From eff3d3a0d326f37773bcc46ba4f25739c5e1a9c9 Mon Sep 17 00:00:00 2001 From: mips81 Date: Fri, 13 Jul 2018 15:20:36 +0200 Subject: [PATCH] Replace all keyword by string It work now!!! --- .../pfsense_custom_template | 331 +++++++++--------- 1 file changed, 167 insertions(+), 164 deletions(-) diff --git a/Elasticsearch_pfsense_custom_template/pfsense_custom_template b/Elasticsearch_pfsense_custom_template/pfsense_custom_template index 1423dc3..2a36a02 100644 --- a/Elasticsearch_pfsense_custom_template/pfsense_custom_template +++ b/Elasticsearch_pfsense_custom_template/pfsense_custom_template @@ -16,243 +16,246 @@ }, "mappings": { "message": { - "properties": { - "PFSENSE_ICMP_DATA": { - "type": "keyword" + "_source": { + "enabled": true + }, + "dynamic_templates": [ + { + "internal_fields": { + "mapping": { + "type": "keyword" + }, + "match": "gl2_*" + } }, - "PFSENSE_ICMP_ECHO_REQ_REPLY": { - "type": "keyword" + { + "store_generic": { + "mapping": { + "index": "not_analyzed" + }, + "match": "*" + } + } + ], + "properties": { + "reason": { + "type": "string" }, - "PFSENSE_ICMP_RESPONSE": { - "type": "keyword" + "PFSENSE_UDP_DATA": { + "type": "string" }, - "PFSENSE_ICMP_TYPE": { - "type": "keyword" + "gl2_remote_ip": { + "type": "string" }, - "PFSENSE_ICMP_UNREACHPORT": { - "type": "keyword" + "gl2_remote_port": { + "type": "string" }, - "PFSENSE_IGMP_DATA": { - "type": "keyword" + "icmp_unreachport_dest_ip": { + "type": "string" }, - "PFSENSE_IP_DATA": { - "type": "keyword" + "icmp_unreachport_protocol": { + "type": "string" }, - "PFSENSE_IP_SPECIFIC_DATA": { - "type": "keyword" + "source": { + "analyzer": "analyzer_keyword", + "index": "analyzed", + "type": "string" }, - "PFSENSE_IPv4_SPECIFIC_DATA": { - "type": "keyword" + "dest_ip_geolocation": { + "copy_to": "dst_location", + "type": "string" }, - "PFSENSE_LOG_DATA": { - "type": "keyword" + "gl2_source_input": { + "type": "string" }, - "PFSENSE_LOG_ENTRY": { - "type": "keyword" + "PFSENSE_ICMP_ECHO_REQ_REPLY": { + "type": "string" }, "PFSENSE_PROTOCOL_DATA": { - "type": "keyword" + "type": "string" }, - "PFSENSE_TCP_DATA": { - "type": "keyword" + "ack_number": { + "type": "string" }, - "PFSENSE_UDP_DATA": { - "type": "keyword" + "ip_ver": { + "type": "string" }, - "ack_number": { - "type": "keyword" + "ecn": { + "type": "string" }, - "action": { - "type": "keyword" + "dest_ip_city_name": { + "type": "string" }, - "data_length": { - "type": "keyword" + "tcp_flags": { + "type": "string" }, - "dest_ip": { - "type": "keyword" + "PFSENSE_ICMP_UNREACHPORT": { + "type": "string" }, - "dest_ip_city_name": { - "type": "keyword" + "src_ip_city_name": { + "type": "string" }, - "dest_ip_country_code": { - "type": "keyword" + "PFSENSE_ICMP_DATA": { + "type": "string" }, - "dest_ip_geolocation": { - "type": "text", - "copy_to": "dst_location" + "action": { + "type": "string" }, - "dst_location": { - "type": "geo_point" + "gl2_source_node": { + "type": "string" + }, + "src_ip_geolocation": { + "copy_to": "src_location", + "type": "string" + }, + "id": { + "type": "string" }, "dest_port": { - "type": "keyword" + "type": "string" }, - "direction": { - "type": "keyword" + "PFSENSE_IGMP_DATA": { + "type": "string" }, - "ecn": { - "type": "keyword" + "offset": { + "type": "string" }, - "facility": { - "type": "keyword" + "level": { + "type": "long" }, - "flags": { - "type": "keyword" + "streams": { + "index": "not_analyzed", + "type": "string" }, - "full_message": { - "type": "text", - "analyzer": "standard" + "PFSENSE_TCP_DATA": { + "type": "string" }, - "gl2_remote_ip": { - "type": "keyword" + "PFSENSE_ICMP_RESPONSE": { + "type": "string" }, - "gl2_remote_port": { - "type": "keyword" + "icmp_unreachport_dest_ip_geolocation": { + "type": "string" }, - "gl2_source_input": { - "type": "keyword" + "PFSENSE_ICMP_TYPE": { + "type": "string" }, - "gl2_source_node": { - "type": "keyword" + "iface": { + "type": "string" + }, + "tcp_window": { + "type": "string" + }, + "icmp_unreachport_port": { + "type": "string" }, "icmp_echo_id": { - "type": "keyword" + "type": "string" }, - "icmp_echo_sequence": { - "type": "keyword" + "dest_ip": { + "type": "string" }, - "icmp_type": { - "type": "keyword" + "proto": { + "type": "string" }, - "icmp_unreachport_dest_ip": { - "type": "keyword" + "PFSENSE_LOG_DATA": { + "type": "string" }, - "icmp_unreachport_dest_ip_city_name": { - "type": "keyword" + "icmp_type": { + "type": "string" }, - "icmp_unreachport_dest_ip_country_code": { - "type": "keyword" + "PFSENSE_IPv4_SPECIFIC_DATA": { + "type": "string" }, - "icmp_unreachport_dest_ip_geolocation": { - "type": "keyword" + "flags": { + "type": "string" }, - "icmp_unreachport_port": { - "type": "keyword" + "rule": { + "type": "string" }, - "icmp_unreachport_protocol": { - "type": "keyword" + "icmp_unreachport_dest_ip_city_name": { + "type": "string" }, - "id": { - "type": "keyword" + "PFSENSE_IP_DATA": { + "type": "string" }, - "iface": { - "type": "keyword" + "tcp_options": { + "type": "string" }, - "ip_ver": { - "type": "keyword" + "PFSENSE_IP_SPECIFIC_DATA": { + "type": "string" }, - "length": { - "type": "keyword" + "src_ip": { + "type": "string" }, - "level": { - "type": "long" + "PFSENSE_LOG_ENTRY": { + "type": "string" }, - "message": { - "type": "text", - "analyzer": "standard" + "proto_id": { + "type": "string" }, - "offset": { - "type": "keyword" + "tracker": { + "type": "string" }, - "proto": { - "type": "keyword" + "tos": { + "type": "string" }, - "proto_id": { - "type": "keyword" + "timestamp": { + "format": "yyyy-MM-dd HH:mm:ss.SSS", + "type": "date" }, - "reason": { - "type": "keyword" + "direction": { + "type": "string" }, - "rule": { - "type": "keyword" + "data_length": { + "type": "string" }, - "sequence_number": { - "type": "keyword" + "length": { + "type": "string" }, - "source": { - "type": "text", - "analyzer": "analyzer_keyword", - "fielddata": true + "message": { + "analyzer": "standard", + "index": "analyzed", + "type": "string" }, - "src_ip": { - "type": "keyword" + "icmp_unreachport_dest_ip_country_code": { + "type": "string" }, - "src_ip_city_name": { - "type": "keyword" + "ttl": { + "type": "string" }, - "src_ip_country_code": { - "type": "keyword" + "icmp_echo_sequence": { + "type": "string" }, - "src_ip_geolocation": { - "type": "string", - "copy_to": "src_location" + "sequence_number": { + "type": "string" }, "src_location": { "type": "geo_point" }, "src_port": { - "type": "keyword" + "type": "string" }, - "streams": { - "type": "keyword" + "dest_ip_country_code": { + "type": "string" }, - "tcp_flags": { - "type": "keyword" + "dst_location": { + "type": "geo_point" }, - "tcp_options": { - "type": "keyword" + "src_ip_country_code": { + "type": "string" }, - "tcp_window": { - "type": "keyword" + "full_message": { + "analyzer": "standard", + "index": "analyzed", + "type": "string" }, - "timestamp": { - "type": "date", - "format": "yyyy-MM-dd HH:mm:ss.SSS" + "facility": { + "type": "string" }, "real_timestamp": { - "type": "date", - "format": "yyyy-MM-dd HH:mm:ss" - }, - "tos": { - "type": "keyword" - }, - "tracker": { - "type": "keyword" - }, - "ttl": { - "type": "keyword" + "format": "yyyy-MM-dd HH:mm:ss", + "type": "date" } - }, - "dynamic_templates": [ - { - "internal_fields": { - "match": "gl2_*", - "mapping": { - "type": "keyword" - } - } - }, - { - "store_generic": { - "match": "*", - "mapping": { - "index": "not_analyzed" - } - } - } - ], - "_source": { - "enabled": true } } },