es_archiver/full_heartbeat/mappings.json

{
  "type": "index",
  "value": {
    "aliases": {
      "heartbeat-8.0.0-full": {
        "is_write_index": true
      }
    },
    "index": "heartbeat-8-full-test",
    "mappings": {
      "_meta": {
        "beat": "heartbeat",
        "version": "8.0.0"
      },
      "dynamic_templates": [
        {
          "labels": {
            "path_match": "labels.*",
            "match_mapping_type": "string",
            "mapping": {
              "type": "keyword"
            }
          }
        },
        {
          "container.labels": {
            "path_match": "container.labels.*",
            "match_mapping_type": "string",
            "mapping": {
              "type": "keyword"
            }
          }
        },
        {
          "dns.answers": {
            "path_match": "dns.answers.*",
            "match_mapping_type": "string",
            "mapping": {
              "type": "keyword"
            }
          }
        },
        {
          "log.syslog": {
            "path_match": "log.syslog.*",
            "match_mapping_type": "string",
            "mapping": {
              "type": "keyword"
            }
          }
        },
        {
          "network.inner": {
            "path_match": "network.inner.*",
            "match_mapping_type": "string",
            "mapping": {
              "type": "keyword"
            }
          }
        },
        {
          "observer.egress": {
            "path_match": "observer.egress.*",
            "match_mapping_type": "string",
            "mapping": {
              "type": "keyword"
            }
          }
        },
        {
          "observer.ingress": {
            "path_match": "observer.ingress.*",
            "match_mapping_type": "string",
            "mapping": {
              "type": "keyword"
            }
          }
        },
        {
          "fields": {
            "path_match": "fields.*",
            "match_mapping_type": "string",
            "mapping": {
              "type": "keyword"
            }
          }
        },
        {
          "docker.container.labels": {
            "path_match": "docker.container.labels.*",
            "match_mapping_type": "string",
            "mapping": {
              "type": "keyword"
            }
          }
        },
        {
          "kubernetes.labels.*": {
            "path_match": "kubernetes.labels.*",
            "mapping": {
              "type": "keyword"
            }
          }
        },
        {
          "kubernetes.annotations.*": {
            "path_match": "kubernetes.annotations.*",
            "mapping": {
              "type": "keyword"
            }
          }
        },
        {
          "strings_as_keyword": {
            "match_mapping_type": "string",
            "mapping": {
              "ignore_above": 1024,
              "type": "keyword"
            }
          }
        }
      ],
      "date_detection": false,
      "properties": {
        "@timestamp": {
          "type": "date"
        },
        "agent": {
          "properties": {
            "ephemeral_id": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "hostname": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "id": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "name": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "type": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "version": {
              "type": "keyword",
              "ignore_above": 1024
            }
          }
        },
        "as": {
          "properties": {
            "number": {
              "type": "long"
            },
            "organization": {
              "properties": {
                "name": {
                  "type": "keyword",
                  "fields": {
                    "text": {
                      "type": "text",
                      "norms": false
                    }
                  },
                  "ignore_above": 1024
                }
              }
            }
          }
        },
        "client": {
          "properties": {
            "address": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "as": {
              "properties": {
                "number": {
                  "type": "long"
                },
                "organization": {
                  "properties": {
                    "name": {
                      "type": "keyword",
                      "fields": {
                        "text": {
                          "type": "text",
                          "norms": false
                        }
                      },
                      "ignore_above": 1024
                    }
                  }
                }
              }
            },
            "bytes": {
              "type": "long"
            },
            "domain": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "geo": {
              "properties": {
                "city_name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "continent_name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "country_iso_code": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "country_name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "location": {
                  "type": "geo_point"
                },
                "name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "region_iso_code": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "region_name": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "ip": {
              "type": "ip"
            },
            "mac": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "nat": {
              "properties": {
                "ip": {
                  "type": "ip"
                },
                "port": {
                  "type": "long"
                }
              }
            },
            "packets": {
              "type": "long"
            },
            "port": {
              "type": "long"
            },
            "registered_domain": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "top_level_domain": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "user": {
              "properties": {
                "domain": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "email": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "full_name": {
                  "type": "keyword",
                  "fields": {
                    "text": {
                      "type": "text",
                      "norms": false
                    }
                  },
                  "ignore_above": 1024
                },
                "group": {
                  "properties": {
                    "domain": {
                      "type": "keyword",
                      "ignore_above": 1024
                    },
                    "id": {
                      "type": "keyword",
                      "ignore_above": 1024
                    },
                    "name": {
                      "type": "keyword",
                      "ignore_above": 1024
                    }
                  }
                },
                "hash": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "id": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "name": {
                  "type": "keyword",
                  "fields": {
                    "text": {
                      "type": "text",
                      "norms": false
                    }
                  },
                  "ignore_above": 1024
                }
              }
            }
          }
        },
        "cloud": {
          "properties": {
            "account": {
              "properties": {
                "id": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "availability_zone": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "image": {
              "properties": {
                "id": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "instance": {
              "properties": {
                "id": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "name": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "machine": {
              "properties": {
                "type": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "project": {
              "properties": {
                "id": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "provider": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "region": {
              "type": "keyword",
              "ignore_above": 1024
            }
          }
        },
        "code_signature": {
          "properties": {
            "exists": {
              "type": "boolean"
            },
            "status": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "subject_name": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "trusted": {
              "type": "boolean"
            },
            "valid": {
              "type": "boolean"
            }
          }
        },
        "container": {
          "properties": {
            "id": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "image": {
              "properties": {
                "name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "tag": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "labels": {
              "type": "object"
            },
            "name": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "runtime": {
              "type": "keyword",
              "ignore_above": 1024
            }
          }
        },
        "destination": {
          "properties": {
            "address": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "as": {
              "properties": {
                "number": {
                  "type": "long"
                },
                "organization": {
                  "properties": {
                    "name": {
                      "type": "keyword",
                      "fields": {
                        "text": {
                          "type": "text",
                          "norms": false
                        }
                      },
                      "ignore_above": 1024
                    }
                  }
                }
              }
            },
            "bytes": {
              "type": "long"
            },
            "domain": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "geo": {
              "properties": {
                "city_name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "continent_name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "country_iso_code": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "country_name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "location": {
                  "type": "geo_point"
                },
                "name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "region_iso_code": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "region_name": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "ip": {
              "type": "ip"
            },
            "mac": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "nat": {
              "properties": {
                "ip": {
                  "type": "ip"
                },
                "port": {
                  "type": "long"
                }
              }
            },
            "packets": {
              "type": "long"
            },
            "port": {
              "type": "long"
            },
            "registered_domain": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "top_level_domain": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "user": {
              "properties": {
                "domain": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "email": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "full_name": {
                  "type": "keyword",
                  "fields": {
                    "text": {
                      "type": "text",
                      "norms": false
                    }
                  },
                  "ignore_above": 1024
                },
                "group": {
                  "properties": {
                    "domain": {
                      "type": "keyword",
                      "ignore_above": 1024
                    },
                    "id": {
                      "type": "keyword",
                      "ignore_above": 1024
                    },
                    "name": {
                      "type": "keyword",
                      "ignore_above": 1024
                    }
                  }
                },
                "hash": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "id": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "name": {
                  "type": "keyword",
                  "fields": {
                    "text": {
                      "type": "text",
                      "norms": false
                    }
                  },
                  "ignore_above": 1024
                }
              }
            }
          }
        },
        "dll": {
          "properties": {
            "code_signature": {
              "properties": {
                "exists": {
                  "type": "boolean"
                },
                "status": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "subject_name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "trusted": {
                  "type": "boolean"
                },
                "valid": {
                  "type": "boolean"
                }
              }
            },
            "hash": {
              "properties": {
                "md5": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "sha1": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "sha256": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "sha512": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "name": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "path": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "pe": {
              "properties": {
                "company": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "description": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "file_version": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "original_file_name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "product": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            }
          }
        },
        "dns": {
          "properties": {
            "answers": {
              "properties": {
                "class": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "data": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "ttl": {
                  "type": "long"
                },
                "type": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "header_flags": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "id": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "op_code": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "question": {
              "properties": {
                "class": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "registered_domain": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "subdomain": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "top_level_domain": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "type": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "resolved_ip": {
              "type": "ip"
            },
            "response_code": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "type": {
              "type": "keyword",
              "ignore_above": 1024
            }
          }
        },
        "docker": {
          "properties": {
            "container": {
              "properties": {
                "labels": {
                  "type": "object"
                }
              }
            }
          }
        },
        "ecs": {
          "properties": {
            "version": {
              "type": "keyword",
              "ignore_above": 1024
            }
          }
        },
        "error": {
          "properties": {
            "code": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "id": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "message": {
              "type": "text",
              "norms": false
            },
            "stack_trace": {
              "type": "keyword",
              "fields": {
                "text": {
                  "type": "text",
                  "norms": false
                }
              },
              "ignore_above": 1024
            },
            "type": {
              "type": "keyword",
              "ignore_above": 1024
            }
          }
        },
        "event": {
          "properties": {
            "action": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "category": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "code": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "created": {
              "type": "date"
            },
            "dataset": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "duration": {
              "type": "long"
            },
            "end": {
              "type": "date"
            },
            "hash": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "id": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "ingested": {
              "type": "date"
            },
            "kind": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "module": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "original": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "outcome": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "provider": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "reference": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "risk_score": {
              "type": "float"
            },
            "risk_score_norm": {
              "type": "float"
            },
            "sequence": {
              "type": "long"
            },
            "severity": {
              "type": "long"
            },
            "start": {
              "type": "date"
            },
            "timezone": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "type": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "url": {
              "type": "keyword",
              "ignore_above": 1024
            }
          }
        },
        "fields": {
          "type": "object"
        },
        "file": {
          "properties": {
            "accessed": {
              "type": "date"
            },
            "attributes": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "code_signature": {
              "properties": {
                "exists": {
                  "type": "boolean"
                },
                "status": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "subject_name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "trusted": {
                  "type": "boolean"
                },
                "valid": {
                  "type": "boolean"
                }
              }
            },
            "created": {
              "type": "date"
            },
            "ctime": {
              "type": "date"
            },
            "device": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "directory": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "drive_letter": {
              "type": "keyword",
              "ignore_above": 1
            },
            "extension": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "gid": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "group": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "hash": {
              "properties": {
                "md5": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "sha1": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "sha256": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "sha512": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "inode": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "mime_type": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "mode": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "mtime": {
              "type": "date"
            },
            "name": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "owner": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "path": {
              "type": "keyword",
              "fields": {
                "text": {
                  "type": "text",
                  "norms": false
                }
              },
              "ignore_above": 1024
            },
            "pe": {
              "properties": {
                "company": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "description": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "file_version": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "original_file_name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "product": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "size": {
              "type": "long"
            },
            "target_path": {
              "type": "keyword",
              "fields": {
                "text": {
                  "type": "text",
                  "norms": false
                }
              },
              "ignore_above": 1024
            },
            "type": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "uid": {
              "type": "keyword",
              "ignore_above": 1024
            }
          }
        },
        "geo": {
          "properties": {
            "city_name": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "continent_name": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "country_iso_code": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "country_name": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "location": {
              "type": "geo_point"
            },
            "name": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "region_iso_code": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "region_name": {
              "type": "keyword",
              "ignore_above": 1024
            }
          }
        },
        "group": {
          "properties": {
            "domain": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "id": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "name": {
              "type": "keyword",
              "ignore_above": 1024
            }
          }
        },
        "hash": {
          "properties": {
            "md5": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "sha1": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "sha256": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "sha512": {
              "type": "keyword",
              "ignore_above": 1024
            }
          }
        },
        "host": {
          "properties": {
            "architecture": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "containerized": {
              "type": "boolean"
            },
            "domain": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "geo": {
              "properties": {
                "city_name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "continent_name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "country_iso_code": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "country_name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "location": {
                  "type": "geo_point"
                },
                "name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "region_iso_code": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "region_name": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "hostname": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "id": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "ip": {
              "type": "ip"
            },
            "mac": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "name": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "os": {
              "properties": {
                "build": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "codename": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "family": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "full": {
                  "type": "keyword",
                  "fields": {
                    "text": {
                      "type": "text",
                      "norms": false
                    }
                  },
                  "ignore_above": 1024
                },
                "kernel": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "name": {
                  "type": "keyword",
                  "fields": {
                    "text": {
                      "type": "text",
                      "norms": false
                    }
                  },
                  "ignore_above": 1024
                },
                "platform": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "version": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "type": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "uptime": {
              "type": "long"
            },
            "user": {
              "properties": {
                "domain": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "email": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "full_name": {
                  "type": "keyword",
                  "fields": {
                    "text": {
                      "type": "text",
                      "norms": false
                    }
                  },
                  "ignore_above": 1024
                },
                "group": {
                  "properties": {
                    "domain": {
                      "type": "keyword",
                      "ignore_above": 1024
                    },
                    "id": {
                      "type": "keyword",
                      "ignore_above": 1024
                    },
                    "name": {
                      "type": "keyword",
                      "ignore_above": 1024
                    }
                  }
                },
                "hash": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "id": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "name": {
                  "type": "keyword",
                  "fields": {
                    "text": {
                      "type": "text",
                      "norms": false
                    }
                  },
                  "ignore_above": 1024
                }
              }
            }
          }
        },
        "http": {
          "properties": {
            "request": {
              "properties": {
                "body": {
                  "properties": {
                    "bytes": {
                      "type": "long"
                    },
                    "content": {
                      "type": "keyword",
                      "fields": {
                        "text": {
                          "type": "text",
                          "norms": false
                        }
                      },
                      "ignore_above": 1024
                    }
                  }
                },
                "bytes": {
                  "type": "long"
                },
                "method": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "referrer": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "response": {
              "properties": {
                "body": {
                  "properties": {
                    "bytes": {
                      "type": "long"
                    },
                    "content": {
                      "type": "keyword",
                      "fields": {
                        "text": {
                          "type": "text",
                          "norms": false
                        }
                      },
                      "ignore_above": 1024
                    },
                    "hash": {
                      "type": "keyword",
                      "ignore_above": 1024
                    }
                  }
                },
                "bytes": {
                  "type": "long"
                },
                "redirects": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "status_code": {
                  "type": "long"
                }
              }
            },
            "rtt": {
              "properties": {
                "content": {
                  "properties": {
                    "us": {
                      "type": "long"
                    }
                  }
                },
                "response_header": {
                  "properties": {
                    "us": {
                      "type": "long"
                    }
                  }
                },
                "total": {
                  "properties": {
                    "us": {
                      "type": "long"
                    }
                  }
                },
                "validate": {
                  "properties": {
                    "us": {
                      "type": "long"
                    }
                  }
                },
                "validate_body": {
                  "properties": {
                    "us": {
                      "type": "long"
                    }
                  }
                },
                "write_request": {
                  "properties": {
                    "us": {
                      "type": "long"
                    }
                  }
                }
              }
            },
            "version": {
              "type": "keyword",
              "ignore_above": 1024
            }
          }
        },
        "icmp": {
          "properties": {
            "requests": {
              "type": "long"
            },
            "rtt": {
              "properties": {
                "us": {
                  "type": "long"
                }
              }
            }
          }
        },
        "interface": {
          "properties": {
            "alias": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "id": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "name": {
              "type": "keyword",
              "ignore_above": 1024
            }
          }
        },
        "jolokia": {
          "properties": {
            "agent": {
              "properties": {
                "id": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "version": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "secured": {
              "type": "boolean"
            },
            "server": {
              "properties": {
                "product": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "vendor": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "version": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "url": {
              "type": "keyword",
              "ignore_above": 1024
            }
          }
        },
        "kubernetes": {
          "properties": {
            "annotations": {
              "properties": {
                "*": {
                  "type": "object"
                }
              }
            },
            "container": {
              "properties": {
                "image": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "name": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "deployment": {
              "properties": {
                "name": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "labels": {
              "properties": {
                "*": {
                  "type": "object"
                }
              }
            },
            "namespace": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "node": {
              "properties": {
                "name": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "pod": {
              "properties": {
                "name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "uid": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "replicaset": {
              "properties": {
                "name": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "statefulset": {
              "properties": {
                "name": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            }
          }
        },
        "labels": {
          "type": "object"
        },
        "log": {
          "properties": {
            "level": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "logger": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "origin": {
              "properties": {
                "file": {
                  "properties": {
                    "line": {
                      "type": "long"
                    },
                    "name": {
                      "type": "keyword",
                      "ignore_above": 1024
                    }
                  }
                },
                "function": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "original": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "syslog": {
              "properties": {
                "facility": {
                  "properties": {
                    "code": {
                      "type": "long"
                    },
                    "name": {
                      "type": "keyword",
                      "ignore_above": 1024
                    }
                  }
                },
                "priority": {
                  "type": "long"
                },
                "severity": {
                  "properties": {
                    "code": {
                      "type": "long"
                    },
                    "name": {
                      "type": "keyword",
                      "ignore_above": 1024
                    }
                  }
                }
              }
            }
          }
        },
        "message": {
          "type": "text",
          "norms": false
        },
        "monitor": {
          "properties": {
            "check_group": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "duration": {
              "properties": {
                "us": {
                  "type": "long"
                }
              }
            },
            "id": {
              "type": "keyword",
              "fields": {
                "text": {
                  "type": "text",
                  "norms": false,
                  "analyzer": "simple"
                }
              },
              "ignore_above": 1024
            },
            "ip": {
              "type": "ip"
            },
            "name": {
              "type": "keyword",
              "fields": {
                "text": {
                  "type": "text",
                  "norms": false,
                  "analyzer": "simple"
                }
              },
              "ignore_above": 1024
            },
            "status": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "timespan": {
              "type": "date_range"
            },
            "type": {
              "type": "keyword",
              "ignore_above": 1024
            }
          }
        },
        "network": {
          "properties": {
            "application": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "bytes": {
              "type": "long"
            },
            "community_id": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "direction": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "forwarded_ip": {
              "type": "ip"
            },
            "iana_number": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "inner": {
              "properties": {
                "vlan": {
                  "properties": {
                    "id": {
                      "type": "keyword",
                      "ignore_above": 1024
                    },
                    "name": {
                      "type": "keyword",
                      "ignore_above": 1024
                    }
                  }
                }
              }
            },
            "name": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "packets": {
              "type": "long"
            },
            "protocol": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "transport": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "type": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "vlan": {
              "properties": {
                "id": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "name": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            }
          }
        },
        "observer": {
          "properties": {
            "egress": {
              "properties": {
                "interface": {
                  "properties": {
                    "alias": {
                      "type": "keyword",
                      "ignore_above": 1024
                    },
                    "id": {
                      "type": "keyword",
                      "ignore_above": 1024
                    },
                    "name": {
                      "type": "keyword",
                      "ignore_above": 1024
                    }
                  }
                },
                "vlan": {
                  "properties": {
                    "id": {
                      "type": "keyword",
                      "ignore_above": 1024
                    },
                    "name": {
                      "type": "keyword",
                      "ignore_above": 1024
                    }
                  }
                },
                "zone": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "geo": {
              "properties": {
                "city_name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "continent_name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "country_iso_code": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "country_name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "location": {
                  "type": "geo_point"
                },
                "name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "region_iso_code": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "region_name": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "hostname": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "ingress": {
              "properties": {
                "interface": {
                  "properties": {
                    "alias": {
                      "type": "keyword",
                      "ignore_above": 1024
                    },
                    "id": {
                      "type": "keyword",
                      "ignore_above": 1024
                    },
                    "name": {
                      "type": "keyword",
                      "ignore_above": 1024
                    }
                  }
                },
                "vlan": {
                  "properties": {
                    "id": {
                      "type": "keyword",
                      "ignore_above": 1024
                    },
                    "name": {
                      "type": "keyword",
                      "ignore_above": 1024
                    }
                  }
                },
                "zone": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "ip": {
              "type": "ip"
            },
            "mac": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "name": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "os": {
              "properties": {
                "family": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "full": {
                  "type": "keyword",
                  "fields": {
                    "text": {
                      "type": "text",
                      "norms": false
                    }
                  },
                  "ignore_above": 1024
                },
                "kernel": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "name": {
                  "type": "keyword",
                  "fields": {
                    "text": {
                      "type": "text",
                      "norms": false
                    }
                  },
                  "ignore_above": 1024
                },
                "platform": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "version": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "product": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "serial_number": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "type": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "vendor": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "version": {
              "type": "keyword",
              "ignore_above": 1024
            }
          }
        },
        "organization": {
          "properties": {
            "id": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "name": {
              "type": "keyword",
              "fields": {
                "text": {
                  "type": "text",
                  "norms": false
                }
              },
              "ignore_above": 1024
            }
          }
        },
        "os": {
          "properties": {
            "family": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "full": {
              "type": "keyword",
              "fields": {
                "text": {
                  "type": "text",
                  "norms": false
                }
              },
              "ignore_above": 1024
            },
            "kernel": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "name": {
              "type": "keyword",
              "fields": {
                "text": {
                  "type": "text",
                  "norms": false
                }
              },
              "ignore_above": 1024
            },
            "platform": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "version": {
              "type": "keyword",
              "ignore_above": 1024
            }
          }
        },
        "package": {
          "properties": {
            "architecture": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "build_version": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "checksum": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "description": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "install_scope": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "installed": {
              "type": "date"
            },
            "license": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "name": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "path": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "reference": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "size": {
              "type": "long"
            },
            "type": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "version": {
              "type": "keyword",
              "ignore_above": 1024
            }
          }
        },
        "pe": {
          "properties": {
            "company": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "description": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "file_version": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "original_file_name": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "product": {
              "type": "keyword",
              "ignore_above": 1024
            }
          }
        },
        "process": {
          "properties": {
            "args": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "args_count": {
              "type": "long"
            },
            "code_signature": {
              "properties": {
                "exists": {
                  "type": "boolean"
                },
                "status": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "subject_name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "trusted": {
                  "type": "boolean"
                },
                "valid": {
                  "type": "boolean"
                }
              }
            },
            "command_line": {
              "type": "keyword",
              "fields": {
                "text": {
                  "type": "text",
                  "norms": false
                }
              },
              "ignore_above": 1024
            },
            "entity_id": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "executable": {
              "type": "keyword",
              "fields": {
                "text": {
                  "type": "text",
                  "norms": false
                }
              },
              "ignore_above": 1024
            },
            "exit_code": {
              "type": "long"
            },
            "hash": {
              "properties": {
                "md5": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "sha1": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "sha256": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "sha512": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "name": {
              "type": "keyword",
              "fields": {
                "text": {
                  "type": "text",
                  "norms": false
                }
              },
              "ignore_above": 1024
            },
            "parent": {
              "properties": {
                "args": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "args_count": {
                  "type": "long"
                },
                "code_signature": {
                  "properties": {
                    "exists": {
                      "type": "boolean"
                    },
                    "status": {
                      "type": "keyword",
                      "ignore_above": 1024
                    },
                    "subject_name": {
                      "type": "keyword",
                      "ignore_above": 1024
                    },
                    "trusted": {
                      "type": "boolean"
                    },
                    "valid": {
                      "type": "boolean"
                    }
                  }
                },
                "command_line": {
                  "type": "keyword",
                  "fields": {
                    "text": {
                      "type": "text",
                      "norms": false
                    }
                  },
                  "ignore_above": 1024
                },
                "entity_id": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "executable": {
                  "type": "keyword",
                  "fields": {
                    "text": {
                      "type": "text",
                      "norms": false
                    }
                  },
                  "ignore_above": 1024
                },
                "exit_code": {
                  "type": "long"
                },
                "hash": {
                  "properties": {
                    "md5": {
                      "type": "keyword",
                      "ignore_above": 1024
                    },
                    "sha1": {
                      "type": "keyword",
                      "ignore_above": 1024
                    },
                    "sha256": {
                      "type": "keyword",
                      "ignore_above": 1024
                    },
                    "sha512": {
                      "type": "keyword",
                      "ignore_above": 1024
                    }
                  }
                },
                "name": {
                  "type": "keyword",
                  "fields": {
                    "text": {
                      "type": "text",
                      "norms": false
                    }
                  },
                  "ignore_above": 1024
                },
                "pgid": {
                  "type": "long"
                },
                "pid": {
                  "type": "long"
                },
                "ppid": {
                  "type": "long"
                },
                "start": {
                  "type": "date"
                },
                "thread": {
                  "properties": {
                    "id": {
                      "type": "long"
                    },
                    "name": {
                      "type": "keyword",
                      "ignore_above": 1024
                    }
                  }
                },
                "title": {
                  "type": "keyword",
                  "fields": {
                    "text": {
                      "type": "text",
                      "norms": false
                    }
                  },
                  "ignore_above": 1024
                },
                "uptime": {
                  "type": "long"
                },
                "working_directory": {
                  "type": "keyword",
                  "fields": {
                    "text": {
                      "type": "text",
                      "norms": false
                    }
                  },
                  "ignore_above": 1024
                }
              }
            },
            "pe": {
              "properties": {
                "company": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "description": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "file_version": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "original_file_name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "product": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "pgid": {
              "type": "long"
            },
            "pid": {
              "type": "long"
            },
            "ppid": {
              "type": "long"
            },
            "start": {
              "type": "date"
            },
            "thread": {
              "properties": {
                "id": {
                  "type": "long"
                },
                "name": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "title": {
              "type": "keyword",
              "fields": {
                "text": {
                  "type": "text",
                  "norms": false
                }
              },
              "ignore_above": 1024
            },
            "uptime": {
              "type": "long"
            },
            "working_directory": {
              "type": "keyword",
              "fields": {
                "text": {
                  "type": "text",
                  "norms": false
                }
              },
              "ignore_above": 1024
            }
          }
        },
        "registry": {
          "properties": {
            "data": {
              "properties": {
                "bytes": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "strings": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "type": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "hive": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "key": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "path": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "value": {
              "type": "keyword",
              "ignore_above": 1024
            }
          }
        },
        "related": {
          "properties": {
            "hash": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "ip": {
              "type": "ip"
            },
            "user": {
              "type": "keyword",
              "ignore_above": 1024
            }
          }
        },
        "resolve": {
          "properties": {
            "ip": {
              "type": "ip"
            },
            "rtt": {
              "properties": {
                "us": {
                  "type": "long"
                }
              }
            }
          }
        },
        "rule": {
          "properties": {
            "author": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "category": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "description": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "id": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "license": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "name": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "reference": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "ruleset": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "uuid": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "version": {
              "type": "keyword",
              "ignore_above": 1024
            }
          }
        },
        "server": {
          "properties": {
            "address": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "as": {
              "properties": {
                "number": {
                  "type": "long"
                },
                "organization": {
                  "properties": {
                    "name": {
                      "type": "keyword",
                      "fields": {
                        "text": {
                          "type": "text",
                          "norms": false
                        }
                      },
                      "ignore_above": 1024
                    }
                  }
                }
              }
            },
            "bytes": {
              "type": "long"
            },
            "domain": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "geo": {
              "properties": {
                "city_name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "continent_name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "country_iso_code": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "country_name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "location": {
                  "type": "geo_point"
                },
                "name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "region_iso_code": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "region_name": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "ip": {
              "type": "ip"
            },
            "mac": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "nat": {
              "properties": {
                "ip": {
                  "type": "ip"
                },
                "port": {
                  "type": "long"
                }
              }
            },
            "packets": {
              "type": "long"
            },
            "port": {
              "type": "long"
            },
            "registered_domain": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "top_level_domain": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "user": {
              "properties": {
                "domain": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "email": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "full_name": {
                  "type": "keyword",
                  "fields": {
                    "text": {
                      "type": "text",
                      "norms": false
                    }
                  },
                  "ignore_above": 1024
                },
                "group": {
                  "properties": {
                    "domain": {
                      "type": "keyword",
                      "ignore_above": 1024
                    },
                    "id": {
                      "type": "keyword",
                      "ignore_above": 1024
                    },
                    "name": {
                      "type": "keyword",
                      "ignore_above": 1024
                    }
                  }
                },
                "hash": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "id": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "name": {
                  "type": "keyword",
                  "fields": {
                    "text": {
                      "type": "text",
                      "norms": false
                    }
                  },
                  "ignore_above": 1024
                }
              }
            }
          }
        },
        "service": {
          "properties": {
            "ephemeral_id": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "id": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "name": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "node": {
              "properties": {
                "name": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "state": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "type": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "version": {
              "type": "keyword",
              "ignore_above": 1024
            }
          }
        },
        "socks5": {
          "properties": {
            "rtt": {
              "properties": {
                "connect": {
                  "properties": {
                    "us": {
                      "type": "long"
                    }
                  }
                }
              }
            }
          }
        },
        "source": {
          "properties": {
            "address": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "as": {
              "properties": {
                "number": {
                  "type": "long"
                },
                "organization": {
                  "properties": {
                    "name": {
                      "type": "keyword",
                      "fields": {
                        "text": {
                          "type": "text",
                          "norms": false
                        }
                      },
                      "ignore_above": 1024
                    }
                  }
                }
              }
            },
            "bytes": {
              "type": "long"
            },
            "domain": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "geo": {
              "properties": {
                "city_name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "continent_name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "country_iso_code": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "country_name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "location": {
                  "type": "geo_point"
                },
                "name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "region_iso_code": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "region_name": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "ip": {
              "type": "ip"
            },
            "mac": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "nat": {
              "properties": {
                "ip": {
                  "type": "ip"
                },
                "port": {
                  "type": "long"
                }
              }
            },
            "packets": {
              "type": "long"
            },
            "port": {
              "type": "long"
            },
            "registered_domain": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "top_level_domain": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "user": {
              "properties": {
                "domain": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "email": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "full_name": {
                  "type": "keyword",
                  "fields": {
                    "text": {
                      "type": "text",
                      "norms": false
                    }
                  },
                  "ignore_above": 1024
                },
                "group": {
                  "properties": {
                    "domain": {
                      "type": "keyword",
                      "ignore_above": 1024
                    },
                    "id": {
                      "type": "keyword",
                      "ignore_above": 1024
                    },
                    "name": {
                      "type": "keyword",
                      "ignore_above": 1024
                    }
                  }
                },
                "hash": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "id": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "name": {
                  "type": "keyword",
                  "fields": {
                    "text": {
                      "type": "text",
                      "norms": false
                    }
                  },
                  "ignore_above": 1024
                }
              }
            }
          }
        },
        "summary": {
          "properties": {
            "down": {
              "type": "long"
            },
            "up": {
              "type": "long"
            }
          }
        },
        "tags": {
          "type": "keyword",
          "ignore_above": 1024
        },
        "tcp": {
          "properties": {
            "rtt": {
              "properties": {
                "connect": {
                  "properties": {
                    "us": {
                      "type": "long"
                    }
                  }
                },
                "validate": {
                  "properties": {
                    "us": {
                      "type": "long"
                    }
                  }
                }
              }
            }
          }
        },
        "threat": {
          "properties": {
            "framework": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "tactic": {
              "properties": {
                "id": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "reference": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "technique": {
              "properties": {
                "id": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "name": {
                  "type": "keyword",
                  "fields": {
                    "text": {
                      "type": "text",
                      "norms": false
                    }
                  },
                  "ignore_above": 1024
                },
                "reference": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            }
          }
        },
        "timeseries": {
          "properties": {
            "instance": {
              "type": "keyword",
              "ignore_above": 1024
            }
          }
        },
        "tls": {
          "properties": {
            "certificate_not_valid_after": {
              "type": "date"
            },
            "certificate_not_valid_before": {
              "type": "date"
            },
            "cipher": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "client": {
              "properties": {
                "certificate": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "certificate_chain": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "hash": {
                  "properties": {
                    "md5": {
                      "type": "keyword",
                      "ignore_above": 1024
                    },
                    "sha1": {
                      "type": "keyword",
                      "ignore_above": 1024
                    },
                    "sha256": {
                      "type": "keyword",
                      "ignore_above": 1024
                    }
                  }
                },
                "issuer": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "ja3": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "not_after": {
                  "type": "date"
                },
                "not_before": {
                  "type": "date"
                },
                "server_name": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "subject": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "supported_ciphers": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "curve": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "established": {
              "type": "boolean"
            },
            "next_protocol": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "resumed": {
              "type": "boolean"
            },
            "rtt": {
              "properties": {
                "handshake": {
                  "properties": {
                    "us": {
                      "type": "long"
                    }
                  }
                }
              }
            },
            "server": {
              "properties": {
                "certificate": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "certificate_chain": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "hash": {
                  "properties": {
                    "md5": {
                      "type": "keyword",
                      "ignore_above": 1024
                    },
                    "sha1": {
                      "type": "keyword",
                      "ignore_above": 1024
                    },
                    "sha256": {
                      "type": "keyword",
                      "ignore_above": 1024
                    }
                  }
                },
                "issuer": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "ja3s": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "not_after": {
                  "type": "date"
                },
                "not_before": {
                  "type": "date"
                },
                "subject": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "x509": {
                  "properties": {
                    "alternative_names": {
                      "type": "keyword",
                      "ignore_above": 1024
                    },
                    "issuer": {
                      "properties": {
                        "common_name": {
                          "type": "keyword",
                          "fields": {
                            "text": {
                              "type": "text",
                              "norms": false,
                              "analyzer": "simple"
                            }
                          },
                          "ignore_above": 1024
                        },
                        "distinguished_name": {
                          "type": "keyword",
                          "ignore_above": 1024
                        }
                      }
                    },
                    "not_after": {
                      "type": "date"
                    },
                    "not_before": {
                      "type": "date"
                    },
                    "public_key_algorithm": {
                      "type": "keyword",
                      "ignore_above": 1024
                    },
                    "public_key_curve": {
                      "type": "keyword",
                      "ignore_above": 1024
                    },
                    "public_key_exponent": {
                      "type": "long"
                    },
                    "public_key_size": {
                      "type": "long"
                    },
                    "serial_number": {
                      "type": "keyword",
                      "ignore_above": 1024
                    },
                    "signature_algorithm": {
                      "type": "keyword",
                      "ignore_above": 1024
                    },
                    "subject": {
                      "properties": {
                        "common_name": {
                          "type": "keyword",
                          "fields": {
                            "text": {
                              "type": "text",
                              "norms": false,
                              "analyzer": "simple"
                            }
                          },
                          "ignore_above": 1024
                        },
                        "distinguished_name": {
                          "type": "keyword",
                          "ignore_above": 1024
                        }
                      }
                    },
                    "version_number": {
                      "type": "keyword",
                      "ignore_above": 1024
                    }
                  }
                }
              }
            },
            "version": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "version_protocol": {
              "type": "keyword",
              "ignore_above": 1024
            }
          }
        },
        "tracing": {
          "properties": {
            "trace": {
              "properties": {
                "id": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "transaction": {
              "properties": {
                "id": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            }
          }
        },
        "url": {
          "properties": {
            "domain": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "extension": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "fragment": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "full": {
              "type": "keyword",
              "fields": {
                "text": {
                  "type": "text",
                  "norms": false
                }
              },
              "ignore_above": 1024
            },
            "original": {
              "type": "keyword",
              "fields": {
                "text": {
                  "type": "text",
                  "norms": false
                }
              },
              "ignore_above": 1024
            },
            "password": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "path": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "port": {
              "type": "long"
            },
            "query": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "registered_domain": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "scheme": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "top_level_domain": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "username": {
              "type": "keyword",
              "ignore_above": 1024
            }
          }
        },
        "user": {
          "properties": {
            "domain": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "email": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "full_name": {
              "type": "keyword",
              "fields": {
                "text": {
                  "type": "text",
                  "norms": false
                }
              },
              "ignore_above": 1024
            },
            "group": {
              "properties": {
                "domain": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "id": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "name": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "hash": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "id": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "name": {
              "type": "keyword",
              "fields": {
                "text": {
                  "type": "text",
                  "norms": false
                }
              },
              "ignore_above": 1024
            }
          }
        },
        "user_agent": {
          "properties": {
            "device": {
              "properties": {
                "name": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "name": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "original": {
              "type": "keyword",
              "fields": {
                "text": {
                  "type": "text",
                  "norms": false
                }
              },
              "ignore_above": 1024
            },
            "os": {
              "properties": {
                "family": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "full": {
                  "type": "keyword",
                  "fields": {
                    "text": {
                      "type": "text",
                      "norms": false
                    }
                  },
                  "ignore_above": 1024
                },
                "kernel": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "name": {
                  "type": "keyword",
                  "fields": {
                    "text": {
                      "type": "text",
                      "norms": false
                    }
                  },
                  "ignore_above": 1024
                },
                "platform": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "version": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "version": {
              "type": "keyword",
              "ignore_above": 1024
            }
          }
        },
        "vlan": {
          "properties": {
            "id": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "name": {
              "type": "keyword",
              "ignore_above": 1024
            }
          }
        },
        "vulnerability": {
          "properties": {
            "category": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "classification": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "description": {
              "type": "keyword",
              "fields": {
                "text": {
                  "type": "text",
                  "norms": false
                }
              },
              "ignore_above": 1024
            },
            "enumeration": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "id": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "reference": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "report_id": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "scanner": {
              "properties": {
                "vendor": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "score": {
              "properties": {
                "base": {
                  "type": "float"
                },
                "environmental": {
                  "type": "float"
                },
                "temporal": {
                  "type": "float"
                },
                "version": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "severity": {
              "type": "keyword",
              "ignore_above": 1024
            }
          }
        }
      }
    },
    "settings": {
      "index": {
        "mapping": {
          "total_fields": {
            "limit": "10000"
          }
        },
        "number_of_replicas": "1",
        "number_of_shards": "1",
        "query": {
          "default_field": [
            "message",
            "tags",
            "agent.ephemeral_id",
            "agent.id",
            "agent.name",
            "agent.type",
            "agent.version",
            "as.organization.name",
            "client.address",
            "client.as.organization.name",
            "client.domain",
            "client.geo.city_name",
            "client.geo.continent_name",
            "client.geo.country_iso_code",
            "client.geo.country_name",
            "client.geo.name",
            "client.geo.region_iso_code",
            "client.geo.region_name",
            "client.mac",
            "client.user.domain",
            "client.user.email",
            "client.user.full_name",
            "client.user.group.id",
            "client.user.group.name",
            "client.user.hash",
            "client.user.id",
            "client.user.name",
            "cloud.account.id",
            "cloud.availability_zone",
            "cloud.instance.id",
            "cloud.instance.name",
            "cloud.machine.type",
            "cloud.provider",
            "cloud.region",
            "container.id",
            "container.image.name",
            "container.image.tag",
            "container.name",
            "container.runtime",
            "destination.address",
            "destination.as.organization.name",
            "destination.domain",
            "destination.geo.city_name",
            "destination.geo.continent_name",
            "destination.geo.country_iso_code",
            "destination.geo.country_name",
            "destination.geo.name",
            "destination.geo.region_iso_code",
            "destination.geo.region_name",
            "destination.mac",
            "destination.user.domain",
            "destination.user.email",
            "destination.user.full_name",
            "destination.user.group.id",
            "destination.user.group.name",
            "destination.user.hash",
            "destination.user.id",
            "destination.user.name",
            "dns.answers.class",
            "dns.answers.data",
            "dns.answers.name",
            "dns.answers.type",
            "dns.header_flags",
            "dns.id",
            "dns.op_code",
            "dns.question.class",
            "dns.question.name",
            "dns.question.registered_domain",
            "dns.question.type",
            "dns.response_code",
            "dns.type",
            "ecs.version",
            "error.code",
            "error.id",
            "error.message",
            "event.action",
            "event.category",
            "event.code",
            "event.dataset",
            "event.hash",
            "event.id",
            "event.kind",
            "event.module",
            "event.original",
            "event.outcome",
            "event.provider",
            "event.timezone",
            "event.type",
            "file.device",
            "file.directory",
            "file.extension",
            "file.gid",
            "file.group",
            "file.hash.md5",
            "file.hash.sha1",
            "file.hash.sha256",
            "file.hash.sha512",
            "file.inode",
            "file.mode",
            "file.name",
            "file.owner",
            "file.path",
            "file.target_path",
            "file.type",
            "file.uid",
            "geo.city_name",
            "geo.continent_name",
            "geo.country_iso_code",
            "geo.country_name",
            "geo.name",
            "geo.region_iso_code",
            "geo.region_name",
            "group.id",
            "group.name",
            "hash.md5",
            "hash.sha1",
            "hash.sha256",
            "hash.sha512",
            "host.architecture",
            "host.geo.city_name",
            "host.geo.continent_name",
            "host.geo.country_iso_code",
            "host.geo.country_name",
            "host.geo.name",
            "host.geo.region_iso_code",
            "host.geo.region_name",
            "host.hostname",
            "host.id",
            "host.mac",
            "host.name",
            "host.os.family",
            "host.os.full",
            "host.os.kernel",
            "host.os.name",
            "host.os.platform",
            "host.os.version",
            "host.type",
            "host.user.domain",
            "host.user.email",
            "host.user.full_name",
            "host.user.group.id",
            "host.user.group.name",
            "host.user.hash",
            "host.user.id",
            "host.user.name",
            "http.request.body.content",
            "http.request.method",
            "http.request.referrer",
            "http.response.body.content",
            "http.version",
            "log.level",
            "log.logger",
            "log.original",
            "network.application",
            "network.community_id",
            "network.direction",
            "network.iana_number",
            "network.name",
            "network.protocol",
            "network.transport",
            "network.type",
            "observer.geo.city_name",
            "observer.geo.continent_name",
            "observer.geo.country_iso_code",
            "observer.geo.country_name",
            "observer.geo.name",
            "observer.geo.region_iso_code",
            "observer.geo.region_name",
            "observer.hostname",
            "observer.mac",
            "observer.os.family",
            "observer.os.full",
            "observer.os.kernel",
            "observer.os.name",
            "observer.os.platform",
            "observer.os.version",
            "observer.serial_number",
            "observer.type",
            "observer.vendor",
            "observer.version",
            "organization.id",
            "organization.name",
            "os.family",
            "os.full",
            "os.kernel",
            "os.name",
            "os.platform",
            "os.version",
            "process.args",
            "process.executable",
            "process.hash.md5",
            "process.hash.sha1",
            "process.hash.sha256",
            "process.hash.sha512",
            "process.name",
            "process.thread.name",
            "process.title",
            "process.working_directory",
            "server.address",
            "server.as.organization.name",
            "server.domain",
            "server.geo.city_name",
            "server.geo.continent_name",
            "server.geo.country_iso_code",
            "server.geo.country_name",
            "server.geo.name",
            "server.geo.region_iso_code",
            "server.geo.region_name",
            "server.mac",
            "server.user.domain",
            "server.user.email",
            "server.user.full_name",
            "server.user.group.id",
            "server.user.group.name",
            "server.user.hash",
            "server.user.id",
            "server.user.name",
            "service.ephemeral_id",
            "service.id",
            "service.name",
            "service.state",
            "service.type",
            "service.version",
            "source.address",
            "source.as.organization.name",
            "source.domain",
            "source.geo.city_name",
            "source.geo.continent_name",
            "source.geo.country_iso_code",
            "source.geo.country_name",
            "source.geo.name",
            "source.geo.region_iso_code",
            "source.geo.region_name",
            "source.mac",
            "source.user.domain",
            "source.user.email",
            "source.user.full_name",
            "source.user.group.id",
            "source.user.group.name",
            "source.user.hash",
            "source.user.id",
            "source.user.name",
            "tracing.trace.id",
            "tracing.transaction.id",
            "url.domain",
            "url.fragment",
            "url.full",
            "url.original",
            "url.password",
            "url.path",
            "url.query",
            "url.scheme",
            "url.username",
            "user.domain",
            "user.email",
            "user.full_name",
            "user.group.id",
            "user.group.name",
            "user.hash",
            "user.id",
            "user.name",
            "user_agent.device.name",
            "user_agent.name",
            "user_agent.original",
            "user_agent.os.family",
            "user_agent.os.full",
            "user_agent.os.kernel",
            "user_agent.os.name",
            "user_agent.os.platform",
            "user_agent.os.version",
            "user_agent.version",
            "agent.hostname",
            "error.type",
            "timeseries.instance",
            "cloud.project.id",
            "cloud.image.id",
            "host.os.build",
            "host.os.codename",
            "kubernetes.pod.name",
            "kubernetes.pod.uid",
            "kubernetes.namespace",
            "kubernetes.node.name",
            "kubernetes.replicaset.name",
            "kubernetes.deployment.name",
            "kubernetes.statefulset.name",
            "kubernetes.container.name",
            "kubernetes.container.image",
            "jolokia.agent.version",
            "jolokia.agent.id",
            "jolokia.server.product",
            "jolokia.server.version",
            "jolokia.server.vendor",
            "jolokia.url",
            "monitor.type",
            "monitor.name",
            "monitor.id",
            "monitor.status",
            "monitor.check_group",
            "http.response.body.hash",
            "fields.*"
          ]
        },
        "refresh_interval": "5s"
      }
    }
  }
}