diff --git a/index templates/fortisandbox-3.2.0 b/index templates/fortisandbox-3.2.0 index 9e9eeac..2c15ad0 100644 --- a/index templates/fortisandbox-3.2.0 +++ b/index templates/fortisandbox-3.2.0 @@ -4,155 +4,89 @@ PUT _template/fortisandbox-3.2.0?include_type_name "index_patterns": [ "*-fortisandbox-*" ], - "settings": {}, "aliases": {}, "mappings": { "_doc": { - "_routing": { - "required": false + "dynamic": true, + "numeric_detection": true, + "date_detection": true, + "dynamic_date_formats": [ + "strict_date_optional_time", + "yyyy/MM/dd HH:mm:ss Z||yyyy/MM/dd Z" + ], + "_source": { + "enabled": true, + "includes": [], + "excludes": [] }, - "numeric_detection": false, "_meta": { "observer": { "product": "Fortisandbox", "vendor": "Fortinet" }, - "fields_removed": [], "version": "3.2.0" }, - "dynamic": true, - "_source": { - "excludes": [], - "includes": [], - "enabled": true + "_routing": { + "required": false }, - "dynamic_templates": [ - { - "labels": { - "path_match": "labels.*", - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string" - } - }, - { - "fields": { - "path_match": "fields.*", - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string" - } - }, - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - }, - { - "undefined_string_fields": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string" - } - }, - { - "no_doc_values": { - "mapping": { - "type": "{dynamic_type}" - }, - "match_mapping_type": "*" - } - } - ], - "date_detection": false, + "dynamic_templates": [], "properties": { - "jobcount": { - "type": "long" - }, - "scaned": { - "type": "long" - }, - "srcip": { - "type": "ip" - }, - "dstport": { - "type": "long" + "@timestamp": { + "type": "date" }, - "pid": { - "type": "long" + "@version": { + "type": "keyword" }, - "stime": { - "type": "long" + "attackid": { + "type": "keyword" }, "cip": { "type": "ip" }, - "scanstart": { - "type": "long" - }, - "trueclient": { - "type": "ip" + "cloneidx": { + "type": "keyword" }, - "virusid": { - "type": "long" + "cport": { + "type": "keyword" }, - "@version": { + "dbid": { "type": "keyword" }, "dstip": { "type": "ip" }, - "sip": { - "type": "ip" - }, - "cloneidx": { - "type": "long" - }, - "letype": { - "type": "long" - }, - "sizebin": { - "type": "long" - }, "ip": { "type": "ip" }, - "sizeconf": { - "type": "long" + "jobid": { + "type": "keyword" }, - "index": { - "type": "long" + "logid": { + "type": "keyword" }, - "@timestamp": { - "type": "date" + "pid": { + "type": "keyword" }, - "pidstatus": { - "type": "long" + "retcode": { + "type": "keyword" }, - "dbid": { - "type": "long" + "sid": { + "type": "keyword" }, - "etime": { - "type": "long" + "sip": { + "type": "ip" }, - "srcport": { - "type": "long" + "sport": { + "type": "keyword" }, - "tzone": { - "type": "long" + "srcip": { + "type": "ip" }, - "attackid": { - "type": "long" + "trueclient": { + "type": "ip" }, - "retcode": { - "type": "long" + "virusid": { + "type": "keyword" } } }