name",
+ "hash.md5",
+ "hash.sha1",
+ "hash.sha256",
+ "hash.sha512",
+ "host.architecture",
+ "host.geo.city_name",
+ "host.geo.continent_name",
+ "host.geo.country_iso_code",
+ "host.geo.country_name",
+ "host.geo.name",
+ "host.geo.region_iso_code",
+ "host.geo.region_name",
+ "host.hostname",
+ "host.id",
+ "host.mac",
+ "host.name",
+ "host.os.family",
+ "host.os.full",
+ "host.os.kernel",
+ "host.os.name",
+ "host.os.platform",
+ "host.os.version",
+ "host.type",
+ "host.user.domain",
+ "host.user.email",
+ "host.user.full_name",
+ "host.user.group.domain",
+ "host.user.group.id",
+ "host.user.group.name",
+ "host.user.hash",
+ "host.user.id",
+ "host.user.name",
+ "http.request.body.content",
+ "http.request.method",
+ "http.request.referrer",
+ "http.response.body.content",
+ "http.version",
+ "log.level",
+ "log.logger",
+ "log.origin.file.name",
+ "log.origin.function",
+ "log.original",
+ "log.syslog.facility.name",
+ "log.syslog.severity.name",
+ "network.application",
+ "network.community_id",
+ "network.direction",
+ "network.iana_number",
+ "network.name",
+ "network.protocol",
+ "network.transport",
+ "network.type",
+ "observer.geo.city_name",
+ "observer.geo.continent_name",
+ "observer.geo.country_iso_code",
+ "observer.geo.country_name",
+ "observer.geo.name",
+ "observer.geo.region_iso_code",
+ "observer.geo.region_name",
+ "observer.hostname",
+ "observer.mac",
+ "observer.name",
+ "observer.os.family",
+ "observer.os.full",
+ "observer.os.kernel",
+ "observer.os.name",
+ "observer.os.platform",
+ "observer.os.version",
+ "observer.product",
+ "observer.serial_number",
+ "observer.type",
+ "observer.vendor",
+ "observer.version",
+ "organization.id",
+ "organization.name",
+ "os.family",
+ "os.full",
+ "os.kernel",
+ "os.name",
+ "os.platform",
+ "os.version",
+ "package.architecture",
+ "package.checksum",
+ "package.description",
+ "package.install_scope",
+ "package.license",
+ "package.name",
+ "package.path",
+ "package.version",
+ "process.args",
+ "text",
+ "process.executable",
+ "process.hash.md5",
+ "process.hash.sha1",
+ "process.hash.sha256",
+ "process.hash.sha512",
+ "process.name",
+ "text",
+ "text",
+ "text",
+ "text",
+ "text",
+ "process.thread.name",
+ "process.title",
+ "process.working_directory",
+ "server.address",
+ "server.as.organization.name",
+ "server.domain",
+ "server.geo.city_name",
+ "server.geo.continent_name",
+ "server.geo.country_iso_code",
+ "server.geo.country_name",
+ "server.geo.name",
+ "server.geo.region_iso_code",
+ "server.geo.region_name",
+ "server.mac",
+ "server.registered_domain",
+ "server.top_level_domain",
+ "server.user.domain",
+ "server.user.email",
+ "server.user.full_name",
+ "server.user.group.domain",
+ "server.user.group.id",
+ "server.user.group.name",
+ "server.user.hash",
+ "server.user.id",
+ "server.user.name",
+ "service.ephemeral_id",
+ "service.id",
+ "service.name",
+ "service.node.name",
+ "service.state",
+ "service.type",
+ "service.version",
+ "source.address",
+ "source.as.organization.name",
+ "source.domain",
+ "source.geo.city_name",
+ "source.geo.continent_name",
+ "source.geo.country_iso_code",
+ "source.geo.country_name",
+ "source.geo.name",
+ "source.geo.region_iso_code",
+ "source.geo.region_name",
+ "source.mac",
+ "source.registered_domain",
+ "source.top_level_domain",
+ "source.user.domain",
+ "source.user.email",
+ "source.user.full_name",
+ "source.user.group.domain",
+ "source.user.group.id",
+ "source.user.group.name",
+ "source.user.hash",
+ "source.user.id",
+ "source.user.name",
+ "threat.framework",
+ "threat.tactic.id",
+ "threat.tactic.name",
+ "threat.tactic.reference",
+ "threat.technique.id",
+ "threat.technique.name",
+ "threat.technique.reference",
+ "tracing.trace.id",
+ "tracing.transaction.id",
+ "url.domain",
+ "url.extension",
+ "url.fragment",
+ "url.full",
+ "url.original",
+ "url.password",
+ "url.path",
+ "url.query",
+ "url.registered_domain",
+ "url.scheme",
+ "url.top_level_domain",
+ "url.username",
+ "user.domain",
+ "user.email",
+ "user.full_name",
+ "user.group.domain",
+ "user.group.id",
+ "user.group.name",
+ "user.hash",
+ "user.id",
+ "user.name",
+ "user_agent.device.name",
+ "user_agent.name",
+ "text",
+ "user_agent.original",
+ "user_agent.os.family",
+ "user_agent.os.full",
+ "user_agent.os.kernel",
+ "user_agent.os.name",
+ "user_agent.os.platform",
+ "user_agent.os.version",
+ "user_agent.version",
+ "text",
+ "timeseries.instance",
+ "cloud.project.id",
+ "cloud.image.id",
+ "host.os.build",
+ "host.os.codename",
+ "kubernetes.pod.name",
+ "kubernetes.pod.uid",
+ "kubernetes.namespace",
+ "kubernetes.node.name",
+ "kubernetes.replicaset.name",
+ "kubernetes.deployment.name",
+ "kubernetes.statefulset.name",
+ "kubernetes.container.name",
+ "kubernetes.container.image",
+ "processor.name",
+ "processor.event",
+ "url.scheme",
+ "url.full",
+ "url.domain",
+ "url.path",
+ "url.query",
+ "url.fragment",
+ "http.version",
+ "http.request.method",
+ "http.request.referrer",
+ "service.name",
+ "service.version",
+ "service.environment",
+ "service.node.name",
+ "service.language.name",
+ "service.language.version",
+ "service.runtime.name",
+ "service.runtime.version",
+ "service.framework.name",
+ "service.framework.version",
+ "transaction.id",
+ "transaction.type",
+ "text",
+ "transaction.name",
+ "span.type",
+ "span.subtype",
+ "trace.id",
+ "parent.id",
+ "agent.name",
+ "agent.version",
+ "agent.ephemeral_id",
+ "container.id",
+ "kubernetes.namespace",
+ "kubernetes.node.name",
+ "kubernetes.pod.name",
+ "kubernetes.pod.uid",
+ "host.architecture",
+ "host.hostname",
+ "host.name",
+ "host.os.platform",
+ "process.args",
+ "process.title",
+ "observer.listening",
+ "observer.hostname",
+ "observer.version",
+ "observer.type",
+ "user.name",
+ "user.id",
+ "user.email",
+ "destination.address",
+ "text",
+ "user_agent.original",
+ "user_agent.name",
+ "user_agent.version",
+ "user_agent.device.name",
+ "user_agent.os.platform",
+ "user_agent.os.name",
+ "user_agent.os.full",
+ "user_agent.os.family",
+ "user_agent.os.version",
+ "user_agent.os.kernel",
+ "cloud.account.id",
+ "cloud.account.name",
+ "cloud.availability_zone",
+ "cloud.instance.id",
+ "cloud.instance.name",
+ "cloud.machine.type",
+ "cloud.project.id",
+ "cloud.project.name",
+ "cloud.provider",
+ "cloud.region",
+ "error.id",
+ "error.culprit",
+ "error.grouping_key",
+ "error.exception.code",
+ "error.exception.message",
+ "error.exception.module",
+ "error.exception.type",
+ "error.log.level",
+ "error.log.logger_name",
+ "error.log.message",
+ "error.log.param_message",
+ "profile.top.id",
+ "profile.top.function",
+ "profile.top.filename",
+ "profile.stack.id",
+ "profile.stack.function",
+ "profile.stack.filename",
+ "sourcemap.service.name",
+ "sourcemap.service.version",
+ "sourcemap.bundle_filepath",
+ "view spans",
+ "child.id",
+ "span.id",
+ "span.name",
+ "span.action",
+ "span.db.link",
+ "span.destination.service.type",
+ "span.destination.service.name",
+ "span.destination.service.resource",
+ "span.message.queue.name",
+ "transaction.result",
+ "transaction.message.queue.name",
+ "fields.*"
+ ]
+ },
+ "refresh_interval": "1ms"
+ }
+ }
+ }
+}
+
+{
+ "type": "index",
+ "value": {
+ "aliases": {
+ "apm-8.0.0-profile": {
+ "is_write_index": true
+ }
+ },
+ "index": "apm-8.0.0-profile-000001",
+ "mappings": {
+ "_meta": {
+ "beat": "apm",
+ "version": "8.0.0"
+ },
+ "date_detection": false,
+ "dynamic_templates": [
+ {
+ "labels": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "container.labels": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "container.labels.*"
+ }
+ },
+ {
+ "dns.answers": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "dns.answers.*"
+ }
+ },
+ {
+ "log.syslog": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "log.syslog.*"
+ }
+ },
+ {
+ "network.inner": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "network.inner.*"
+ }
+ },
+ {
+ "observer.egress": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "observer.egress.*"
+ }
+ },
+ {
+ "observer.ingress": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "observer.ingress.*"
+ }
+ },
+ {
+ "fields": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "fields.*"
+ }
+ },
+ {
+ "docker.container.labels": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "docker.container.labels.*"
+ }
+ },
+ {
+ "kubernetes.labels.*": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "path_match": "kubernetes.labels.*"
+ }
+ },
+ {
+ "kubernetes.annotations.*": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "path_match": "kubernetes.annotations.*"
+ }
+ },
+ {
+ "labels_string": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_boolean": {
+ "mapping": {
+ "type": "boolean"
+ },
+ "match_mapping_type": "boolean",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "transaction.marks": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "transaction.marks.*"
+ }
+ },
+ {
+ "transaction.marks.*.*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "transaction.marks.*.*"
+ }
+ },
+ {
+ "strings_as_keyword": {
+ "mapping": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "match_mapping_type": "string"
+ }
+ }
+ ],
+ "properties": {
+ "@timestamp": {
+ "type": "date"
+ },
+ "agent": {
+ "dynamic": "false",
+ "properties": {
+ "ephemeral_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hostname": {
+ "path": "agent.name",
+ "type": "alias"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "child": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "client": {
+ "dynamic": "false",
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "cloud": {
+ "properties": {
+ "account": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "availability_zone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "image": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "instance": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "machine": {
+ "dynamic": "false",
+ "properties": {
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "project": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "provider": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "container": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "image": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "tag": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "labels": {
+ "type": "object"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "runtime": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "destination": {
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "dll": {
+ "properties": {
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "pe": {
+ "properties": {
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "dns": {
+ "properties": {
+ "answers": {
+ "properties": {
+ "class": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "data": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ttl": {
+ "type": "long"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "header_flags": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "op_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "question": {
+ "properties": {
+ "class": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subdomain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "resolved_ip": {
+ "type": "ip"
+ },
+ "response_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "docker": {
+ "properties": {
+ "container": {
+ "properties": {
+ "labels": {
+ "type": "object"
+ }
+ }
+ }
+ }
+ },
+ "ecs": {
+ "properties": {
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "error": {
+ "dynamic": "false",
+ "properties": {
+ "code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "culprit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "exception": {
+ "properties": {
+ "code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "handled": {
+ "type": "boolean"
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "module": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "grouping_key": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "log": {
+ "properties": {
+ "level": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "logger_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "param_message": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "stack_trace": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "event": {
+ "properties": {
+ "action": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "category": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "created": {
+ "type": "date"
+ },
+ "dataset": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "duration": {
+ "type": "long"
+ },
+ "end": {
+ "type": "date"
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ingested": {
+ "type": "date"
+ },
+ "kind": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "module": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "outcome": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "provider": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "risk_score": {
+ "type": "float"
+ },
+ "risk_score_norm": {
+ "type": "float"
+ },
+ "sequence": {
+ "type": "long"
+ },
+ "severity": {
+ "type": "long"
+ },
+ "start": {
+ "type": "date"
+ },
+ "timezone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "url": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "experimental": {
+ "dynamic": "true",
+ "type": "object"
+ },
+ "fields": {
+ "type": "object"
+ },
+ "file": {
+ "properties": {
+ "accessed": {
+ "type": "date"
+ },
+ "attributes": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "created": {
+ "type": "date"
+ },
+ "ctime": {
+ "type": "date"
+ },
+ "device": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "directory": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "drive_letter": {
+ "ignore_above": 1,
+ "type": "keyword"
+ },
+ "extension": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "gid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "inode": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mime_type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mode": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mtime": {
+ "type": "date"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "owner": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "pe": {
+ "properties": {
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "size": {
+ "type": "long"
+ },
+ "target_path": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "host": {
+ "dynamic": "false",
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "containerized": {
+ "type": "boolean"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hostname": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "os": {
+ "properties": {
+ "build": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "codename": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uptime": {
+ "type": "long"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "http": {
+ "dynamic": "false",
+ "properties": {
+ "request": {
+ "properties": {
+ "body": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ },
+ "content": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "headers": {
+ "enabled": false,
+ "type": "object"
+ },
+ "method": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "referrer": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "response": {
+ "properties": {
+ "body": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ },
+ "content": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "finished": {
+ "type": "boolean"
+ },
+ "headers": {
+ "enabled": false,
+ "type": "object"
+ },
+ "status_code": {
+ "type": "long"
+ }
+ }
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "interface": {
+ "properties": {
+ "alias": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "kubernetes": {
+ "dynamic": "false",
+ "properties": {
+ "annotations": {
+ "properties": {
+ "*": {
+ "type": "object"
+ }
+ }
+ },
+ "container": {
+ "properties": {
+ "image": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "deployment": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "labels": {
+ "properties": {
+ "*": {
+ "type": "object"
+ }
+ }
+ },
+ "namespace": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "node": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pod": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "replicaset": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "statefulset": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "labels": {
+ "dynamic": "true",
+ "type": "object"
+ },
+ "log": {
+ "properties": {
+ "level": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "logger": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "origin": {
+ "properties": {
+ "file": {
+ "properties": {
+ "line": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "function": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "original": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "syslog": {
+ "properties": {
+ "facility": {
+ "properties": {
+ "code": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "priority": {
+ "type": "long"
+ },
+ "severity": {
+ "properties": {
+ "code": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "network": {
+ "properties": {
+ "application": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "community_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "direction": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "forwarded_ip": {
+ "type": "ip"
+ },
+ "iana_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "inner": {
+ "properties": {
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "packets": {
+ "type": "long"
+ },
+ "protocol": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "transport": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "observer": {
+ "dynamic": "false",
+ "properties": {
+ "egress": {
+ "properties": {
+ "interface": {
+ "properties": {
+ "alias": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "zone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hostname": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ingress": {
+ "properties": {
+ "interface": {
+ "properties": {
+ "alias": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "zone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "listening": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "os": {
+ "properties": {
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "serial_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "vendor": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version_major": {
+ "type": "byte"
+ }
+ }
+ },
+ "organization": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "os": {
+ "properties": {
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "package": {
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "build_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "checksum": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "install_scope": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "installed": {
+ "type": "date"
+ },
+ "license": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "size": {
+ "type": "long"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "parent": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pe": {
+ "properties": {
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "process": {
+ "dynamic": "false",
+ "properties": {
+ "args": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "args_count": {
+ "type": "long"
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "command_line": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "entity_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "executable": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "exit_code": {
+ "type": "long"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "parent": {
+ "properties": {
+ "args": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "args_count": {
+ "type": "long"
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "command_line": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "entity_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "executable": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "exit_code": {
+ "type": "long"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "pgid": {
+ "type": "long"
+ },
+ "pid": {
+ "type": "long"
+ },
+ "ppid": {
+ "type": "long"
+ },
+ "start": {
+ "type": "date"
+ },
+ "thread": {
+ "properties": {
+ "id": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "title": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uptime": {
+ "type": "long"
+ },
+ "working_directory": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pe": {
+ "properties": {
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pgid": {
+ "type": "long"
+ },
+ "pid": {
+ "type": "long"
+ },
+ "ppid": {
+ "type": "long"
+ },
+ "start": {
+ "type": "date"
+ },
+ "thread": {
+ "properties": {
+ "id": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "title": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uptime": {
+ "type": "long"
+ },
+ "working_directory": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "processor": {
+ "properties": {
+ "event": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "profile": {
+ "dynamic": "false",
+ "properties": {
+ "alloc_objects": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "alloc_space": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "cpu": {
+ "properties": {
+ "ns": {
+ "type": "long"
+ }
+ }
+ },
+ "duration": {
+ "type": "long"
+ },
+ "inuse_objects": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "inuse_space": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "samples": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "stack": {
+ "dynamic": "false",
+ "properties": {
+ "filename": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "function": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "line": {
+ "type": "long"
+ }
+ }
+ },
+ "top": {
+ "dynamic": "false",
+ "properties": {
+ "filename": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "function": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "line": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "registry": {
+ "properties": {
+ "data": {
+ "properties": {
+ "bytes": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "strings": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hive": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "key": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "value": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "related": {
+ "properties": {
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "user": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "rule": {
+ "properties": {
+ "author": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "category": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "license": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ruleset": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uuid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "server": {
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "service": {
+ "dynamic": "false",
+ "properties": {
+ "environment": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ephemeral_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "framework": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "language": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "node": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "runtime": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "state": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "source": {
+ "dynamic": "false",
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "sourcemap": {
+ "dynamic": "false",
+ "properties": {
+ "bundle_filepath": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "service": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "span": {
+ "dynamic": "false",
+ "properties": {
+ "action": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "db": {
+ "dynamic": "false",
+ "properties": {
+ "link": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "rows_affected": {
+ "type": "long"
+ }
+ }
+ },
+ "destination": {
+ "dynamic": "false",
+ "properties": {
+ "service": {
+ "dynamic": "false",
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "resource": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "duration": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "message": {
+ "dynamic": "false",
+ "properties": {
+ "age": {
+ "properties": {
+ "ms": {
+ "type": "long"
+ }
+ }
+ },
+ "queue": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "self_time": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "sum": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "start": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "subtype": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sync": {
+ "type": "boolean"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "system": {
+ "properties": {
+ "cpu": {
+ "properties": {
+ "total": {
+ "properties": {
+ "norm": {
+ "properties": {
+ "pct": {
+ "scaling_factor": 1000,
+ "type": "scaled_float"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "memory": {
+ "properties": {
+ "actual": {
+ "properties": {
+ "free": {
+ "type": "long"
+ }
+ }
+ },
+ "total": {
+ "type": "long"
+ }
+ }
+ },
+ "process": {
+ "properties": {
+ "cpu": {
+ "properties": {
+ "total": {
+ "properties": {
+ "norm": {
+ "properties": {
+ "pct": {
+ "scaling_factor": 1000,
+ "type": "scaled_float"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "memory": {
+ "properties": {
+ "rss": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "size": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "tags": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "threat": {
+ "properties": {
+ "framework": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "tactic": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "technique": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "timeseries": {
+ "properties": {
+ "instance": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "timestamp": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "tls": {
+ "properties": {
+ "cipher": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "client": {
+ "properties": {
+ "certificate": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "certificate_chain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "issuer": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ja3": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "server_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "supported_ciphers": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "curve": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "established": {
+ "type": "boolean"
+ },
+ "next_protocol": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "resumed": {
+ "type": "boolean"
+ },
+ "server": {
+ "properties": {
+ "certificate": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "certificate_chain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "issuer": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ja3s": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "subject": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version_protocol": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "trace": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "tracing": {
+ "properties": {
+ "trace": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "transaction": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "transaction": {
+ "dynamic": "false",
+ "properties": {
+ "breakdown": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "duration": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "histogram": {
+ "type": "histogram"
+ },
+ "sum": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "marks": {
+ "dynamic": "true",
+ "properties": {
+ "*": {
+ "properties": {
+ "*": {
+ "dynamic": "true",
+ "type": "object"
+ }
+ }
+ }
+ }
+ },
+ "message": {
+ "dynamic": "false",
+ "properties": {
+ "age": {
+ "properties": {
+ "ms": {
+ "type": "long"
+ }
+ }
+ },
+ "queue": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "result": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "root": {
+ "type": "boolean"
+ },
+ "sampled": {
+ "type": "boolean"
+ },
+ "self_time": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "sum": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "span_count": {
+ "properties": {
+ "dropped": {
+ "type": "long"
+ }
+ }
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "url": {
+ "dynamic": "false",
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "extension": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "fragment": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "password": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "port": {
+ "type": "long"
+ },
+ "query": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "scheme": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "username": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "user": {
+ "dynamic": "false",
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "user_agent": {
+ "dynamic": "false",
+ "properties": {
+ "device": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "os": {
+ "properties": {
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "view spans": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "vulnerability": {
+ "properties": {
+ "category": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "classification": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "enumeration": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "report_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "scanner": {
+ "properties": {
+ "vendor": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "score": {
+ "properties": {
+ "base": {
+ "type": "float"
+ },
+ "environmental": {
+ "type": "float"
+ },
+ "temporal": {
+ "type": "float"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "severity": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "settings": {
+ "index": {
+ "codec": "best_compression",
+ "lifecycle": {
+ "name": "apm-rollover-30-days",
+ "rollover_alias": "apm-8.0.0-profile"
+ },
+ "mapping": {
+ "total_fields": {
+ "limit": "2000"
+ }
+ },
+ "number_of_replicas": "0",
+ "number_of_shards": "1",
+ "priority": "100",
+ "query": {
+ "default_field": [
+ "message",
+ "tags",
+ "agent.ephemeral_id",
+ "agent.id",
+ "agent.name",
+ "agent.type",
+ "agent.version",
+ "as.organization.name",
+ "client.address",
+ "client.as.organization.name",
+ "client.domain",
+ "client.geo.city_name",
+ "client.geo.continent_name",
+ "client.geo.country_iso_code",
+ "client.geo.country_name",
+ "client.geo.name",
+ "client.geo.region_iso_code",
+ "client.geo.region_name",
+ "client.mac",
+ "client.registered_domain",
+ "client.top_level_domain",
+ "client.user.domain",
+ "client.user.email",
+ "client.user.full_name",
+ "client.user.group.domain",
+ "client.user.group.id",
+ "client.user.group.name",
+ "client.user.hash",
+ "client.user.id",
+ "client.user.name",
+ "cloud.account.id",
+ "cloud.availability_zone",
+ "cloud.instance.id",
+ "cloud.instance.name",
+ "cloud.machine.type",
+ "cloud.provider",
+ "cloud.region",
+ "container.id",
+ "container.image.name",
+ "container.image.tag",
+ "container.name",
+ "container.runtime",
+ "destination.address",
+ "destination.as.organization.name",
+ "destination.domain",
+ "destination.geo.city_name",
+ "destination.geo.continent_name",
+ "destination.geo.country_iso_code",
+ "destination.geo.country_name",
+ "destination.geo.name",
+ "destination.geo.region_iso_code",
+ "destination.geo.region_name",
+ "destination.mac",
+ "destination.registered_domain",
+ "destination.top_level_domain",
+ "destination.user.domain",
+ "destination.user.email",
+ "destination.user.full_name",
+ "destination.user.group.domain",
+ "destination.user.group.id",
+ "destination.user.group.name",
+ "destination.user.hash",
+ "destination.user.id",
+ "destination.user.name",
+ "dns.answers.class",
+ "dns.answers.data",
+ "dns.answers.name",
+ "dns.answers.type",
+ "dns.header_flags",
+ "dns.id",
+ "dns.op_code",
+ "dns.question.class",
+ "dns.question.name",
+ "dns.question.registered_domain",
+ "dns.question.subdomain",
+ "dns.question.top_level_domain",
+ "dns.question.type",
+ "dns.response_code",
+ "dns.type",
+ "ecs.version",
+ "error.code",
+ "error.id",
+ "error.message",
+ "error.stack_trace",
+ "error.type",
+ "event.action",
+ "event.category",
+ "event.code",
+ "event.dataset",
+ "event.hash",
+ "event.id",
+ "event.kind",
+ "event.module",
+ "event.original",
+ "event.outcome",
+ "event.provider",
+ "event.timezone",
+ "event.type",
+ "file.device",
+ "file.directory",
+ "file.extension",
+ "file.gid",
+ "file.group",
+ "file.hash.md5",
+ "file.hash.sha1",
+ "file.hash.sha256",
+ "file.hash.sha512",
+ "file.inode",
+ "file.mode",
+ "file.name",
+ "file.owner",
+ "file.path",
+ "file.target_path",
+ "file.type",
+ "file.uid",
+ "geo.city_name",
+ "geo.continent_name",
+ "geo.country_iso_code",
+ "geo.country_name",
+ "geo.name",
+ "geo.region_iso_code",
+ "geo.region_name",
+ "group.domain",
+ "group.id",
+ "group.name",
+ "hash.md5",
+ "hash.sha1",
+ "hash.sha256",
+ "hash.sha512",
+ "host.architecture",
+ "host.geo.city_name",
+ "host.geo.continent_name",
+ "host.geo.country_iso_code",
+ "host.geo.country_name",
+ "host.geo.name",
+ "host.geo.region_iso_code",
+ "host.geo.region_name",
+ "host.hostname",
+ "host.id",
+ "host.mac",
+ "host.name",
+ "host.os.family",
+ "host.os.full",
+ "host.os.kernel",
+ "host.os.name",
+ "host.os.platform",
+ "host.os.version",
+ "host.type",
+ "host.user.domain",
+ "host.user.email",
+ "host.user.full_name",
+ "host.user.group.domain",
+ "host.user.group.id",
+ "host.user.group.name",
+ "host.user.hash",
+ "host.user.id",
+ "host.user.name",
+ "http.request.body.content",
+ "http.request.method",
+ "http.request.referrer",
+ "http.response.body.content",
+ "http.version",
+ "log.level",
+ "log.logger",
+ "log.origin.file.name",
+ "log.origin.function",
+ "log.original",
+ "log.syslog.facility.name",
+ "log.syslog.severity.name",
+ "network.application",
+ "network.community_id",
+ "network.direction",
+ "network.iana_number",
+ "network.name",
+ "network.protocol",
+ "network.transport",
+ "network.type",
+ "observer.geo.city_name",
+ "observer.geo.continent_name",
+ "observer.geo.country_iso_code",
+ "observer.geo.country_name",
+ "observer.geo.name",
+ "observer.geo.region_iso_code",
+ "observer.geo.region_name",
+ "observer.hostname",
+ "observer.mac",
+ "observer.name",
+ "observer.os.family",
+ "observer.os.full",
+ "observer.os.kernel",
+ "observer.os.name",
+ "observer.os.platform",
+ "observer.os.version",
+ "observer.product",
+ "observer.serial_number",
+ "observer.type",
+ "observer.vendor",
+ "observer.version",
+ "organization.id",
+ "organization.name",
+ "os.family",
+ "os.full",
+ "os.kernel",
+ "os.name",
+ "os.platform",
+ "os.version",
+ "package.architecture",
+ "package.checksum",
+ "package.description",
+ "package.install_scope",
+ "package.license",
+ "package.name",
+ "package.path",
+ "package.version",
+ "process.args",
+ "text",
+ "process.executable",
+ "process.hash.md5",
+ "process.hash.sha1",
+ "process.hash.sha256",
+ "process.hash.sha512",
+ "process.name",
+ "text",
+ "text",
+ "text",
+ "text",
+ "text",
+ "process.thread.name",
+ "process.title",
+ "process.working_directory",
+ "server.address",
+ "server.as.organization.name",
+ "server.domain",
+ "server.geo.city_name",
+ "server.geo.continent_name",
+ "server.geo.country_iso_code",
+ "server.geo.country_name",
+ "server.geo.name",
+ "server.geo.region_iso_code",
+ "server.geo.region_name",
+ "server.mac",
+ "server.registered_domain",
+ "server.top_level_domain",
+ "server.user.domain",
+ "server.user.email",
+ "server.user.full_name",
+ "server.user.group.domain",
+ "server.user.group.id",
+ "server.user.group.name",
+ "server.user.hash",
+ "server.user.id",
+ "server.user.name",
+ "service.ephemeral_id",
+ "service.id",
+ "service.name",
+ "service.node.name",
+ "service.state",
+ "service.type",
+ "service.version",
+ "source.address",
+ "source.as.organization.name",
+ "source.domain",
+ "source.geo.city_name",
+ "source.geo.continent_name",
+ "source.geo.country_iso_code",
+ "source.geo.country_name",
+ "source.geo.name",
+ "source.geo.region_iso_code",
+ "source.geo.region_name",
+ "source.mac",
+ "source.registered_domain",
+ "source.top_level_domain",
+ "source.user.domain",
+ "source.user.email",
+ "source.user.full_name",
+ "source.user.group.domain",
+ "source.user.group.id",
+ "source.user.group.name",
+ "source.user.hash",
+ "source.user.id",
+ "source.user.name",
+ "threat.framework",
+ "threat.tactic.id",
+ "threat.tactic.name",
+ "threat.tactic.reference",
+ "threat.technique.id",
+ "threat.technique.name",
+ "threat.technique.reference",
+ "tracing.trace.id",
+ "tracing.transaction.id",
+ "url.domain",
+ "url.extension",
+ "url.fragment",
+ "url.full",
+ "url.original",
+ "url.password",
+ "url.path",
+ "url.query",
+ "url.registered_domain",
+ "url.scheme",
+ "url.top_level_domain",
+ "url.username",
+ "user.domain",
+ "user.email",
+ "user.full_name",
+ "user.group.domain",
+ "user.group.id",
+ "user.group.name",
+ "user.hash",
+ "user.id",
+ "user.name",
+ "user_agent.device.name",
+ "user_agent.name",
+ "text",
+ "user_agent.original",
+ "user_agent.os.family",
+ "user_agent.os.full",
+ "user_agent.os.kernel",
+ "user_agent.os.name",
+ "user_agent.os.platform",
+ "user_agent.os.version",
+ "user_agent.version",
+ "text",
+ "timeseries.instance",
+ "cloud.project.id",
+ "cloud.image.id",
+ "host.os.build",
+ "host.os.codename",
+ "kubernetes.pod.name",
+ "kubernetes.pod.uid",
+ "kubernetes.namespace",
+ "kubernetes.node.name",
+ "kubernetes.replicaset.name",
+ "kubernetes.deployment.name",
+ "kubernetes.statefulset.name",
+ "kubernetes.container.name",
+ "kubernetes.container.image",
+ "processor.name",
+ "processor.event",
+ "url.scheme",
+ "url.full",
+ "url.domain",
+ "url.path",
+ "url.query",
+ "url.fragment",
+ "http.version",
+ "http.request.method",
+ "http.request.referrer",
+ "service.name",
+ "service.version",
+ "service.environment",
+ "service.node.name",
+ "service.language.name",
+ "service.language.version",
+ "service.runtime.name",
+ "service.runtime.version",
+ "service.framework.name",
+ "service.framework.version",
+ "transaction.id",
+ "transaction.type",
+ "text",
+ "transaction.name",
+ "span.type",
+ "span.subtype",
+ "trace.id",
+ "parent.id",
+ "agent.name",
+ "agent.version",
+ "agent.ephemeral_id",
+ "container.id",
+ "kubernetes.namespace",
+ "kubernetes.node.name",
+ "kubernetes.pod.name",
+ "kubernetes.pod.uid",
+ "host.architecture",
+ "host.hostname",
+ "host.name",
+ "host.os.platform",
+ "process.args",
+ "process.title",
+ "observer.listening",
+ "observer.hostname",
+ "observer.version",
+ "observer.type",
+ "user.name",
+ "user.id",
+ "user.email",
+ "destination.address",
+ "text",
+ "user_agent.original",
+ "user_agent.name",
+ "user_agent.version",
+ "user_agent.device.name",
+ "user_agent.os.platform",
+ "user_agent.os.name",
+ "user_agent.os.full",
+ "user_agent.os.family",
+ "user_agent.os.version",
+ "user_agent.os.kernel",
+ "cloud.account.id",
+ "cloud.account.name",
+ "cloud.availability_zone",
+ "cloud.instance.id",
+ "cloud.instance.name",
+ "cloud.machine.type",
+ "cloud.project.id",
+ "cloud.project.name",
+ "cloud.provider",
+ "cloud.region",
+ "error.id",
+ "error.culprit",
+ "error.grouping_key",
+ "error.exception.code",
+ "error.exception.message",
+ "error.exception.module",
+ "error.exception.type",
+ "error.log.level",
+ "error.log.logger_name",
+ "error.log.message",
+ "error.log.param_message",
+ "profile.top.id",
+ "profile.top.function",
+ "profile.top.filename",
+ "profile.stack.id",
+ "profile.stack.function",
+ "profile.stack.filename",
+ "sourcemap.service.name",
+ "sourcemap.service.version",
+ "sourcemap.bundle_filepath",
+ "view spans",
+ "child.id",
+ "span.id",
+ "span.name",
+ "span.action",
+ "span.db.link",
+ "span.destination.service.type",
+ "span.destination.service.name",
+ "span.destination.service.resource",
+ "span.message.queue.name",
+ "transaction.result",
+ "transaction.message.queue.name",
+ "fields.*"
+ ]
+ },
+ "refresh_interval": "1ms"
+ }
+ }
+ }
+}
+
+{
+ "type": "index",
+ "value": {
+ "aliases": {
+ "apm-8.0.0-span": {
+ "is_write_index": true
+ }
+ },
+ "index": "apm-8.0.0-span-000001",
+ "mappings": {
+ "_meta": {
+ "beat": "apm",
+ "version": "8.0.0"
+ },
+ "date_detection": false,
+ "dynamic_templates": [
+ {
+ "labels": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "container.labels": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "container.labels.*"
+ }
+ },
+ {
+ "dns.answers": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "dns.answers.*"
+ }
+ },
+ {
+ "log.syslog": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "log.syslog.*"
+ }
+ },
+ {
+ "network.inner": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "network.inner.*"
+ }
+ },
+ {
+ "observer.egress": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "observer.egress.*"
+ }
+ },
+ {
+ "observer.ingress": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "observer.ingress.*"
+ }
+ },
+ {
+ "fields": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "fields.*"
+ }
+ },
+ {
+ "docker.container.labels": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "docker.container.labels.*"
+ }
+ },
+ {
+ "kubernetes.labels.*": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "path_match": "kubernetes.labels.*"
+ }
+ },
+ {
+ "kubernetes.annotations.*": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "path_match": "kubernetes.annotations.*"
+ }
+ },
+ {
+ "labels_string": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_boolean": {
+ "mapping": {
+ "type": "boolean"
+ },
+ "match_mapping_type": "boolean",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "transaction.marks": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "transaction.marks.*"
+ }
+ },
+ {
+ "transaction.marks.*.*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "transaction.marks.*.*"
+ }
+ },
+ {
+ "strings_as_keyword": {
+ "mapping": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "match_mapping_type": "string"
+ }
+ }
+ ],
+ "properties": {
+ "@timestamp": {
+ "type": "date"
+ },
+ "agent": {
+ "dynamic": "false",
+ "properties": {
+ "ephemeral_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hostname": {
+ "path": "agent.name",
+ "type": "alias"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "child": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "client": {
+ "dynamic": "false",
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "cloud": {
+ "properties": {
+ "account": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "availability_zone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "image": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "instance": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "machine": {
+ "dynamic": "false",
+ "properties": {
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "project": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "provider": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "container": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "image": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "tag": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "labels": {
+ "type": "object"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "runtime": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "destination": {
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "dll": {
+ "properties": {
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "pe": {
+ "properties": {
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "dns": {
+ "properties": {
+ "answers": {
+ "properties": {
+ "class": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "data": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ttl": {
+ "type": "long"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "header_flags": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "op_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "question": {
+ "properties": {
+ "class": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subdomain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "resolved_ip": {
+ "type": "ip"
+ },
+ "response_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "docker": {
+ "properties": {
+ "container": {
+ "properties": {
+ "labels": {
+ "type": "object"
+ }
+ }
+ }
+ }
+ },
+ "ecs": {
+ "properties": {
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "error": {
+ "dynamic": "false",
+ "properties": {
+ "code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "culprit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "exception": {
+ "properties": {
+ "code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "handled": {
+ "type": "boolean"
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "module": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "grouping_key": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "log": {
+ "properties": {
+ "level": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "logger_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "param_message": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "stack_trace": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "event": {
+ "properties": {
+ "action": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "category": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "created": {
+ "type": "date"
+ },
+ "dataset": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "duration": {
+ "type": "long"
+ },
+ "end": {
+ "type": "date"
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ingested": {
+ "type": "date"
+ },
+ "kind": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "module": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "outcome": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "provider": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "risk_score": {
+ "type": "float"
+ },
+ "risk_score_norm": {
+ "type": "float"
+ },
+ "sequence": {
+ "type": "long"
+ },
+ "severity": {
+ "type": "long"
+ },
+ "start": {
+ "type": "date"
+ },
+ "timezone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "url": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "experimental": {
+ "dynamic": "true",
+ "type": "object"
+ },
+ "fields": {
+ "type": "object"
+ },
+ "file": {
+ "properties": {
+ "accessed": {
+ "type": "date"
+ },
+ "attributes": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "created": {
+ "type": "date"
+ },
+ "ctime": {
+ "type": "date"
+ },
+ "device": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "directory": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "drive_letter": {
+ "ignore_above": 1,
+ "type": "keyword"
+ },
+ "extension": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "gid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "inode": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mime_type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mode": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mtime": {
+ "type": "date"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "owner": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "pe": {
+ "properties": {
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "size": {
+ "type": "long"
+ },
+ "target_path": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "host": {
+ "dynamic": "false",
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "containerized": {
+ "type": "boolean"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hostname": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "os": {
+ "properties": {
+ "build": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "codename": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uptime": {
+ "type": "long"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "http": {
+ "dynamic": "false",
+ "properties": {
+ "request": {
+ "properties": {
+ "body": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ },
+ "content": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "headers": {
+ "enabled": false,
+ "type": "object"
+ },
+ "method": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "referrer": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "response": {
+ "properties": {
+ "body": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ },
+ "content": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "finished": {
+ "type": "boolean"
+ },
+ "headers": {
+ "enabled": false,
+ "type": "object"
+ },
+ "status_code": {
+ "type": "long"
+ }
+ }
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "interface": {
+ "properties": {
+ "alias": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "kubernetes": {
+ "dynamic": "false",
+ "properties": {
+ "annotations": {
+ "properties": {
+ "*": {
+ "type": "object"
+ }
+ }
+ },
+ "container": {
+ "properties": {
+ "image": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "deployment": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "labels": {
+ "properties": {
+ "*": {
+ "type": "object"
+ }
+ }
+ },
+ "namespace": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "node": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pod": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "replicaset": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "statefulset": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "labels": {
+ "dynamic": "true",
+ "properties": {
+ "foo": {
+ "type": "keyword"
+ },
+ "productId": {
+ "type": "keyword"
+ }
+ }
+ },
+ "log": {
+ "properties": {
+ "level": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "logger": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "origin": {
+ "properties": {
+ "file": {
+ "properties": {
+ "line": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "function": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "original": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "syslog": {
+ "properties": {
+ "facility": {
+ "properties": {
+ "code": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "priority": {
+ "type": "long"
+ },
+ "severity": {
+ "properties": {
+ "code": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "network": {
+ "properties": {
+ "application": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "community_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "direction": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "forwarded_ip": {
+ "type": "ip"
+ },
+ "iana_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "inner": {
+ "properties": {
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "packets": {
+ "type": "long"
+ },
+ "protocol": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "transport": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "observer": {
+ "dynamic": "false",
+ "properties": {
+ "egress": {
+ "properties": {
+ "interface": {
+ "properties": {
+ "alias": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "zone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hostname": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ingress": {
+ "properties": {
+ "interface": {
+ "properties": {
+ "alias": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "zone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "listening": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "os": {
+ "properties": {
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "serial_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "vendor": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version_major": {
+ "type": "byte"
+ }
+ }
+ },
+ "organization": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "os": {
+ "properties": {
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "package": {
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "build_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "checksum": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "install_scope": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "installed": {
+ "type": "date"
+ },
+ "license": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "size": {
+ "type": "long"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "parent": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pe": {
+ "properties": {
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "process": {
+ "dynamic": "false",
+ "properties": {
+ "args": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "args_count": {
+ "type": "long"
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "command_line": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "entity_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "executable": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "exit_code": {
+ "type": "long"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "parent": {
+ "properties": {
+ "args": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "args_count": {
+ "type": "long"
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "command_line": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "entity_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "executable": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "exit_code": {
+ "type": "long"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "pgid": {
+ "type": "long"
+ },
+ "pid": {
+ "type": "long"
+ },
+ "ppid": {
+ "type": "long"
+ },
+ "start": {
+ "type": "date"
+ },
+ "thread": {
+ "properties": {
+ "id": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "title": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uptime": {
+ "type": "long"
+ },
+ "working_directory": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pe": {
+ "properties": {
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pgid": {
+ "type": "long"
+ },
+ "pid": {
+ "type": "long"
+ },
+ "ppid": {
+ "type": "long"
+ },
+ "start": {
+ "type": "date"
+ },
+ "thread": {
+ "properties": {
+ "id": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "title": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uptime": {
+ "type": "long"
+ },
+ "working_directory": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "processor": {
+ "properties": {
+ "event": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "profile": {
+ "dynamic": "false",
+ "properties": {
+ "alloc_objects": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "alloc_space": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "cpu": {
+ "properties": {
+ "ns": {
+ "type": "long"
+ }
+ }
+ },
+ "duration": {
+ "type": "long"
+ },
+ "inuse_objects": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "inuse_space": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "samples": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "stack": {
+ "dynamic": "false",
+ "properties": {
+ "filename": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "function": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "line": {
+ "type": "long"
+ }
+ }
+ },
+ "top": {
+ "dynamic": "false",
+ "properties": {
+ "filename": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "function": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "line": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "registry": {
+ "properties": {
+ "data": {
+ "properties": {
+ "bytes": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "strings": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hive": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "key": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "value": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "related": {
+ "properties": {
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "user": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "rule": {
+ "properties": {
+ "author": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "category": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "license": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ruleset": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uuid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "server": {
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "service": {
+ "dynamic": "false",
+ "properties": {
+ "environment": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ephemeral_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "framework": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "language": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "node": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "runtime": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "state": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "source": {
+ "dynamic": "false",
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "sourcemap": {
+ "dynamic": "false",
+ "properties": {
+ "bundle_filepath": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "service": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "span": {
+ "dynamic": "false",
+ "properties": {
+ "action": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "db": {
+ "dynamic": "false",
+ "properties": {
+ "link": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "rows_affected": {
+ "type": "long"
+ }
+ }
+ },
+ "destination": {
+ "dynamic": "false",
+ "properties": {
+ "service": {
+ "dynamic": "false",
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "resource": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "duration": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "message": {
+ "dynamic": "false",
+ "properties": {
+ "age": {
+ "properties": {
+ "ms": {
+ "type": "long"
+ }
+ }
+ },
+ "queue": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "self_time": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "sum": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "start": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "subtype": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sync": {
+ "type": "boolean"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "system": {
+ "properties": {
+ "cpu": {
+ "properties": {
+ "total": {
+ "properties": {
+ "norm": {
+ "properties": {
+ "pct": {
+ "scaling_factor": 1000,
+ "type": "scaled_float"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "memory": {
+ "properties": {
+ "actual": {
+ "properties": {
+ "free": {
+ "type": "long"
+ }
+ }
+ },
+ "total": {
+ "type": "long"
+ }
+ }
+ },
+ "process": {
+ "properties": {
+ "cpu": {
+ "properties": {
+ "total": {
+ "properties": {
+ "norm": {
+ "properties": {
+ "pct": {
+ "scaling_factor": 1000,
+ "type": "scaled_float"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "memory": {
+ "properties": {
+ "rss": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "size": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "tags": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "threat": {
+ "properties": {
+ "framework": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "tactic": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "technique": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "timeseries": {
+ "properties": {
+ "instance": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "timestamp": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "tls": {
+ "properties": {
+ "cipher": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "client": {
+ "properties": {
+ "certificate": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "certificate_chain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "issuer": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ja3": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "server_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "supported_ciphers": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "curve": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "established": {
+ "type": "boolean"
+ },
+ "next_protocol": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "resumed": {
+ "type": "boolean"
+ },
+ "server": {
+ "properties": {
+ "certificate": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "certificate_chain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "issuer": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ja3s": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "subject": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version_protocol": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "trace": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "tracing": {
+ "properties": {
+ "trace": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "transaction": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "transaction": {
+ "dynamic": "false",
+ "properties": {
+ "breakdown": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "duration": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "histogram": {
+ "type": "histogram"
+ },
+ "sum": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "marks": {
+ "dynamic": "true",
+ "properties": {
+ "*": {
+ "properties": {
+ "*": {
+ "dynamic": "true",
+ "type": "object"
+ }
+ }
+ }
+ }
+ },
+ "message": {
+ "dynamic": "false",
+ "properties": {
+ "age": {
+ "properties": {
+ "ms": {
+ "type": "long"
+ }
+ }
+ },
+ "queue": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "result": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "root": {
+ "type": "boolean"
+ },
+ "sampled": {
+ "type": "boolean"
+ },
+ "self_time": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "sum": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "span_count": {
+ "properties": {
+ "dropped": {
+ "type": "long"
+ }
+ }
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "url": {
+ "dynamic": "false",
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "extension": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "fragment": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "password": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "port": {
+ "type": "long"
+ },
+ "query": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "scheme": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "username": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "user": {
+ "dynamic": "false",
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "user_agent": {
+ "dynamic": "false",
+ "properties": {
+ "device": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "os": {
+ "properties": {
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "view spans": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "vulnerability": {
+ "properties": {
+ "category": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "classification": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "enumeration": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "report_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "scanner": {
+ "properties": {
+ "vendor": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "score": {
+ "properties": {
+ "base": {
+ "type": "float"
+ },
+ "environmental": {
+ "type": "float"
+ },
+ "temporal": {
+ "type": "float"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "severity": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "settings": {
+ "index": {
+ "codec": "best_compression",
+ "lifecycle": {
+ "name": "apm-rollover-30-days",
+ "rollover_alias": "apm-8.0.0-span"
+ },
+ "mapping": {
+ "total_fields": {
+ "limit": "2000"
+ }
+ },
+ "number_of_replicas": "0",
+ "number_of_shards": "1",
+ "priority": "100",
+ "query": {
+ "default_field": [
+ "message",
+ "tags",
+ "agent.ephemeral_id",
+ "agent.id",
+ "agent.name",
+ "agent.type",
+ "agent.version",
+ "as.organization.name",
+ "client.address",
+ "client.as.organization.name",
+ "client.domain",
+ "client.geo.city_name",
+ "client.geo.continent_name",
+ "client.geo.country_iso_code",
+ "client.geo.country_name",
+ "client.geo.name",
+ "client.geo.region_iso_code",
+ "client.geo.region_name",
+ "client.mac",
+ "client.registered_domain",
+ "client.top_level_domain",
+ "client.user.domain",
+ "client.user.email",
+ "client.user.full_name",
+ "client.user.group.domain",
+ "client.user.group.id",
+ "client.user.group.name",
+ "client.user.hash",
+ "client.user.id",
+ "client.user.name",
+ "cloud.account.id",
+ "cloud.availability_zone",
+ "cloud.instance.id",
+ "cloud.instance.name",
+ "cloud.machine.type",
+ "cloud.provider",
+ "cloud.region",
+ "container.id",
+ "container.image.name",
+ "container.image.tag",
+ "container.name",
+ "container.runtime",
+ "destination.address",
+ "destination.as.organization.name",
+ "destination.domain",
+ "destination.geo.city_name",
+ "destination.geo.continent_name",
+ "destination.geo.country_iso_code",
+ "destination.geo.country_name",
+ "destination.geo.name",
+ "destination.geo.region_iso_code",
+ "destination.geo.region_name",
+ "destination.mac",
+ "destination.registered_domain",
+ "destination.top_level_domain",
+ "destination.user.domain",
+ "destination.user.email",
+ "destination.user.full_name",
+ "destination.user.group.domain",
+ "destination.user.group.id",
+ "destination.user.group.name",
+ "destination.user.hash",
+ "destination.user.id",
+ "destination.user.name",
+ "dns.answers.class",
+ "dns.answers.data",
+ "dns.answers.name",
+ "dns.answers.type",
+ "dns.header_flags",
+ "dns.id",
+ "dns.op_code",
+ "dns.question.class",
+ "dns.question.name",
+ "dns.question.registered_domain",
+ "dns.question.subdomain",
+ "dns.question.top_level_domain",
+ "dns.question.type",
+ "dns.response_code",
+ "dns.type",
+ "ecs.version",
+ "error.code",
+ "error.id",
+ "error.message",
+ "error.stack_trace",
+ "error.type",
+ "event.action",
+ "event.category",
+ "event.code",
+ "event.dataset",
+ "event.hash",
+ "event.id",
+ "event.kind",
+ "event.module",
+ "event.original",
+ "event.outcome",
+ "event.provider",
+ "event.timezone",
+ "event.type",
+ "file.device",
+ "file.directory",
+ "file.extension",
+ "file.gid",
+ "file.group",
+ "file.hash.md5",
+ "file.hash.sha1",
+ "file.hash.sha256",
+ "file.hash.sha512",
+ "file.inode",
+ "file.mode",
+ "file.name",
+ "file.owner",
+ "file.path",
+ "file.target_path",
+ "file.type",
+ "file.uid",
+ "geo.city_name",
+ "geo.continent_name",
+ "geo.country_iso_code",
+ "geo.country_name",
+ "geo.name",
+ "geo.region_iso_code",
+ "geo.region_name",
+ "group.domain",
+ "group.id",
+ "group.name",
+ "hash.md5",
+ "hash.sha1",
+ "hash.sha256",
+ "hash.sha512",
+ "host.architecture",
+ "host.geo.city_name",
+ "host.geo.continent_name",
+ "host.geo.country_iso_code",
+ "host.geo.country_name",
+ "host.geo.name",
+ "host.geo.region_iso_code",
+ "host.geo.region_name",
+ "host.hostname",
+ "host.id",
+ "host.mac",
+ "host.name",
+ "host.os.family",
+ "host.os.full",
+ "host.os.kernel",
+ "host.os.name",
+ "host.os.platform",
+ "host.os.version",
+ "host.type",
+ "host.user.domain",
+ "host.user.email",
+ "host.user.full_name",
+ "host.user.group.domain",
+ "host.user.group.id",
+ "host.user.group.name",
+ "host.user.hash",
+ "host.user.id",
+ "host.user.name",
+ "http.request.body.content",
+ "http.request.method",
+ "http.request.referrer",
+ "http.response.body.content",
+ "http.version",
+ "log.level",
+ "log.logger",
+ "log.origin.file.name",
+ "log.origin.function",
+ "log.original",
+ "log.syslog.facility.name",
+ "log.syslog.severity.name",
+ "network.application",
+ "network.community_id",
+ "network.direction",
+ "network.iana_number",
+ "network.name",
+ "network.protocol",
+ "network.transport",
+ "network.type",
+ "observer.geo.city_name",
+ "observer.geo.continent_name",
+ "observer.geo.country_iso_code",
+ "observer.geo.country_name",
+ "observer.geo.name",
+ "observer.geo.region_iso_code",
+ "observer.geo.region_name",
+ "observer.hostname",
+ "observer.mac",
+ "observer.name",
+ "observer.os.family",
+ "observer.os.full",
+ "observer.os.kernel",
+ "observer.os.name",
+ "observer.os.platform",
+ "observer.os.version",
+ "observer.product",
+ "observer.serial_number",
+ "observer.type",
+ "observer.vendor",
+ "observer.version",
+ "organization.id",
+ "organization.name",
+ "os.family",
+ "os.full",
+ "os.kernel",
+ "os.name",
+ "os.platform",
+ "os.version",
+ "package.architecture",
+ "package.checksum",
+ "package.description",
+ "package.install_scope",
+ "package.license",
+ "package.name",
+ "package.path",
+ "package.version",
+ "process.args",
+ "text",
+ "process.executable",
+ "process.hash.md5",
+ "process.hash.sha1",
+ "process.hash.sha256",
+ "process.hash.sha512",
+ "process.name",
+ "text",
+ "text",
+ "text",
+ "text",
+ "text",
+ "process.thread.name",
+ "process.title",
+ "process.working_directory",
+ "server.address",
+ "server.as.organization.name",
+ "server.domain",
+ "server.geo.city_name",
+ "server.geo.continent_name",
+ "server.geo.country_iso_code",
+ "server.geo.country_name",
+ "server.geo.name",
+ "server.geo.region_iso_code",
+ "server.geo.region_name",
+ "server.mac",
+ "server.registered_domain",
+ "server.top_level_domain",
+ "server.user.domain",
+ "server.user.email",
+ "server.user.full_name",
+ "server.user.group.domain",
+ "server.user.group.id",
+ "server.user.group.name",
+ "server.user.hash",
+ "server.user.id",
+ "server.user.name",
+ "service.ephemeral_id",
+ "service.id",
+ "service.name",
+ "service.node.name",
+ "service.state",
+ "service.type",
+ "service.version",
+ "source.address",
+ "source.as.organization.name",
+ "source.domain",
+ "source.geo.city_name",
+ "source.geo.continent_name",
+ "source.geo.country_iso_code",
+ "source.geo.country_name",
+ "source.geo.name",
+ "source.geo.region_iso_code",
+ "source.geo.region_name",
+ "source.mac",
+ "source.registered_domain",
+ "source.top_level_domain",
+ "source.user.domain",
+ "source.user.email",
+ "source.user.full_name",
+ "source.user.group.domain",
+ "source.user.group.id",
+ "source.user.group.name",
+ "source.user.hash",
+ "source.user.id",
+ "source.user.name",
+ "threat.framework",
+ "threat.tactic.id",
+ "threat.tactic.name",
+ "threat.tactic.reference",
+ "threat.technique.id",
+ "threat.technique.name",
+ "threat.technique.reference",
+ "tracing.trace.id",
+ "tracing.transaction.id",
+ "url.domain",
+ "url.extension",
+ "url.fragment",
+ "url.full",
+ "url.original",
+ "url.password",
+ "url.path",
+ "url.query",
+ "url.registered_domain",
+ "url.scheme",
+ "url.top_level_domain",
+ "url.username",
+ "user.domain",
+ "user.email",
+ "user.full_name",
+ "user.group.domain",
+ "user.group.id",
+ "user.group.name",
+ "user.hash",
+ "user.id",
+ "user.name",
+ "user_agent.device.name",
+ "user_agent.name",
+ "text",
+ "user_agent.original",
+ "user_agent.os.family",
+ "user_agent.os.full",
+ "user_agent.os.kernel",
+ "user_agent.os.name",
+ "user_agent.os.platform",
+ "user_agent.os.version",
+ "user_agent.version",
+ "text",
+ "timeseries.instance",
+ "cloud.project.id",
+ "cloud.image.id",
+ "host.os.build",
+ "host.os.codename",
+ "kubernetes.pod.name",
+ "kubernetes.pod.uid",
+ "kubernetes.namespace",
+ "kubernetes.node.name",
+ "kubernetes.replicaset.name",
+ "kubernetes.deployment.name",
+ "kubernetes.statefulset.name",
+ "kubernetes.container.name",
+ "kubernetes.container.image",
+ "processor.name",
+ "processor.event",
+ "url.scheme",
+ "url.full",
+ "url.domain",
+ "url.path",
+ "url.query",
+ "url.fragment",
+ "http.version",
+ "http.request.method",
+ "http.request.referrer",
+ "service.name",
+ "service.version",
+ "service.environment",
+ "service.node.name",
+ "service.language.name",
+ "service.language.version",
+ "service.runtime.name",
+ "service.runtime.version",
+ "service.framework.name",
+ "service.framework.version",
+ "transaction.id",
+ "transaction.type",
+ "text",
+ "transaction.name",
+ "span.type",
+ "span.subtype",
+ "trace.id",
+ "parent.id",
+ "agent.name",
+ "agent.version",
+ "agent.ephemeral_id",
+ "container.id",
+ "kubernetes.namespace",
+ "kubernetes.node.name",
+ "kubernetes.pod.name",
+ "kubernetes.pod.uid",
+ "host.architecture",
+ "host.hostname",
+ "host.name",
+ "host.os.platform",
+ "process.args",
+ "process.title",
+ "observer.listening",
+ "observer.hostname",
+ "observer.version",
+ "observer.type",
+ "user.name",
+ "user.id",
+ "user.email",
+ "destination.address",
+ "text",
+ "user_agent.original",
+ "user_agent.name",
+ "user_agent.version",
+ "user_agent.device.name",
+ "user_agent.os.platform",
+ "user_agent.os.name",
+ "user_agent.os.full",
+ "user_agent.os.family",
+ "user_agent.os.version",
+ "user_agent.os.kernel",
+ "cloud.account.id",
+ "cloud.account.name",
+ "cloud.availability_zone",
+ "cloud.instance.id",
+ "cloud.instance.name",
+ "cloud.machine.type",
+ "cloud.project.id",
+ "cloud.project.name",
+ "cloud.provider",
+ "cloud.region",
+ "error.id",
+ "error.culprit",
+ "error.grouping_key",
+ "error.exception.code",
+ "error.exception.message",
+ "error.exception.module",
+ "error.exception.type",
+ "error.log.level",
+ "error.log.logger_name",
+ "error.log.message",
+ "error.log.param_message",
+ "profile.top.id",
+ "profile.top.function",
+ "profile.top.filename",
+ "profile.stack.id",
+ "profile.stack.function",
+ "profile.stack.filename",
+ "sourcemap.service.name",
+ "sourcemap.service.version",
+ "sourcemap.bundle_filepath",
+ "view spans",
+ "child.id",
+ "span.id",
+ "span.name",
+ "span.action",
+ "span.db.link",
+ "span.destination.service.type",
+ "span.destination.service.name",
+ "span.destination.service.resource",
+ "span.message.queue.name",
+ "transaction.result",
+ "transaction.message.queue.name",
+ "fields.*"
+ ]
+ },
+ "refresh_interval": "1ms"
+ }
+ }
+ }
+}
+
+{
+ "type": "index",
+ "value": {
+ "aliases": {
+ "apm-8.0.0-transaction": {
+ "is_write_index": true
+ }
+ },
+ "index": "apm-8.0.0-transaction-000001",
+ "mappings": {
+ "_meta": {
+ "beat": "apm",
+ "version": "8.0.0"
+ },
+ "date_detection": false,
+ "dynamic_templates": [
+ {
+ "labels": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "container.labels": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "container.labels.*"
+ }
+ },
+ {
+ "dns.answers": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "dns.answers.*"
+ }
+ },
+ {
+ "log.syslog": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "log.syslog.*"
+ }
+ },
+ {
+ "network.inner": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "network.inner.*"
+ }
+ },
+ {
+ "observer.egress": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "observer.egress.*"
+ }
+ },
+ {
+ "observer.ingress": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "observer.ingress.*"
+ }
+ },
+ {
+ "fields": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "fields.*"
+ }
+ },
+ {
+ "docker.container.labels": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "docker.container.labels.*"
+ }
+ },
+ {
+ "kubernetes.labels.*": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "path_match": "kubernetes.labels.*"
+ }
+ },
+ {
+ "kubernetes.annotations.*": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "path_match": "kubernetes.annotations.*"
+ }
+ },
+ {
+ "labels_string": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_boolean": {
+ "mapping": {
+ "type": "boolean"
+ },
+ "match_mapping_type": "boolean",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "transaction.marks": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "transaction.marks.*"
+ }
+ },
+ {
+ "transaction.marks.*.*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "transaction.marks.*.*"
+ }
+ },
+ {
+ "strings_as_keyword": {
+ "mapping": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "match_mapping_type": "string"
+ }
+ }
+ ],
+ "properties": {
+ "@timestamp": {
+ "type": "date"
+ },
+ "agent": {
+ "dynamic": "false",
+ "properties": {
+ "ephemeral_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hostname": {
+ "path": "agent.name",
+ "type": "alias"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "child": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "client": {
+ "dynamic": "false",
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "cloud": {
+ "properties": {
+ "account": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "availability_zone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "image": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "instance": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "machine": {
+ "dynamic": "false",
+ "properties": {
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "project": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "provider": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "container": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "image": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "tag": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "labels": {
+ "type": "object"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "runtime": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "destination": {
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "dll": {
+ "properties": {
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "pe": {
+ "properties": {
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "dns": {
+ "properties": {
+ "answers": {
+ "properties": {
+ "class": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "data": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ttl": {
+ "type": "long"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "header_flags": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "op_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "question": {
+ "properties": {
+ "class": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subdomain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "resolved_ip": {
+ "type": "ip"
+ },
+ "response_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "docker": {
+ "properties": {
+ "container": {
+ "properties": {
+ "labels": {
+ "type": "object"
+ }
+ }
+ }
+ }
+ },
+ "ecs": {
+ "properties": {
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "error": {
+ "dynamic": "false",
+ "properties": {
+ "code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "culprit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "exception": {
+ "properties": {
+ "code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "handled": {
+ "type": "boolean"
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "module": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "grouping_key": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "log": {
+ "properties": {
+ "level": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "logger_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "param_message": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "stack_trace": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "event": {
+ "properties": {
+ "action": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "category": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "created": {
+ "type": "date"
+ },
+ "dataset": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "duration": {
+ "type": "long"
+ },
+ "end": {
+ "type": "date"
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ingested": {
+ "type": "date"
+ },
+ "kind": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "module": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "outcome": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "provider": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "risk_score": {
+ "type": "float"
+ },
+ "risk_score_norm": {
+ "type": "float"
+ },
+ "sequence": {
+ "type": "long"
+ },
+ "severity": {
+ "type": "long"
+ },
+ "start": {
+ "type": "date"
+ },
+ "timezone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "url": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "experimental": {
+ "dynamic": "true",
+ "type": "object"
+ },
+ "fields": {
+ "type": "object"
+ },
+ "file": {
+ "properties": {
+ "accessed": {
+ "type": "date"
+ },
+ "attributes": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "created": {
+ "type": "date"
+ },
+ "ctime": {
+ "type": "date"
+ },
+ "device": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "directory": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "drive_letter": {
+ "ignore_above": 1,
+ "type": "keyword"
+ },
+ "extension": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "gid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "inode": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mime_type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mode": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mtime": {
+ "type": "date"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "owner": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "pe": {
+ "properties": {
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "size": {
+ "type": "long"
+ },
+ "target_path": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "host": {
+ "dynamic": "false",
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "containerized": {
+ "type": "boolean"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hostname": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "os": {
+ "properties": {
+ "build": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "codename": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uptime": {
+ "type": "long"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "http": {
+ "dynamic": "false",
+ "properties": {
+ "request": {
+ "properties": {
+ "body": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ },
+ "content": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "headers": {
+ "enabled": false,
+ "type": "object"
+ },
+ "method": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "referrer": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "response": {
+ "properties": {
+ "body": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ },
+ "content": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "finished": {
+ "type": "boolean"
+ },
+ "headers": {
+ "enabled": false,
+ "type": "object"
+ },
+ "status_code": {
+ "type": "long"
+ }
+ }
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "interface": {
+ "properties": {
+ "alias": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "kubernetes": {
+ "dynamic": "false",
+ "properties": {
+ "annotations": {
+ "properties": {
+ "*": {
+ "type": "object"
+ }
+ }
+ },
+ "container": {
+ "properties": {
+ "image": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "deployment": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "labels": {
+ "properties": {
+ "*": {
+ "type": "object"
+ }
+ }
+ },
+ "namespace": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "node": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pod": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "replicaset": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "statefulset": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "labels": {
+ "dynamic": "true",
+ "properties": {
+ "foo": {
+ "type": "keyword"
+ },
+ "lorem": {
+ "type": "keyword"
+ },
+ "multi-line": {
+ "type": "keyword"
+ },
+ "this-is-a-very-long-tag-name-without-any-spaces": {
+ "type": "keyword"
+ }
+ }
+ },
+ "log": {
+ "properties": {
+ "level": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "logger": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "origin": {
+ "properties": {
+ "file": {
+ "properties": {
+ "line": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "function": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "original": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "syslog": {
+ "properties": {
+ "facility": {
+ "properties": {
+ "code": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "priority": {
+ "type": "long"
+ },
+ "severity": {
+ "properties": {
+ "code": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "network": {
+ "properties": {
+ "application": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "community_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "direction": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "forwarded_ip": {
+ "type": "ip"
+ },
+ "iana_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "inner": {
+ "properties": {
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "packets": {
+ "type": "long"
+ },
+ "protocol": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "transport": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "observer": {
+ "dynamic": "false",
+ "properties": {
+ "egress": {
+ "properties": {
+ "interface": {
+ "properties": {
+ "alias": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "zone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hostname": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ingress": {
+ "properties": {
+ "interface": {
+ "properties": {
+ "alias": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "zone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "listening": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "os": {
+ "properties": {
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "serial_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "vendor": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version_major": {
+ "type": "byte"
+ }
+ }
+ },
+ "organization": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "os": {
+ "properties": {
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "package": {
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "build_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "checksum": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "install_scope": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "installed": {
+ "type": "date"
+ },
+ "license": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "size": {
+ "type": "long"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "parent": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pe": {
+ "properties": {
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "process": {
+ "dynamic": "false",
+ "properties": {
+ "args": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "args_count": {
+ "type": "long"
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "command_line": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "entity_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "executable": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "exit_code": {
+ "type": "long"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "parent": {
+ "properties": {
+ "args": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "args_count": {
+ "type": "long"
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "command_line": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "entity_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "executable": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "exit_code": {
+ "type": "long"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "pgid": {
+ "type": "long"
+ },
+ "pid": {
+ "type": "long"
+ },
+ "ppid": {
+ "type": "long"
+ },
+ "start": {
+ "type": "date"
+ },
+ "thread": {
+ "properties": {
+ "id": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "title": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uptime": {
+ "type": "long"
+ },
+ "working_directory": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pe": {
+ "properties": {
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pgid": {
+ "type": "long"
+ },
+ "pid": {
+ "type": "long"
+ },
+ "ppid": {
+ "type": "long"
+ },
+ "start": {
+ "type": "date"
+ },
+ "thread": {
+ "properties": {
+ "id": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "title": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uptime": {
+ "type": "long"
+ },
+ "working_directory": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "processor": {
+ "properties": {
+ "event": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "profile": {
+ "dynamic": "false",
+ "properties": {
+ "alloc_objects": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "alloc_space": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "cpu": {
+ "properties": {
+ "ns": {
+ "type": "long"
+ }
+ }
+ },
+ "duration": {
+ "type": "long"
+ },
+ "inuse_objects": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "inuse_space": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "samples": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "stack": {
+ "dynamic": "false",
+ "properties": {
+ "filename": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "function": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "line": {
+ "type": "long"
+ }
+ }
+ },
+ "top": {
+ "dynamic": "false",
+ "properties": {
+ "filename": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "function": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "line": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "registry": {
+ "properties": {
+ "data": {
+ "properties": {
+ "bytes": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "strings": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hive": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "key": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "value": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "related": {
+ "properties": {
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "user": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "rule": {
+ "properties": {
+ "author": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "category": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "license": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ruleset": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uuid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "server": {
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "service": {
+ "dynamic": "false",
+ "properties": {
+ "environment": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ephemeral_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "framework": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "language": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "node": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "runtime": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "state": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "source": {
+ "dynamic": "false",
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "sourcemap": {
+ "dynamic": "false",
+ "properties": {
+ "bundle_filepath": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "service": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "span": {
+ "dynamic": "false",
+ "properties": {
+ "action": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "db": {
+ "dynamic": "false",
+ "properties": {
+ "link": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "rows_affected": {
+ "type": "long"
+ }
+ }
+ },
+ "destination": {
+ "dynamic": "false",
+ "properties": {
+ "service": {
+ "dynamic": "false",
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "resource": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "duration": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "message": {
+ "dynamic": "false",
+ "properties": {
+ "age": {
+ "properties": {
+ "ms": {
+ "type": "long"
+ }
+ }
+ },
+ "queue": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "self_time": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "sum": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "start": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "subtype": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sync": {
+ "type": "boolean"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "system": {
+ "properties": {
+ "cpu": {
+ "properties": {
+ "total": {
+ "properties": {
+ "norm": {
+ "properties": {
+ "pct": {
+ "scaling_factor": 1000,
+ "type": "scaled_float"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "memory": {
+ "properties": {
+ "actual": {
+ "properties": {
+ "free": {
+ "type": "long"
+ }
+ }
+ },
+ "total": {
+ "type": "long"
+ }
+ }
+ },
+ "process": {
+ "properties": {
+ "cpu": {
+ "properties": {
+ "total": {
+ "properties": {
+ "norm": {
+ "properties": {
+ "pct": {
+ "scaling_factor": 1000,
+ "type": "scaled_float"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "memory": {
+ "properties": {
+ "rss": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "size": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "tags": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "threat": {
+ "properties": {
+ "framework": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "tactic": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "technique": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "timeseries": {
+ "properties": {
+ "instance": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "timestamp": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "tls": {
+ "properties": {
+ "cipher": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "client": {
+ "properties": {
+ "certificate": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "certificate_chain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "issuer": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ja3": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "server_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "supported_ciphers": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "curve": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "established": {
+ "type": "boolean"
+ },
+ "next_protocol": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "resumed": {
+ "type": "boolean"
+ },
+ "server": {
+ "properties": {
+ "certificate": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "certificate_chain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "issuer": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ja3s": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "subject": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version_protocol": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "trace": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "tracing": {
+ "properties": {
+ "trace": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "transaction": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "transaction": {
+ "dynamic": "false",
+ "properties": {
+ "breakdown": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "duration": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "histogram": {
+ "type": "histogram"
+ },
+ "sum": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "marks": {
+ "dynamic": "true",
+ "properties": {
+ "*": {
+ "properties": {
+ "*": {
+ "dynamic": "true",
+ "type": "object"
+ }
+ }
+ },
+ "agent": {
+ "properties": {
+ "domComplete": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "domInteractive": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "firstContentfulPaint": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "largestContentfulPaint": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "timeToFirstByte": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ }
+ }
+ },
+ "navigationTiming": {
+ "properties": {
+ "connectEnd": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "connectStart": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "domComplete": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "domContentLoadedEventEnd": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "domContentLoadedEventStart": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "domInteractive": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "domLoading": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "domainLookupEnd": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "domainLookupStart": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "fetchStart": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "loadEventEnd": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "loadEventStart": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "requestStart": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "responseEnd": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "responseStart": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ }
+ }
+ }
+ }
+ },
+ "message": {
+ "dynamic": "false",
+ "properties": {
+ "age": {
+ "properties": {
+ "ms": {
+ "type": "long"
+ }
+ }
+ },
+ "queue": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "result": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "root": {
+ "type": "boolean"
+ },
+ "sampled": {
+ "type": "boolean"
+ },
+ "self_time": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "sum": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "span_count": {
+ "properties": {
+ "dropped": {
+ "type": "long"
+ }
+ }
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "url": {
+ "dynamic": "false",
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "extension": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "fragment": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "password": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "port": {
+ "type": "long"
+ },
+ "query": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "scheme": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "username": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "user": {
+ "dynamic": "false",
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "user_agent": {
+ "dynamic": "false",
+ "properties": {
+ "device": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "os": {
+ "properties": {
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "view spans": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "vulnerability": {
+ "properties": {
+ "category": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "classification": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "enumeration": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "report_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "scanner": {
+ "properties": {
+ "vendor": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "score": {
+ "properties": {
+ "base": {
+ "type": "float"
+ },
+ "environmental": {
+ "type": "float"
+ },
+ "temporal": {
+ "type": "float"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "severity": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "settings": {
+ "index": {
+ "codec": "best_compression",
+ "lifecycle": {
+ "name": "apm-rollover-30-days",
+ "rollover_alias": "apm-8.0.0-transaction"
+ },
+ "mapping": {
+ "total_fields": {
+ "limit": "2000"
+ }
+ },
+ "number_of_replicas": "0",
+ "number_of_shards": "1",
+ "priority": "100",
+ "query": {
+ "default_field": [
+ "message",
+ "tags",
+ "agent.ephemeral_id",
+ "agent.id",
+ "agent.name",
+ "agent.type",
+ "agent.version",
+ "as.organization.name",
+ "client.address",
+ "client.as.organization.name",
+ "client.domain",
+ "client.geo.city_name",
+ "client.geo.continent_name",
+ "client.geo.country_iso_code",
+ "client.geo.country_name",
+ "client.geo.name",
+ "client.geo.region_iso_code",
+ "client.geo.region_name",
+ "client.mac",
+ "client.registered_domain",
+ "client.top_level_domain",
+ "client.user.domain",
+ "client.user.email",
+ "client.user.full_name",
+ "client.user.group.domain",
+ "client.user.group.id",
+ "client.user.group.name",
+ "client.user.hash",
+ "client.user.id",
+ "client.user.name",
+ "cloud.account.id",
+ "cloud.availability_zone",
+ "cloud.instance.id",
+ "cloud.instance.name",
+ "cloud.machine.type",
+ "cloud.provider",
+ "cloud.region",
+ "container.id",
+ "container.image.name",
+ "container.image.tag",
+ "container.name",
+ "container.runtime",
+ "destination.address",
+ "destination.as.organization.name",
+ "destination.domain",
+ "destination.geo.city_name",
+ "destination.geo.continent_name",
+ "destination.geo.country_iso_code",
+ "destination.geo.country_name",
+ "destination.geo.name",
+ "destination.geo.region_iso_code",
+ "destination.geo.region_name",
+ "destination.mac",
+ "destination.registered_domain",
+ "destination.top_level_domain",
+ "destination.user.domain",
+ "destination.user.email",
+ "destination.user.full_name",
+ "destination.user.group.domain",
+ "destination.user.group.id",
+ "destination.user.group.name",
+ "destination.user.hash",
+ "destination.user.id",
+ "destination.user.name",
+ "dns.answers.class",
+ "dns.answers.data",
+ "dns.answers.name",
+ "dns.answers.type",
+ "dns.header_flags",
+ "dns.id",
+ "dns.op_code",
+ "dns.question.class",
+ "dns.question.name",
+ "dns.question.registered_domain",
+ "dns.question.subdomain",
+ "dns.question.top_level_domain",
+ "dns.question.type",
+ "dns.response_code",
+ "dns.type",
+ "ecs.version",
+ "error.code",
+ "error.id",
+ "error.message",
+ "error.stack_trace",
+ "error.type",
+ "event.action",
+ "event.category",
+ "event.code",
+ "event.dataset",
+ "event.hash",
+ "event.id",
+ "event.kind",
+ "event.module",
+ "event.original",
+ "event.outcome",
+ "event.provider",
+ "event.timezone",
+ "event.type",
+ "file.device",
+ "file.directory",
+ "file.extension",
+ "file.gid",
+ "file.group",
+ "file.hash.md5",
+ "file.hash.sha1",
+ "file.hash.sha256",
+ "file.hash.sha512",
+ "file.inode",
+ "file.mode",
+ "file.name",
+ "file.owner",
+ "file.path",
+ "file.target_path",
+ "file.type",
+ "file.uid",
+ "geo.city_name",
+ "geo.continent_name",
+ "geo.country_iso_code",
+ "geo.country_name",
+ "geo.name",
+ "geo.region_iso_code",
+ "geo.region_name",
+ "group.domain",
+ "group.id",
+ "group.name",
+ "hash.md5",
+ "hash.sha1",
+ "hash.sha256",
+ "hash.sha512",
+ "host.architecture",
+ "host.geo.city_name",
+ "host.geo.continent_name",
+ "host.geo.country_iso_code",
+ "host.geo.country_name",
+ "host.geo.name",
+ "host.geo.region_iso_code",
+ "host.geo.region_name",
+ "host.hostname",
+ "host.id",
+ "host.mac",
+ "host.name",
+ "host.os.family",
+ "host.os.full",
+ "host.os.kernel",
+ "host.os.name",
+ "host.os.platform",
+ "host.os.version",
+ "host.type",
+ "host.user.domain",
+ "host.user.email",
+ "host.user.full_name",
+ "host.user.group.domain",
+ "host.user.group.id",
+ "host.user.group.name",
+ "host.user.hash",
+ "host.user.id",
+ "host.user.name",
+ "http.request.body.content",
+ "http.request.method",
+ "http.request.referrer",
+ "http.response.body.content",
+ "http.version",
+ "log.level",
+ "log.logger",
+ "log.origin.file.name",
+ "log.origin.function",
+ "log.original",
+ "log.syslog.facility.name",
+ "log.syslog.severity.name",
+ "network.application",
+ "network.community_id",
+ "network.direction",
+ "network.iana_number",
+ "network.name",
+ "network.protocol",
+ "network.transport",
+ "network.type",
+ "observer.geo.city_name",
+ "observer.geo.continent_name",
+ "observer.geo.country_iso_code",
+ "observer.geo.country_name",
+ "observer.geo.name",
+ "observer.geo.region_iso_code",
+ "observer.geo.region_name",
+ "observer.hostname",
+ "observer.mac",
+ "observer.name",
+ "observer.os.family",
+ "observer.os.full",
+ "observer.os.kernel",
+ "observer.os.name",
+ "observer.os.platform",
+ "observer.os.version",
+ "observer.product",
+ "observer.serial_number",
+ "observer.type",
+ "observer.vendor",
+ "observer.version",
+ "organization.id",
+ "organization.name",
+ "os.family",
+ "os.full",
+ "os.kernel",
+ "os.name",
+ "os.platform",
+ "os.version",
+ "package.architecture",
+ "package.checksum",
+ "package.description",
+ "package.install_scope",
+ "package.license",
+ "package.name",
+ "package.path",
+ "package.version",
+ "process.args",
+ "text",
+ "process.executable",
+ "process.hash.md5",
+ "process.hash.sha1",
+ "process.hash.sha256",
+ "process.hash.sha512",
+ "process.name",
+ "text",
+ "text",
+ "text",
+ "text",
+ "text",
+ "process.thread.name",
+ "process.title",
+ "process.working_directory",
+ "server.address",
+ "server.as.organization.name",
+ "server.domain",
+ "server.geo.city_name",
+ "server.geo.continent_name",
+ "server.geo.country_iso_code",
+ "server.geo.country_name",
+ "server.geo.name",
+ "server.geo.region_iso_code",
+ "server.geo.region_name",
+ "server.mac",
+ "server.registered_domain",
+ "server.top_level_domain",
+ "server.user.domain",
+ "server.user.email",
+ "server.user.full_name",
+ "server.user.group.domain",
+ "server.user.group.id",
+ "server.user.group.name",
+ "server.user.hash",
+ "server.user.id",
+ "server.user.name",
+ "service.ephemeral_id",
+ "service.id",
+ "service.name",
+ "service.node.name",
+ "service.state",
+ "service.type",
+ "service.version",
+ "source.address",
+ "source.as.organization.name",
+ "source.domain",
+ "source.geo.city_name",
+ "source.geo.continent_name",
+ "source.geo.country_iso_code",
+ "source.geo.country_name",
+ "source.geo.name",
+ "source.geo.region_iso_code",
+ "source.geo.region_name",
+ "source.mac",
+ "source.registered_domain",
+ "source.top_level_domain",
+ "source.user.domain",
+ "source.user.email",
+ "source.user.full_name",
+ "source.user.group.domain",
+ "source.user.group.id",
+ "source.user.group.name",
+ "source.user.hash",
+ "source.user.id",
+ "source.user.name",
+ "threat.framework",
+ "threat.tactic.id",
+ "threat.tactic.name",
+ "threat.tactic.reference",
+ "threat.technique.id",
+ "threat.technique.name",
+ "threat.technique.reference",
+ "tracing.trace.id",
+ "tracing.transaction.id",
+ "url.domain",
+ "url.extension",
+ "url.fragment",
+ "url.full",
+ "url.original",
+ "url.password",
+ "url.path",
+ "url.query",
+ "url.registered_domain",
+ "url.scheme",
+ "url.top_level_domain",
+ "url.username",
+ "user.domain",
+ "user.email",
+ "user.full_name",
+ "user.group.domain",
+ "user.group.id",
+ "user.group.name",
+ "user.hash",
+ "user.id",
+ "user.name",
+ "user_agent.device.name",
+ "user_agent.name",
+ "text",
+ "user_agent.original",
+ "user_agent.os.family",
+ "user_agent.os.full",
+ "user_agent.os.kernel",
+ "user_agent.os.name",
+ "user_agent.os.platform",
+ "user_agent.os.version",
+ "user_agent.version",
+ "text",
+ "timeseries.instance",
+ "cloud.project.id",
+ "cloud.image.id",
+ "host.os.build",
+ "host.os.codename",
+ "kubernetes.pod.name",
+ "kubernetes.pod.uid",
+ "kubernetes.namespace",
+ "kubernetes.node.name",
+ "kubernetes.replicaset.name",
+ "kubernetes.deployment.name",
+ "kubernetes.statefulset.name",
+ "kubernetes.container.name",
+ "kubernetes.container.image",
+ "processor.name",
+ "processor.event",
+ "url.scheme",
+ "url.full",
+ "url.domain",
+ "url.path",
+ "url.query",
+ "url.fragment",
+ "http.version",
+ "http.request.method",
+ "http.request.referrer",
+ "service.name",
+ "service.version",
+ "service.environment",
+ "service.node.name",
+ "service.language.name",
+ "service.language.version",
+ "service.runtime.name",
+ "service.runtime.version",
+ "service.framework.name",
+ "service.framework.version",
+ "transaction.id",
+ "transaction.type",
+ "text",
+ "transaction.name",
+ "span.type",
+ "span.subtype",
+ "trace.id",
+ "parent.id",
+ "agent.name",
+ "agent.version",
+ "agent.ephemeral_id",
+ "container.id",
+ "kubernetes.namespace",
+ "kubernetes.node.name",
+ "kubernetes.pod.name",
+ "kubernetes.pod.uid",
+ "host.architecture",
+ "host.hostname",
+ "host.name",
+ "host.os.platform",
+ "process.args",
+ "process.title",
+ "observer.listening",
+ "observer.hostname",
+ "observer.version",
+ "observer.type",
+ "user.name",
+ "user.id",
+ "user.email",
+ "destination.address",
+ "text",
+ "user_agent.original",
+ "user_agent.name",
+ "user_agent.version",
+ "user_agent.device.name",
+ "user_agent.os.platform",
+ "user_agent.os.name",
+ "user_agent.os.full",
+ "user_agent.os.family",
+ "user_agent.os.version",
+ "user_agent.os.kernel",
+ "cloud.account.id",
+ "cloud.account.name",
+ "cloud.availability_zone",
+ "cloud.instance.id",
+ "cloud.instance.name",
+ "cloud.machine.type",
+ "cloud.project.id",
+ "cloud.project.name",
+ "cloud.provider",
+ "cloud.region",
+ "error.id",
+ "error.culprit",
+ "error.grouping_key",
+ "error.exception.code",
+ "error.exception.message",
+ "error.exception.module",
+ "error.exception.type",
+ "error.log.level",
+ "error.log.logger_name",
+ "error.log.message",
+ "error.log.param_message",
+ "profile.top.id",
+ "profile.top.function",
+ "profile.top.filename",
+ "profile.stack.id",
+ "profile.stack.function",
+ "profile.stack.filename",
+ "sourcemap.service.name",
+ "sourcemap.service.version",
+ "sourcemap.bundle_filepath",
+ "view spans",
+ "child.id",
+ "span.id",
+ "span.name",
+ "span.action",
+ "span.db.link",
+ "span.destination.service.type",
+ "span.destination.service.name",
+ "span.destination.service.resource",
+ "span.message.queue.name",
+ "transaction.result",
+ "transaction.message.queue.name",
+ "fields.*"
+ ]
+ },
+ "refresh_interval": "1ms"
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/x-pack/test/apm_api_integration/trial/tests/annotations.ts b/x-pack/test/apm_api_integration/trial/tests/annotations.ts
index d5b6b8342e5ab..cd78f0ff7b88d 100644
--- a/x-pack/test/apm_api_integration/trial/tests/annotations.ts
+++ b/x-pack/test/apm_api_integration/trial/tests/annotations.ts
@@ -11,7 +11,6 @@ import { FtrProviderContext } from '../../common/ftr_provider_context';
const DEFAULT_INDEX_NAME = 'observability-annotations';
-// eslint-disable-next-line import/no-default-export
export default function annotationApiTests({ getService }: FtrProviderContext) {
const supertestRead = getService('supertestAsApmReadUser');
const supertestWrite = getService('supertestAsApmAnnotationsWriteUser');
diff --git a/x-pack/test/apm_api_integration/trial/tests/index.ts b/x-pack/test/apm_api_integration/trial/tests/index.ts
index 316854931d11c..1a00f7e2df9e8 100644
--- a/x-pack/test/apm_api_integration/trial/tests/index.ts
+++ b/x-pack/test/apm_api_integration/trial/tests/index.ts
@@ -6,10 +6,10 @@
import { FtrProviderContext } from '../../../api_integration/ftr_provider_context';
-// eslint-disable-next-line import/no-default-export
export default function observabilityApiIntegrationTests({ loadTestFile }: FtrProviderContext) {
describe('APM specs (trial)', function () {
this.tags('ciGroup1');
loadTestFile(require.resolve('./annotations'));
+ loadTestFile(require.resolve('./service_maps'));
});
}
diff --git a/x-pack/test/apm_api_integration/trial/tests/service_maps.ts b/x-pack/test/apm_api_integration/trial/tests/service_maps.ts
new file mode 100644
index 0000000000000..a2ba9b5bc2e30
--- /dev/null
+++ b/x-pack/test/apm_api_integration/trial/tests/service_maps.ts
@@ -0,0 +1,261 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import expect from '@kbn/expect';
+import { FtrProviderContext } from '../../common/ftr_provider_context';
+
+export default function serviceMapsApiTests({ getService }: FtrProviderContext) {
+ const supertest = getService('supertest');
+ const esArchiver = getService('esArchiver');
+
+ describe('Service Maps', () => {
+ describe('when there is no data', () => {
+ it('returns empty list', async () => {
+ const response = await supertest.get(
+ '/api/apm/service-map?start=2020-06-28T10%3A24%3A46.055Z&end=2020-06-29T10%3A24%3A46.055Z'
+ );
+
+ expect(response.status).to.be(200);
+ expect(response.body).to.eql({ elements: [] });
+ });
+ });
+
+ describe('when there is data', () => {
+ before(() => esArchiver.load('8.0.0'));
+ after(() => esArchiver.unload('8.0.0'));
+
+ it('returns service map elements', async () => {
+ const response = await supertest.get(
+ '/api/apm/service-map?start=2020-06-28T10%3A24%3A46.055Z&end=2020-06-29T10%3A24%3A46.055Z'
+ );
+
+ expect(response.status).to.be(200);
+
+ expect(response.body).to.eql({
+ elements: [
+ {
+ data: {
+ source: 'client',
+ target: 'opbeans-node',
+ id: 'client~opbeans-node',
+ sourceData: {
+ id: 'client',
+ 'service.name': 'client',
+ 'agent.name': 'rum-js',
+ },
+ targetData: {
+ id: 'opbeans-node',
+ 'service.environment': 'production',
+ 'service.name': 'opbeans-node',
+ 'agent.name': 'nodejs',
+ },
+ },
+ },
+ {
+ data: {
+ source: 'opbeans-java',
+ target: '>opbeans-java:3000',
+ id: 'opbeans-java~>opbeans-java:3000',
+ sourceData: {
+ id: 'opbeans-java',
+ 'service.environment': 'production',
+ 'service.name': 'opbeans-java',
+ 'agent.name': 'java',
+ },
+ targetData: {
+ 'span.subtype': 'http',
+ 'span.destination.service.resource': 'opbeans-java:3000',
+ 'span.type': 'external',
+ id: '>opbeans-java:3000',
+ label: 'opbeans-java:3000',
+ },
+ },
+ },
+ {
+ data: {
+ source: 'opbeans-java',
+ target: '>postgresql',
+ id: 'opbeans-java~>postgresql',
+ sourceData: {
+ id: 'opbeans-java',
+ 'service.environment': 'production',
+ 'service.name': 'opbeans-java',
+ 'agent.name': 'java',
+ },
+ targetData: {
+ 'span.subtype': 'postgresql',
+ 'span.destination.service.resource': 'postgresql',
+ 'span.type': 'db',
+ id: '>postgresql',
+ label: 'postgresql',
+ },
+ },
+ },
+ {
+ data: {
+ source: 'opbeans-java',
+ target: 'opbeans-node',
+ id: 'opbeans-java~opbeans-node',
+ sourceData: {
+ id: 'opbeans-java',
+ 'service.environment': 'production',
+ 'service.name': 'opbeans-java',
+ 'agent.name': 'java',
+ },
+ targetData: {
+ id: 'opbeans-node',
+ 'service.environment': 'production',
+ 'service.name': 'opbeans-node',
+ 'agent.name': 'nodejs',
+ },
+ bidirectional: true,
+ },
+ },
+ {
+ data: {
+ source: 'opbeans-node',
+ target: '>93.184.216.34:80',
+ id: 'opbeans-node~>93.184.216.34:80',
+ sourceData: {
+ id: 'opbeans-node',
+ 'service.environment': 'production',
+ 'service.name': 'opbeans-node',
+ 'agent.name': 'nodejs',
+ },
+ targetData: {
+ 'span.subtype': 'http',
+ 'span.destination.service.resource': '93.184.216.34:80',
+ 'span.type': 'external',
+ id: '>93.184.216.34:80',
+ label: '93.184.216.34:80',
+ },
+ },
+ },
+ {
+ data: {
+ source: 'opbeans-node',
+ target: '>postgresql',
+ id: 'opbeans-node~>postgresql',
+ sourceData: {
+ id: 'opbeans-node',
+ 'service.environment': 'production',
+ 'service.name': 'opbeans-node',
+ 'agent.name': 'nodejs',
+ },
+ targetData: {
+ 'span.subtype': 'postgresql',
+ 'span.destination.service.resource': 'postgresql',
+ 'span.type': 'db',
+ id: '>postgresql',
+ label: 'postgresql',
+ },
+ },
+ },
+ {
+ data: {
+ source: 'opbeans-node',
+ target: '>redis',
+ id: 'opbeans-node~>redis',
+ sourceData: {
+ id: 'opbeans-node',
+ 'service.environment': 'production',
+ 'service.name': 'opbeans-node',
+ 'agent.name': 'nodejs',
+ },
+ targetData: {
+ 'span.subtype': 'redis',
+ 'span.destination.service.resource': 'redis',
+ 'span.type': 'cache',
+ id: '>redis',
+ label: 'redis',
+ },
+ },
+ },
+ {
+ data: {
+ source: 'opbeans-node',
+ target: 'opbeans-java',
+ id: 'opbeans-node~opbeans-java',
+ sourceData: {
+ id: 'opbeans-node',
+ 'service.environment': 'production',
+ 'service.name': 'opbeans-node',
+ 'agent.name': 'nodejs',
+ },
+ targetData: {
+ id: 'opbeans-java',
+ 'service.environment': 'production',
+ 'service.name': 'opbeans-java',
+ 'agent.name': 'java',
+ },
+ isInverseEdge: true,
+ },
+ },
+ {
+ data: {
+ id: 'opbeans-java',
+ 'service.environment': 'production',
+ 'service.name': 'opbeans-java',
+ 'agent.name': 'java',
+ },
+ },
+ {
+ data: {
+ id: 'opbeans-node',
+ 'service.environment': 'production',
+ 'service.name': 'opbeans-node',
+ 'agent.name': 'nodejs',
+ },
+ },
+ {
+ data: {
+ 'span.subtype': 'http',
+ 'span.destination.service.resource': 'opbeans-java:3000',
+ 'span.type': 'external',
+ id: '>opbeans-java:3000',
+ label: 'opbeans-java:3000',
+ },
+ },
+ {
+ data: {
+ id: 'client',
+ 'service.name': 'client',
+ 'agent.name': 'rum-js',
+ },
+ },
+ {
+ data: {
+ 'span.subtype': 'redis',
+ 'span.destination.service.resource': 'redis',
+ 'span.type': 'cache',
+ id: '>redis',
+ label: 'redis',
+ },
+ },
+ {
+ data: {
+ 'span.subtype': 'postgresql',
+ 'span.destination.service.resource': 'postgresql',
+ 'span.type': 'db',
+ id: '>postgresql',
+ label: 'postgresql',
+ },
+ },
+ {
+ data: {
+ 'span.subtype': 'http',
+ 'span.destination.service.resource': '93.184.216.34:80',
+ 'span.type': 'external',
+ id: '>93.184.216.34:80',
+ label: '93.184.216.34:80',
+ },
+ },
+ ],
+ });
+ });
+ });
+ });
+}
diff --git a/x-pack/test_utils/jest/config.integration.js b/x-pack/test_utils/jest/config.integration.js
index 033c948c3c034..03917d34ab09c 100644
--- a/x-pack/test_utils/jest/config.integration.js
+++ b/x-pack/test_utils/jest/config.integration.js
@@ -10,9 +10,9 @@ import config from './config';
export default {
...config,
testMatch: [
- `**/${RESERVED_DIR_JEST_INTEGRATION_TESTS}/**/*.test.{js,ts,tsx}`,
+ `**/${RESERVED_DIR_JEST_INTEGRATION_TESTS}/**/*.test.{js,mjs,ts,tsx}`,
// Tests within `__jest__` directories should be treated as regular unit tests.
- `!**/__jest__/${RESERVED_DIR_JEST_INTEGRATION_TESTS}/**/*.test.{js,ts,tsx}`,
+ `!**/__jest__/${RESERVED_DIR_JEST_INTEGRATION_TESTS}/**/*.test.{js,mjs,ts,tsx}`,
],
testPathIgnorePatterns: config.testPathIgnorePatterns.filter(
(pattern) => !pattern.includes(RESERVED_DIR_JEST_INTEGRATION_TESTS)
diff --git a/x-pack/test_utils/jest/config.js b/x-pack/test_utils/jest/config.js
index adee510ef2846..7bb073023b7f8 100644
--- a/x-pack/test_utils/jest/config.js
+++ b/x-pack/test_utils/jest/config.js
@@ -29,10 +29,10 @@ export default {
],
coverageDirectory: '/../target/kibana-coverage/jest',
coverageReporters: ['html'],
- moduleFileExtensions: ['js', 'json', 'ts', 'tsx', 'node'],
+ moduleFileExtensions: ['js', 'mjs', 'json', 'ts', 'tsx', 'node'],
modulePathIgnorePatterns: ['__fixtures__/', 'target/'],
testEnvironment: 'jest-environment-jsdom-thirteen',
- testMatch: ['**/*.test.{js,ts,tsx}'],
+ testMatch: ['**/*.test.{js,mjs,ts,tsx}'],
testPathIgnorePatterns: [
'/packages/kbn-ui-framework/(dist|doc_site|generator-kui)/',
'/packages/kbn-pm/dist/',