1{ 2 "mappings": { 3 "_meta": { 4 "version": "5.5.2" 5 }, 6 "date_detection": false, 7 "dynamic_templates": [ 8 { 9 "strings_as_keyword": { 10 "mapping": { 11 "ignore_above": 1024, 12 "type": "keyword" 13 }, 14 "match_mapping_type": "string" 15 } 16 } 17 ], 18 "properties": { 19 "@timestamp": { 20 "type": "date" 21 }, 22 "meta": { 23 "properties": { 24 "cloud": { 25 "properties": { 26 "availability_zone": { 27 "ignore_above": 1024, 28 "type": "keyword" 29 }, 30 "instance_id": { 31 "ignore_above": 1024, 32 "type": "keyword" 33 }, 34 "machine_type": { 35 "ignore_above": 1024, 36 "type": "keyword" 37 }, 38 "project_id": { 39 "ignore_above": 1024, 40 "type": "keyword" 41 }, 42 "provider": { 43 "ignore_above": 1024, 44 "type": "keyword" 45 }, 46 "region": { 47 "ignore_above": 1024, 48 "type": "keyword" 49 } 50 } 51 } 52 } 53 }, 54 "rspamd_meta": { 55 "properties": { 56 "action": { 57 "ignore_above": 1024, 58 "type": "keyword" 59 }, 60 "direction": { 61 "ignore_above": 1024, 62 "type": "keyword" 63 }, 64 "asn": { 65 "properties": { 66 "asn": { 67 "type": "long" 68 }, 69 "country_code": { 70 "ignore_above": 1024, 71 "type": "keyword" 72 }, 73 "ipnet": { 74 "ignore_above": 1024, 75 "type": "keyword" 76 }, 77 "registrant": { 78 "ignore_above": 1024, 79 "type": "keyword" 80 } 81 } 82 }, 83 "from": { 84 "ignore_above": 1024, 85 "type": "keyword" 86 }, 87 "is_local": { 88 "type": "boolean" 89 }, 90 "webmail": { 91 "type": "boolean" 92 }, 93 "geoip": { 94 "properties": { 95 "city_name": { 96 "ignore_above": 1024, 97 "type": "keyword" 98 }, 99 "continent_name": { 100 "ignore_above": 1024, 101 "type": "keyword" 102 }, 103 "country_iso_code": { 104 "ignore_above": 1024, 105 "type": "keyword" 106 }, 107 "location": { 108 "type": "geo_point" 109 } 110 } 111 }, 112 "ip": { 113 "ignore_above": 1024, 114 "type": "keyword" 115 }, 116 "qid": { 117 "ignore_above": 1024, 118 "type": "keyword" 119 }, 120 "hostname": { 121 "ignore_above": 1024, 122 "type": "keyword" 123 }, 124 "score": { 125 "type": "float" 126 }, 127 "user": { 128 "ignore_above": 1024, 129 "type": "keyword" 130 } 131 } 132 }, 133 "tags": { 134 "ignore_above": 1024, 135 "type": "keyword" 136 } 137 } 138 }, 139 "order": 0, 140 "settings": { 141 "index.mapping.total_fields.limit": 10000, 142 "index.refresh_interval": "5s" 143 }, 144 "index_patterns" : ["rspamd-*", "*-rspamd-*"] 145} 146