-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathindex-template.sh
14 lines (13 loc) · 4.51 KB
/
index-template.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
##to keep your queries from being split in auto-created indexes
##index template
curl -XPUT localhost:9200/_template/auto-template -d '
{
"template" : "logstash-*",
"settings" : {
"analysis": {
"analyzer": {
"no_split": {
"tokenizer": "keyword"}}}},
"mappings":{"BRO_ntplog":{"properties":{"@timestamp":{"type":"date","format":"dateOptionalTime"},"@version":{"type":"string"},"code":{"type":"string"},"geoip":{"properties":{"area_code":{"type":"long"},"city_name":{"type":"string"},"continent_code":{"type":"string"},"coordinates":{"type":"double"},"country_code2":{"type":"string"},"country_code3":{"type":"string"},"country_name":{"type":"string"},"dma_code":{"type":"long"},"ip":{"type":"string"},"latitude":{"type":"double"},"longitude":{"type":"double"},"postal_code":{"type":"string"},"real_region_name":{"type":"string"},"region_name":{"type":"string"},"timezone":{"type":"string"}}},"host":{"type":"string"},"id.orig_h":{"type":"string"},"id.resp_h":{"type":"string"},"message":{"type":"string"},"path":{"type":"string"},"poll":{"type":"string"},"preceission":{"type":"string"},"refid":{"type":"string"},"reftime":{"type":"string"},"stratum":{"type":"string"},"ts":{"type":"string"},"type":{"type":"string"},"uid":{"type":"string"}}},"BRO_dnslog":{"properties":{"@timestamp":{"type":"date","format":"dateOptionalTime"},"@version":{"type":"string"},"AA":{"type":"string"},"RA":{"type":"string"},"RD":{"type":"string"},"TC":{"type":"string"},"TTLs":{"type":"string"},"Z":{"type":"string"},"answers":{"type":"string"},"geoip":{"properties":{"area_code":{"type":"long"},"city_name":{"type":"string"},"continent_code":{"type":"string"},"coordinates":{"type":"double"},"country_code2":{"type":"string"},"country_code3":{"type":"string"},"country_name":{"type":"string"},"dma_code":{"type":"long"},"ip":{"type":"string"},"latitude":{"type":"double"},"longitude":{"type":"double"},"postal_code":{"type":"string"},"real_region_name":{"type":"string"},"region_name":{"type":"string"},"timezone":{"type":"string"}}},"host":{"type":"string"},"id.orig_h":{"type":"string"},"id.orig_p":{"type":"string"},"id.resp_h":{"type":"string"},"id.resp_p":{"type":"string"},"message":{"type":"string"},"path":{"type":"string"},"proto":{"type":"string"},"qclass":{"type":"string"},"qclass_name":{"type":"string"},"qtype":{"type":"string"},"qtype_name":{"type":"string"},"query":{"type":"string","analyzer":"no_split"},"rcode":{"type":"string"},"rcode_name":{"type":"string"},"rejected":{"type":"string"},"trans_id":{"type":"string"},"ts":{"type":"string"},"type":{"type":"string"},"uid":{"type":"string"}}},"SSHPOT_sshlog":{"properties":{"@timestamp":{"type":"date","format":"dateOptionalTime"},"@version":{"type":"string"},"geoip":{"properties":{"city_name":{"type":"string"},"continent_code":{"type":"string"},"coordinates":{"type":"double"},"country_code2":{"type":"string"},"country_code3":{"type":"string"},"country_name":{"type":"string"},"ip":{"type":"string"},"latitude":{"type":"double"},"longitude":{"type":"double"},"real_region_name":{"type":"string"},"region_name":{"type":"string"},"timezone":{"type":"string"}}},"host":{"type":"string"},"id.orig_h":{"type":"string"},"message":{"type":"string"},"pass":{"type":"string"},"path":{"type":"string"},"ts":{"type":"string"},"type":{"type":"string"},"user":{"type":"string"}}},"BRO_connlog":{"properties":{"@timestamp":{"type":"date","format":"dateOptionalTime"},"@version":{"type":"string"},"conn_state":{"type":"string"},"duration":{"type":"string"},"geoip":{"properties":{"area_code":{"type":"long"},"city_name":{"type":"string"},"continent_code":{"type":"string"},"coordinates":{"type":"double"},"country_code2":{"type":"string"},"country_code3":{"type":"string"},"country_name":{"type":"string"},"dma_code":{"type":"long"},"ip":{"type":"string"},"latitude":{"type":"double"},"longitude":{"type":"double"},"postal_code":{"type":"string"},"real_region_name":{"type":"string"},"region_name":{"type":"string"},"timezone":{"type":"string"}}},"history":{"type":"string"},"host":{"type":"string"},"id.orig_h":{"type":"string"},"id.orig_p":{"type":"string"},"id.resp_h":{"type":"string"},"id.resp_p":{"type":"string"},"local_orig":{"type":"string"},"message":{"type":"string"},"missed_bytes":{"type":"string"},"orig_bytes":{"type":"string"},"orig_ip_bytes":{"type":"string"},"orig_pkts":{"type":"string"},"path":{"type":"string"},"proto":{"type":"string"},"resp_bytes":{"type":"string"},"resp_ip_bytes":{"type":"string"},"resp_pkts":{"type":"string"},"service":{"type":"string"},"ts":{"type":"string"},"type":{"type":"string"},"uid":{"type":"string"}}}}
}
'