Squid demo index for HCP Hortonworks

1. PUT squid
2. {
3. "template": "squid_index*",
4. "settings": {},
5. "mappings": {
6. "squid_doc": {
7. "dynamic_templates": [
8. {
9. "geo_location_point": {
10. "match": "enrichments:geo:*:location_point",
11. "match_mapping_type": "*",
12. "mapping": {
13. "type": "geo_point"
14. }
15. }
16. },
17. {
18. "geo_country": {
19. "match": "enrichments:geo:*:country",
20. "match_mapping_type": "*",
21. "mapping": {
22. "type": "keyword"
23. }
24. }
25. },
26. {
27. "geo_city": {
28. "match": "enrichments:geo:*:city",
29. "match_mapping_type": "*",
30. "mapping": {
31. "type": "keyword"
32. }
33. }
34. },
35. {
36. "geo_location_id": {
37. "match": "enrichments:geo:*:locID",
38. "match_mapping_type": "*",
39. "mapping": {
40. "type": "keyword"
41. }
42. }
43. },
44. {
45. "geo_dma_code": {
46. "match": "enrichments:geo:*:dmaCode",
47. "match_mapping_type": "*",
48. "mapping": {
49. "type": "keyword"
50. }
51. }
52. },
53. {
54. "geo_postal_code": {
55. "match": "enrichments:geo:*:postalCode",
56. "match_mapping_type": "*",
57. "mapping": {
58. "type": "keyword"
59. }
60. }
61. },
62. {
63. "geo_latitude": {
64. "match": "enrichments:geo:*:latitude",
65. "match_mapping_type": "*",
66. "mapping": {
67. "type": "float"
68. }
69. }
70. },
71. {
72. "geo_longitude": {
73. "match": "enrichments:geo:*:longitude",
74. "match_mapping_type": "*",
75. "mapping": {
76. "type": "float"
77. }
78. }
79. },
80. {
81. "timestamps": {
82. "match": "*:ts",
83. "match_mapping_type": "*",
84. "mapping": {
85. "type": "date",
86. "format": "epoch_millis"
87. }
88. }
89. },
90. {
91. "threat_triage_score": {
92. "mapping": {
93. "type": "float"
94. },
95. "match": "threat:triage:*score",
96. "match_mapping_type": "*"
97. }
98. },
99. {
100. "threat_triage_reason": {
101. "mapping": {
102. "type": "text",
103. "fielddata": "true"
104. },
105. "match": "threat:triage:rules:*:reason",
106. "match_mapping_type": "*"
107. }
108. }
109. ],
110. "properties": {
111. "action": {
112. "type": "keyword"
113. },
114. "bytes": {
115. "type": "long"
116. },
117. "code": {
118. "type": "long"
119. },
120. "domain_without_subdomains": {
121. "type": "keyword"
122. },
123. "elapsed": {
124. "type": "long"
125. },
126. "full_hostname": {
127. "type": "keyword"
128. },
129. "guid": {
130. "type": "keyword"
131. },
132. "ip_dst_addr": {
133. "type": "ip"
134. },
135. "ip_src_addr": {
136. "type": "ip"
137. },
138. "is_alert": {
139. "type": "keyword"
140. },
141. "is_potential_typosquat": {
142. "type": "boolean"
143. },
144. "method": {
145. "type": "keyword"
146. },
147. "original_text": {
148. "type": "text"
149. },
150. "source:type": {
151. "type": "keyword"
152. },
153. "timestamp": {
154. "type": "date",
155. "format": "epoch_millis"
156. },
157. "url": {
158. "type": "keyword"
159. },
160. "alert": {
161. "type": "nested"
162. }
163. }
164. }
165. }
166. }