diff --git a/docs/fields/field-details.asciidoc b/docs/fields/field-details.asciidoc index 31273d8c4b..3d817d46ce 100644 --- a/docs/fields/field-details.asciidoc +++ b/docs/fields/field-details.asciidoc @@ -8128,6 +8128,9 @@ type: keyword Multi-fields: +* process.executable.caseless (type: keyword) + + * process.executable.text (type: match_only_text) @@ -8343,6 +8346,9 @@ type: keyword Multi-fields: +* process.name.caseless (type: keyword) + + * process.name.text (type: match_only_text) diff --git a/experimental/generated/beats/fields.ecs.yml b/experimental/generated/beats/fields.ecs.yml index 61e5088661..aabb880e6c 100644 --- a/experimental/generated/beats/fields.ecs.yml +++ b/experimental/generated/beats/fields.ecs.yml @@ -5175,6 +5175,10 @@ type: keyword ignore_above: 1024 multi_fields: + - name: caseless + type: keyword + normalizer: lowercase + ignore_above: 1024 - name: text type: match_only_text description: Absolute path to the process executable. @@ -5213,6 +5217,10 @@ type: keyword ignore_above: 1024 multi_fields: + - name: caseless + type: keyword + normalizer: lowercase + ignore_above: 1024 - name: text type: match_only_text description: 'Process name. @@ -5482,6 +5490,11 @@ type: keyword ignore_above: 1024 multi_fields: + - name: caseless + type: keyword + normalizer: lowercase + ignore_above: 1024 + default_field: false - name: text type: match_only_text default_field: false @@ -5548,6 +5561,10 @@ type: keyword ignore_above: 1024 multi_fields: + - name: caseless + type: keyword + normalizer: lowercase + ignore_above: 1024 - name: text type: match_only_text description: Absolute path to the process executable. @@ -5586,6 +5603,10 @@ type: keyword ignore_above: 1024 multi_fields: + - name: caseless + type: keyword + normalizer: lowercase + ignore_above: 1024 - name: text type: match_only_text description: 'Process name. @@ -6000,6 +6021,11 @@ type: keyword ignore_above: 1024 multi_fields: + - name: caseless + type: keyword + normalizer: lowercase + ignore_above: 1024 + default_field: false - name: text type: match_only_text default_field: false @@ -6389,6 +6415,10 @@ type: keyword ignore_above: 1024 multi_fields: + - name: caseless + type: keyword + normalizer: lowercase + ignore_above: 1024 - name: text type: match_only_text description: Absolute path to the process executable. @@ -6632,6 +6662,10 @@ type: keyword ignore_above: 1024 multi_fields: + - name: caseless + type: keyword + normalizer: lowercase + ignore_above: 1024 - name: text type: match_only_text description: 'Process name. @@ -7218,6 +7252,10 @@ type: keyword ignore_above: 1024 multi_fields: + - name: caseless + type: keyword + normalizer: lowercase + ignore_above: 1024 - name: text type: match_only_text description: Absolute path to the process executable. @@ -7333,6 +7371,10 @@ type: keyword ignore_above: 1024 multi_fields: + - name: caseless + type: keyword + normalizer: lowercase + ignore_above: 1024 - name: text type: match_only_text description: Absolute path to the process executable. @@ -7371,6 +7413,10 @@ type: keyword ignore_above: 1024 multi_fields: + - name: caseless + type: keyword + normalizer: lowercase + ignore_above: 1024 - name: text type: match_only_text description: 'Process name. diff --git a/experimental/generated/csv/fields.csv b/experimental/generated/csv/fields.csv index 360d885076..e31bcc9abf 100644 --- a/experimental/generated/csv/fields.csv +++ b/experimental/generated/csv/fields.csv @@ -648,11 +648,13 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev+exp,true,process,process.entry_leader.entry_meta.source.ip,ip,core,,,IP address of the source. 8.12.0-dev+exp,true,process,process.entry_leader.entry_meta.type,keyword,extended,,,The entry type for the entry session leader. 8.12.0-dev+exp,true,process,process.entry_leader.executable,keyword,extended,,/usr/bin/ssh,Absolute path to the process executable. +8.12.0-dev+exp,true,process,process.entry_leader.executable.caseless,keyword,extended,,/usr/bin/ssh,Absolute path to the process executable. 8.12.0-dev+exp,true,process,process.entry_leader.executable.text,match_only_text,extended,,/usr/bin/ssh,Absolute path to the process executable. 8.12.0-dev+exp,true,process,process.entry_leader.group.id,keyword,extended,,,Unique identifier for the group on the system/platform. 8.12.0-dev+exp,true,process,process.entry_leader.group.name,keyword,extended,,,Name of the group. 8.12.0-dev+exp,true,process,process.entry_leader.interactive,boolean,extended,,True,Whether the process is connected to an interactive shell. 8.12.0-dev+exp,true,process,process.entry_leader.name,keyword,extended,,ssh,Process name. +8.12.0-dev+exp,true,process,process.entry_leader.name.caseless,keyword,extended,,ssh,Process name. 8.12.0-dev+exp,true,process,process.entry_leader.name.text,match_only_text,extended,,ssh,Process name. 8.12.0-dev+exp,true,process,process.entry_leader.parent.entity_id,keyword,extended,,c2c455d9f99375d,Unique identifier for the process. 8.12.0-dev+exp,true,process,process.entry_leader.parent.pid,long,core,,4242,Process id. @@ -688,6 +690,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev+exp,true,process,process.entry_leader.working_directory.text,match_only_text,extended,,/home/alice,The working directory of the process. 8.12.0-dev+exp,true,process,process.env_vars,keyword,extended,array,"[""PATH=/usr/local/bin:/usr/bin"", ""USER=ubuntu""]",Array of environment variable bindings. 8.12.0-dev+exp,true,process,process.executable,keyword,extended,,/usr/bin/ssh,Absolute path to the process executable. +8.12.0-dev+exp,true,process,process.executable.caseless,keyword,extended,,/usr/bin/ssh,Absolute path to the process executable. 8.12.0-dev+exp,true,process,process.executable.text,match_only_text,extended,,/usr/bin/ssh,Absolute path to the process executable. 8.12.0-dev+exp,true,process,process.exit_code,long,extended,,137,The exit code of the process. 8.12.0-dev+exp,true,process,process.group_leader.args,keyword,extended,array,"[""/usr/bin/ssh"", ""-l"", ""user"", ""10.0.0.16""]",Array of process arguments. @@ -696,11 +699,13 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev+exp,true,process,process.group_leader.command_line.text,match_only_text,extended,,/usr/bin/ssh -l user 10.0.0.16,Full command line that started the process. 8.12.0-dev+exp,true,process,process.group_leader.entity_id,keyword,extended,,c2c455d9f99375d,Unique identifier for the process. 8.12.0-dev+exp,true,process,process.group_leader.executable,keyword,extended,,/usr/bin/ssh,Absolute path to the process executable. +8.12.0-dev+exp,true,process,process.group_leader.executable.caseless,keyword,extended,,/usr/bin/ssh,Absolute path to the process executable. 8.12.0-dev+exp,true,process,process.group_leader.executable.text,match_only_text,extended,,/usr/bin/ssh,Absolute path to the process executable. 8.12.0-dev+exp,true,process,process.group_leader.group.id,keyword,extended,,,Unique identifier for the group on the system/platform. 8.12.0-dev+exp,true,process,process.group_leader.group.name,keyword,extended,,,Name of the group. 8.12.0-dev+exp,true,process,process.group_leader.interactive,boolean,extended,,True,Whether the process is connected to an interactive shell. 8.12.0-dev+exp,true,process,process.group_leader.name,keyword,extended,,ssh,Process name. +8.12.0-dev+exp,true,process,process.group_leader.name.caseless,keyword,extended,,ssh,Process name. 8.12.0-dev+exp,true,process,process.group_leader.name.text,match_only_text,extended,,ssh,Process name. 8.12.0-dev+exp,true,process,process.group_leader.pid,long,core,,4242,Process id. 8.12.0-dev+exp,true,process,process.group_leader.real_group.id,keyword,extended,,,Unique identifier for the group on the system/platform. @@ -760,6 +765,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev+exp,true,process,process.macho.sections.virtual_size,long,extended,,,Mach-O Section List virtual size. This is always the same as `physical_size`. 8.12.0-dev+exp,true,process,process.macho.symhash,keyword,extended,,d3ccf195b62a9279c3c19af1080497ec,A hash of the imports in a Mach-O file. 8.12.0-dev+exp,true,process,process.name,keyword,extended,,ssh,Process name. +8.12.0-dev+exp,true,process,process.name.caseless,keyword,extended,,ssh,Process name. 8.12.0-dev+exp,true,process,process.name.text,match_only_text,extended,,ssh,Process name. 8.12.0-dev+exp,true,process,process.parent.args,keyword,extended,array,"[""/usr/bin/ssh"", ""-l"", ""user"", ""10.0.0.16""]",Array of process arguments. 8.12.0-dev+exp,true,process,process.parent.args_count,long,extended,,4,Length of the process.args array. @@ -815,6 +821,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev+exp,true,process,process.parent.end,date,extended,,2016-05-23T08:05:34.853Z,The time the process ended. 8.12.0-dev+exp,true,process,process.parent.entity_id,keyword,extended,,c2c455d9f99375d,Unique identifier for the process. 8.12.0-dev+exp,true,process,process.parent.executable,keyword,extended,,/usr/bin/ssh,Absolute path to the process executable. +8.12.0-dev+exp,true,process,process.parent.executable.caseless,keyword,extended,,/usr/bin/ssh,Absolute path to the process executable. 8.12.0-dev+exp,true,process,process.parent.executable.text,match_only_text,extended,,/usr/bin/ssh,Absolute path to the process executable. 8.12.0-dev+exp,true,process,process.parent.exit_code,long,extended,,137,The exit code of the process. 8.12.0-dev+exp,true,process,process.parent.group.id,keyword,extended,,,Unique identifier for the group on the system/platform. @@ -848,6 +855,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev+exp,true,process,process.parent.macho.sections.virtual_size,long,extended,,,Mach-O Section List virtual size. This is always the same as `physical_size`. 8.12.0-dev+exp,true,process,process.parent.macho.symhash,keyword,extended,,d3ccf195b62a9279c3c19af1080497ec,A hash of the imports in a Mach-O file. 8.12.0-dev+exp,true,process,process.parent.name,keyword,extended,,ssh,Process name. +8.12.0-dev+exp,true,process,process.parent.name.caseless,keyword,extended,,ssh,Process name. 8.12.0-dev+exp,true,process,process.parent.name.text,match_only_text,extended,,ssh,Process name. 8.12.0-dev+exp,true,process,process.parent.pe.architecture,keyword,extended,,x64,CPU architecture target for the file. 8.12.0-dev+exp,true,process,process.parent.pe.company,keyword,extended,,Microsoft Corporation,"Internal company name of the file, provided at compile-time." @@ -931,6 +939,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev+exp,true,process,process.previous.args,keyword,extended,array,"[""/usr/bin/ssh"", ""-l"", ""user"", ""10.0.0.16""]",Array of process arguments. 8.12.0-dev+exp,true,process,process.previous.args_count,long,extended,,4,Length of the process.args array. 8.12.0-dev+exp,true,process,process.previous.executable,keyword,extended,,/usr/bin/ssh,Absolute path to the process executable. +8.12.0-dev+exp,true,process,process.previous.executable.caseless,keyword,extended,,/usr/bin/ssh,Absolute path to the process executable. 8.12.0-dev+exp,true,process,process.previous.executable.text,match_only_text,extended,,/usr/bin/ssh,Absolute path to the process executable. 8.12.0-dev+exp,true,process,process.real_group.id,keyword,extended,,,Unique identifier for the group on the system/platform. 8.12.0-dev+exp,true,process,process.real_group.name,keyword,extended,,,Name of the group. @@ -948,11 +957,13 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev+exp,true,process,process.session_leader.command_line.text,match_only_text,extended,,/usr/bin/ssh -l user 10.0.0.16,Full command line that started the process. 8.12.0-dev+exp,true,process,process.session_leader.entity_id,keyword,extended,,c2c455d9f99375d,Unique identifier for the process. 8.12.0-dev+exp,true,process,process.session_leader.executable,keyword,extended,,/usr/bin/ssh,Absolute path to the process executable. +8.12.0-dev+exp,true,process,process.session_leader.executable.caseless,keyword,extended,,/usr/bin/ssh,Absolute path to the process executable. 8.12.0-dev+exp,true,process,process.session_leader.executable.text,match_only_text,extended,,/usr/bin/ssh,Absolute path to the process executable. 8.12.0-dev+exp,true,process,process.session_leader.group.id,keyword,extended,,,Unique identifier for the group on the system/platform. 8.12.0-dev+exp,true,process,process.session_leader.group.name,keyword,extended,,,Name of the group. 8.12.0-dev+exp,true,process,process.session_leader.interactive,boolean,extended,,True,Whether the process is connected to an interactive shell. 8.12.0-dev+exp,true,process,process.session_leader.name,keyword,extended,,ssh,Process name. +8.12.0-dev+exp,true,process,process.session_leader.name.caseless,keyword,extended,,ssh,Process name. 8.12.0-dev+exp,true,process,process.session_leader.name.text,match_only_text,extended,,ssh,Process name. 8.12.0-dev+exp,true,process,process.session_leader.parent.entity_id,keyword,extended,,c2c455d9f99375d,Unique identifier for the process. 8.12.0-dev+exp,true,process,process.session_leader.parent.pid,long,core,,4242,Process id. diff --git a/experimental/generated/ecs/ecs_flat.yml b/experimental/generated/ecs/ecs_flat.yml index 56716a240c..83e9549f55 100644 --- a/experimental/generated/ecs/ecs_flat.yml +++ b/experimental/generated/ecs/ecs_flat.yml @@ -8426,6 +8426,11 @@ process.entry_leader.executable: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.entry_leader.executable.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.entry_leader.executable.text name: text type: match_only_text @@ -8487,6 +8492,11 @@ process.entry_leader.name: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.entry_leader.name.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.entry_leader.name.text name: text type: match_only_text @@ -8910,6 +8920,11 @@ process.executable: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.executable.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.executable.text name: text type: match_only_text @@ -9007,6 +9022,11 @@ process.group_leader.executable: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.group_leader.executable.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.group_leader.executable.text name: text type: match_only_text @@ -9068,6 +9088,11 @@ process.group_leader.name: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.group_leader.name.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.group_leader.name.text name: text type: match_only_text @@ -9757,6 +9782,11 @@ process.name: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.name.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.name.text name: text type: match_only_text @@ -10418,6 +10448,11 @@ process.parent.executable: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.parent.executable.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.parent.executable.text name: text type: match_only_text @@ -10827,6 +10862,11 @@ process.parent.name: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.parent.name.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.parent.name.text name: text type: match_only_text @@ -11811,6 +11851,11 @@ process.previous.executable: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.previous.executable.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.previous.executable.text name: text type: match_only_text @@ -11996,6 +12041,11 @@ process.session_leader.executable: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.session_leader.executable.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.session_leader.executable.text name: text type: match_only_text @@ -12057,6 +12107,11 @@ process.session_leader.name: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.session_leader.name.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.session_leader.name.text name: text type: match_only_text diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml index 312cf49b80..e83d8ffe76 100644 --- a/experimental/generated/ecs/ecs_nested.yml +++ b/experimental/generated/ecs/ecs_nested.yml @@ -10636,6 +10636,11 @@ process: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.entry_leader.executable.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.entry_leader.executable.text name: text type: match_only_text @@ -10697,6 +10702,11 @@ process: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.entry_leader.name.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.entry_leader.name.text name: text type: match_only_text @@ -11120,6 +11130,11 @@ process: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.executable.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.executable.text name: text type: match_only_text @@ -11217,6 +11232,11 @@ process: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.group_leader.executable.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.group_leader.executable.text name: text type: match_only_text @@ -11278,6 +11298,11 @@ process: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.group_leader.name.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.group_leader.name.text name: text type: match_only_text @@ -11971,6 +11996,11 @@ process: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.name.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.name.text name: text type: match_only_text @@ -12633,6 +12663,11 @@ process: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.parent.executable.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.parent.executable.text name: text type: match_only_text @@ -13043,6 +13078,11 @@ process: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.parent.name.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.parent.name.text name: text type: match_only_text @@ -14029,6 +14069,11 @@ process: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.previous.executable.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.previous.executable.text name: text type: match_only_text @@ -14214,6 +14259,11 @@ process: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.session_leader.executable.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.session_leader.executable.text name: text type: match_only_text @@ -14275,6 +14325,11 @@ process: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.session_leader.name.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.session_leader.name.text name: text type: match_only_text diff --git a/experimental/generated/elasticsearch/composable/component/process.json b/experimental/generated/elasticsearch/composable/component/process.json index 3f144db017..39856825be 100644 --- a/experimental/generated/elasticsearch/composable/component/process.json +++ b/experimental/generated/elasticsearch/composable/component/process.json @@ -275,6 +275,11 @@ }, "executable": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -299,6 +304,11 @@ }, "name": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -471,6 +481,11 @@ }, "executable": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -504,6 +519,11 @@ }, "executable": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -528,6 +548,11 @@ }, "name": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -787,6 +812,11 @@ }, "name": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -1002,6 +1032,11 @@ }, "executable": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -1136,6 +1171,11 @@ }, "name": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -1492,6 +1532,11 @@ }, "executable": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -1582,6 +1627,11 @@ }, "executable": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -1606,6 +1656,11 @@ }, "name": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } diff --git a/experimental/generated/elasticsearch/legacy/template.json b/experimental/generated/elasticsearch/legacy/template.json index 1dc48de290..f21fb87595 100644 --- a/experimental/generated/elasticsearch/legacy/template.json +++ b/experimental/generated/elasticsearch/legacy/template.json @@ -2996,6 +2996,11 @@ }, "executable": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -3020,6 +3025,11 @@ }, "name": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -3192,6 +3202,11 @@ }, "executable": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -3225,6 +3240,11 @@ }, "executable": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -3249,6 +3269,11 @@ }, "name": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -3508,6 +3533,11 @@ }, "name": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -3723,6 +3753,11 @@ }, "executable": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -3857,6 +3892,11 @@ }, "name": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -4213,6 +4253,11 @@ }, "executable": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -4303,6 +4348,11 @@ }, "executable": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -4327,6 +4377,11 @@ }, "name": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index b88a755686..e28c931fe8 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -5125,6 +5125,10 @@ type: keyword ignore_above: 1024 multi_fields: + - name: caseless + type: keyword + normalizer: lowercase + ignore_above: 1024 - name: text type: match_only_text description: Absolute path to the process executable. @@ -5163,6 +5167,10 @@ type: keyword ignore_above: 1024 multi_fields: + - name: caseless + type: keyword + normalizer: lowercase + ignore_above: 1024 - name: text type: match_only_text description: 'Process name. @@ -5432,6 +5440,11 @@ type: keyword ignore_above: 1024 multi_fields: + - name: caseless + type: keyword + normalizer: lowercase + ignore_above: 1024 + default_field: false - name: text type: match_only_text default_field: false @@ -5498,6 +5511,10 @@ type: keyword ignore_above: 1024 multi_fields: + - name: caseless + type: keyword + normalizer: lowercase + ignore_above: 1024 - name: text type: match_only_text description: Absolute path to the process executable. @@ -5536,6 +5553,10 @@ type: keyword ignore_above: 1024 multi_fields: + - name: caseless + type: keyword + normalizer: lowercase + ignore_above: 1024 - name: text type: match_only_text description: 'Process name. @@ -5950,6 +5971,11 @@ type: keyword ignore_above: 1024 multi_fields: + - name: caseless + type: keyword + normalizer: lowercase + ignore_above: 1024 + default_field: false - name: text type: match_only_text default_field: false @@ -6339,6 +6365,10 @@ type: keyword ignore_above: 1024 multi_fields: + - name: caseless + type: keyword + normalizer: lowercase + ignore_above: 1024 - name: text type: match_only_text description: Absolute path to the process executable. @@ -6582,6 +6612,10 @@ type: keyword ignore_above: 1024 multi_fields: + - name: caseless + type: keyword + normalizer: lowercase + ignore_above: 1024 - name: text type: match_only_text description: 'Process name. @@ -7168,6 +7202,10 @@ type: keyword ignore_above: 1024 multi_fields: + - name: caseless + type: keyword + normalizer: lowercase + ignore_above: 1024 - name: text type: match_only_text description: Absolute path to the process executable. @@ -7283,6 +7321,10 @@ type: keyword ignore_above: 1024 multi_fields: + - name: caseless + type: keyword + normalizer: lowercase + ignore_above: 1024 - name: text type: match_only_text description: Absolute path to the process executable. @@ -7321,6 +7363,10 @@ type: keyword ignore_above: 1024 multi_fields: + - name: caseless + type: keyword + normalizer: lowercase + ignore_above: 1024 - name: text type: match_only_text description: 'Process name. diff --git a/generated/csv/fields.csv b/generated/csv/fields.csv index 3ca25f1445..b23b896390 100644 --- a/generated/csv/fields.csv +++ b/generated/csv/fields.csv @@ -641,11 +641,13 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev,true,process,process.entry_leader.entry_meta.source.ip,ip,core,,,IP address of the source. 8.12.0-dev,true,process,process.entry_leader.entry_meta.type,keyword,extended,,,The entry type for the entry session leader. 8.12.0-dev,true,process,process.entry_leader.executable,keyword,extended,,/usr/bin/ssh,Absolute path to the process executable. +8.12.0-dev,true,process,process.entry_leader.executable.caseless,keyword,extended,,/usr/bin/ssh,Absolute path to the process executable. 8.12.0-dev,true,process,process.entry_leader.executable.text,match_only_text,extended,,/usr/bin/ssh,Absolute path to the process executable. 8.12.0-dev,true,process,process.entry_leader.group.id,keyword,extended,,,Unique identifier for the group on the system/platform. 8.12.0-dev,true,process,process.entry_leader.group.name,keyword,extended,,,Name of the group. 8.12.0-dev,true,process,process.entry_leader.interactive,boolean,extended,,True,Whether the process is connected to an interactive shell. 8.12.0-dev,true,process,process.entry_leader.name,keyword,extended,,ssh,Process name. +8.12.0-dev,true,process,process.entry_leader.name.caseless,keyword,extended,,ssh,Process name. 8.12.0-dev,true,process,process.entry_leader.name.text,match_only_text,extended,,ssh,Process name. 8.12.0-dev,true,process,process.entry_leader.parent.entity_id,keyword,extended,,c2c455d9f99375d,Unique identifier for the process. 8.12.0-dev,true,process,process.entry_leader.parent.pid,long,core,,4242,Process id. @@ -681,6 +683,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev,true,process,process.entry_leader.working_directory.text,match_only_text,extended,,/home/alice,The working directory of the process. 8.12.0-dev,true,process,process.env_vars,keyword,extended,array,"[""PATH=/usr/local/bin:/usr/bin"", ""USER=ubuntu""]",Array of environment variable bindings. 8.12.0-dev,true,process,process.executable,keyword,extended,,/usr/bin/ssh,Absolute path to the process executable. +8.12.0-dev,true,process,process.executable.caseless,keyword,extended,,/usr/bin/ssh,Absolute path to the process executable. 8.12.0-dev,true,process,process.executable.text,match_only_text,extended,,/usr/bin/ssh,Absolute path to the process executable. 8.12.0-dev,true,process,process.exit_code,long,extended,,137,The exit code of the process. 8.12.0-dev,true,process,process.group_leader.args,keyword,extended,array,"[""/usr/bin/ssh"", ""-l"", ""user"", ""10.0.0.16""]",Array of process arguments. @@ -689,11 +692,13 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev,true,process,process.group_leader.command_line.text,match_only_text,extended,,/usr/bin/ssh -l user 10.0.0.16,Full command line that started the process. 8.12.0-dev,true,process,process.group_leader.entity_id,keyword,extended,,c2c455d9f99375d,Unique identifier for the process. 8.12.0-dev,true,process,process.group_leader.executable,keyword,extended,,/usr/bin/ssh,Absolute path to the process executable. +8.12.0-dev,true,process,process.group_leader.executable.caseless,keyword,extended,,/usr/bin/ssh,Absolute path to the process executable. 8.12.0-dev,true,process,process.group_leader.executable.text,match_only_text,extended,,/usr/bin/ssh,Absolute path to the process executable. 8.12.0-dev,true,process,process.group_leader.group.id,keyword,extended,,,Unique identifier for the group on the system/platform. 8.12.0-dev,true,process,process.group_leader.group.name,keyword,extended,,,Name of the group. 8.12.0-dev,true,process,process.group_leader.interactive,boolean,extended,,True,Whether the process is connected to an interactive shell. 8.12.0-dev,true,process,process.group_leader.name,keyword,extended,,ssh,Process name. +8.12.0-dev,true,process,process.group_leader.name.caseless,keyword,extended,,ssh,Process name. 8.12.0-dev,true,process,process.group_leader.name.text,match_only_text,extended,,ssh,Process name. 8.12.0-dev,true,process,process.group_leader.pid,long,core,,4242,Process id. 8.12.0-dev,true,process,process.group_leader.real_group.id,keyword,extended,,,Unique identifier for the group on the system/platform. @@ -753,6 +758,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev,true,process,process.macho.sections.virtual_size,long,extended,,,Mach-O Section List virtual size. This is always the same as `physical_size`. 8.12.0-dev,true,process,process.macho.symhash,keyword,extended,,d3ccf195b62a9279c3c19af1080497ec,A hash of the imports in a Mach-O file. 8.12.0-dev,true,process,process.name,keyword,extended,,ssh,Process name. +8.12.0-dev,true,process,process.name.caseless,keyword,extended,,ssh,Process name. 8.12.0-dev,true,process,process.name.text,match_only_text,extended,,ssh,Process name. 8.12.0-dev,true,process,process.parent.args,keyword,extended,array,"[""/usr/bin/ssh"", ""-l"", ""user"", ""10.0.0.16""]",Array of process arguments. 8.12.0-dev,true,process,process.parent.args_count,long,extended,,4,Length of the process.args array. @@ -808,6 +814,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev,true,process,process.parent.end,date,extended,,2016-05-23T08:05:34.853Z,The time the process ended. 8.12.0-dev,true,process,process.parent.entity_id,keyword,extended,,c2c455d9f99375d,Unique identifier for the process. 8.12.0-dev,true,process,process.parent.executable,keyword,extended,,/usr/bin/ssh,Absolute path to the process executable. +8.12.0-dev,true,process,process.parent.executable.caseless,keyword,extended,,/usr/bin/ssh,Absolute path to the process executable. 8.12.0-dev,true,process,process.parent.executable.text,match_only_text,extended,,/usr/bin/ssh,Absolute path to the process executable. 8.12.0-dev,true,process,process.parent.exit_code,long,extended,,137,The exit code of the process. 8.12.0-dev,true,process,process.parent.group.id,keyword,extended,,,Unique identifier for the group on the system/platform. @@ -841,6 +848,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev,true,process,process.parent.macho.sections.virtual_size,long,extended,,,Mach-O Section List virtual size. This is always the same as `physical_size`. 8.12.0-dev,true,process,process.parent.macho.symhash,keyword,extended,,d3ccf195b62a9279c3c19af1080497ec,A hash of the imports in a Mach-O file. 8.12.0-dev,true,process,process.parent.name,keyword,extended,,ssh,Process name. +8.12.0-dev,true,process,process.parent.name.caseless,keyword,extended,,ssh,Process name. 8.12.0-dev,true,process,process.parent.name.text,match_only_text,extended,,ssh,Process name. 8.12.0-dev,true,process,process.parent.pe.architecture,keyword,extended,,x64,CPU architecture target for the file. 8.12.0-dev,true,process,process.parent.pe.company,keyword,extended,,Microsoft Corporation,"Internal company name of the file, provided at compile-time." @@ -924,6 +932,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev,true,process,process.previous.args,keyword,extended,array,"[""/usr/bin/ssh"", ""-l"", ""user"", ""10.0.0.16""]",Array of process arguments. 8.12.0-dev,true,process,process.previous.args_count,long,extended,,4,Length of the process.args array. 8.12.0-dev,true,process,process.previous.executable,keyword,extended,,/usr/bin/ssh,Absolute path to the process executable. +8.12.0-dev,true,process,process.previous.executable.caseless,keyword,extended,,/usr/bin/ssh,Absolute path to the process executable. 8.12.0-dev,true,process,process.previous.executable.text,match_only_text,extended,,/usr/bin/ssh,Absolute path to the process executable. 8.12.0-dev,true,process,process.real_group.id,keyword,extended,,,Unique identifier for the group on the system/platform. 8.12.0-dev,true,process,process.real_group.name,keyword,extended,,,Name of the group. @@ -941,11 +950,13 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev,true,process,process.session_leader.command_line.text,match_only_text,extended,,/usr/bin/ssh -l user 10.0.0.16,Full command line that started the process. 8.12.0-dev,true,process,process.session_leader.entity_id,keyword,extended,,c2c455d9f99375d,Unique identifier for the process. 8.12.0-dev,true,process,process.session_leader.executable,keyword,extended,,/usr/bin/ssh,Absolute path to the process executable. +8.12.0-dev,true,process,process.session_leader.executable.caseless,keyword,extended,,/usr/bin/ssh,Absolute path to the process executable. 8.12.0-dev,true,process,process.session_leader.executable.text,match_only_text,extended,,/usr/bin/ssh,Absolute path to the process executable. 8.12.0-dev,true,process,process.session_leader.group.id,keyword,extended,,,Unique identifier for the group on the system/platform. 8.12.0-dev,true,process,process.session_leader.group.name,keyword,extended,,,Name of the group. 8.12.0-dev,true,process,process.session_leader.interactive,boolean,extended,,True,Whether the process is connected to an interactive shell. 8.12.0-dev,true,process,process.session_leader.name,keyword,extended,,ssh,Process name. +8.12.0-dev,true,process,process.session_leader.name.caseless,keyword,extended,,ssh,Process name. 8.12.0-dev,true,process,process.session_leader.name.text,match_only_text,extended,,ssh,Process name. 8.12.0-dev,true,process,process.session_leader.parent.entity_id,keyword,extended,,c2c455d9f99375d,Unique identifier for the process. 8.12.0-dev,true,process,process.session_leader.parent.pid,long,core,,4242,Process id. diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index 50e16f1826..eac6f84afe 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -8357,6 +8357,11 @@ process.entry_leader.executable: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.entry_leader.executable.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.entry_leader.executable.text name: text type: match_only_text @@ -8418,6 +8423,11 @@ process.entry_leader.name: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.entry_leader.name.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.entry_leader.name.text name: text type: match_only_text @@ -8841,6 +8851,11 @@ process.executable: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.executable.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.executable.text name: text type: match_only_text @@ -8938,6 +8953,11 @@ process.group_leader.executable: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.group_leader.executable.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.group_leader.executable.text name: text type: match_only_text @@ -8999,6 +9019,11 @@ process.group_leader.name: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.group_leader.name.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.group_leader.name.text name: text type: match_only_text @@ -9688,6 +9713,11 @@ process.name: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.name.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.name.text name: text type: match_only_text @@ -10349,6 +10379,11 @@ process.parent.executable: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.parent.executable.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.parent.executable.text name: text type: match_only_text @@ -10758,6 +10793,11 @@ process.parent.name: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.parent.name.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.parent.name.text name: text type: match_only_text @@ -11742,6 +11782,11 @@ process.previous.executable: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.previous.executable.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.previous.executable.text name: text type: match_only_text @@ -11927,6 +11972,11 @@ process.session_leader.executable: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.session_leader.executable.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.session_leader.executable.text name: text type: match_only_text @@ -11988,6 +12038,11 @@ process.session_leader.name: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.session_leader.name.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.session_leader.name.text name: text type: match_only_text diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index fa5f354d5f..4ab83e3134 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -10556,6 +10556,11 @@ process: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.entry_leader.executable.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.entry_leader.executable.text name: text type: match_only_text @@ -10617,6 +10622,11 @@ process: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.entry_leader.name.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.entry_leader.name.text name: text type: match_only_text @@ -11040,6 +11050,11 @@ process: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.executable.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.executable.text name: text type: match_only_text @@ -11137,6 +11152,11 @@ process: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.group_leader.executable.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.group_leader.executable.text name: text type: match_only_text @@ -11198,6 +11218,11 @@ process: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.group_leader.name.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.group_leader.name.text name: text type: match_only_text @@ -11891,6 +11916,11 @@ process: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.name.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.name.text name: text type: match_only_text @@ -12553,6 +12583,11 @@ process: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.parent.executable.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.parent.executable.text name: text type: match_only_text @@ -12963,6 +12998,11 @@ process: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.parent.name.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.parent.name.text name: text type: match_only_text @@ -13949,6 +13989,11 @@ process: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.previous.executable.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.previous.executable.text name: text type: match_only_text @@ -14134,6 +14179,11 @@ process: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.session_leader.executable.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.session_leader.executable.text name: text type: match_only_text @@ -14195,6 +14245,11 @@ process: ignore_above: 1024 level: extended multi_fields: + - flat_name: process.session_leader.name.caseless + ignore_above: 1024 + name: caseless + normalizer: lowercase + type: keyword - flat_name: process.session_leader.name.text name: text type: match_only_text diff --git a/generated/elasticsearch/composable/component/process.json b/generated/elasticsearch/composable/component/process.json index c20dbd00f2..eca49b93bb 100644 --- a/generated/elasticsearch/composable/component/process.json +++ b/generated/elasticsearch/composable/component/process.json @@ -275,6 +275,11 @@ }, "executable": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -299,6 +304,11 @@ }, "name": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -471,6 +481,11 @@ }, "executable": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -504,6 +519,11 @@ }, "executable": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -528,6 +548,11 @@ }, "name": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -787,6 +812,11 @@ }, "name": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -1002,6 +1032,11 @@ }, "executable": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -1136,6 +1171,11 @@ }, "name": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -1492,6 +1532,11 @@ }, "executable": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -1582,6 +1627,11 @@ }, "executable": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -1606,6 +1656,11 @@ }, "name": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } diff --git a/generated/elasticsearch/legacy/template.json b/generated/elasticsearch/legacy/template.json index 0e26f73020..4fda1ac8e0 100644 --- a/generated/elasticsearch/legacy/template.json +++ b/generated/elasticsearch/legacy/template.json @@ -2954,6 +2954,11 @@ }, "executable": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -2978,6 +2983,11 @@ }, "name": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -3150,6 +3160,11 @@ }, "executable": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -3183,6 +3198,11 @@ }, "executable": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -3207,6 +3227,11 @@ }, "name": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -3466,6 +3491,11 @@ }, "name": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -3681,6 +3711,11 @@ }, "executable": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -3815,6 +3850,11 @@ }, "name": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -4171,6 +4211,11 @@ }, "executable": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -4261,6 +4306,11 @@ }, "executable": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" } @@ -4285,6 +4335,11 @@ }, "name": { "fields": { + "caseless": { + "ignore_above": 1024, + "normalizer": "lowercase", + "type": "keyword" + }, "text": { "type": "match_only_text" }