-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathelasticsearch-index-template.json
85 lines (85 loc) · 1.64 KB
/
elasticsearch-index-template.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
{
"priority": 200,
"template": {
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": "3000"
}
},
"refresh_interval": "5s",
"number_of_shards": "1",
"number_of_replicas": "0",
"query": {
"default_field": [
"message"
]
}
}
},
"mappings": {
"_source": {
"enabled": true
},
"date_detection": false,
"properties": {
"@timestamp": {
"type": "date"
},
"@version": {
"type": "keyword"
},
"severity": {
"type": "text",
"index": true,
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"source": {
"index": true,
"type": "keyword"
},
"message": {
"type": "text",
"index": true
},
"fields": {
"type": "text",
"index": true
},
"subject": {
"type": "keyword",
"index": true
},
"rid": {
"type": "keyword",
"index": true
},
"proc_time": {
"type": "text",
"index": true
},
"source_host": {
"type": "text",
"index": true,
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
}
},
"index_patterns": [
"logs-app-default*"
],
"data_stream": {},
"composed_of": []
}