API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 6th, 2020
211
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 77.75 KB | None | 0 0
raw download clone embed print report
  1. {
  2. "index_patterns": [
  3. "winlogbeat-7.5.1-*"
  4. ],
  5. "mappings": {
  6. "_meta": {
  7. "beat": "winlogbeat",
  8. "version": "7.5.1"
  9. },
  10. "date_detection": false,
  11. "dynamic_templates": [
  12. {
  13. "labels": {
  14. "mapping": {
  15. "type": "keyword"
  16. },
  17. "match_mapping_type": "string",
  18. "path_match": "labels.*"
  19. }
  20. },
  21. {
  22. "container.labels": {
  23. "mapping": {
  24. "type": "keyword"
  25. },
  26. "match_mapping_type": "string",
  27. "path_match": "container.labels.*"
  28. }
  29. },
  30. {
  31. "dns.answers": {
  32. "mapping": {
  33. "type": "keyword"
  34. },
  35. "match_mapping_type": "string",
  36. "path_match": "dns.answers.*"
  37. }
  38. },
  39. {
  40. "fields": {
  41. "mapping": {
  42. "type": "keyword"
  43. },
  44. "match_mapping_type": "string",
  45. "path_match": "fields.*"
  46. }
  47. },
  48. {
  49. "docker.container.labels": {
  50. "mapping": {
  51. "type": "keyword"
  52. },
  53. "match_mapping_type": "string",
  54. "path_match": "docker.container.labels.*"
  55. }
  56. },
  57. {
  58. "kubernetes.labels.*": {
  59. "mapping": {
  60. "type": "keyword"
  61. },
  62. "match_mapping_type": "*",
  63. "path_match": "kubernetes.labels.*"
  64. }
  65. },
  66. {
  67. "kubernetes.annotations.*": {
  68. "mapping": {
  69. "type": "keyword"
  70. },
  71. "match_mapping_type": "*",
  72. "path_match": "kubernetes.annotations.*"
  73. }
  74. },
  75. {
  76. "winlog.event_data": {
  77. "mapping": {
  78. "type": "keyword"
  79. },
  80. "match_mapping_type": "string",
  81. "path_match": "winlog.event_data.*"
  82. }
  83. },
  84. {
  85. "winlog.user_data": {
  86. "mapping": {
  87. "type": "keyword"
  88. },
  89. "match_mapping_type": "string",
  90. "path_match": "winlog.user_data.*"
  91. }
  92. },
  93. {
  94. "strings_as_keyword": {
  95. "mapping": {
  96. "ignore_above": 1024,
  97. "type": "keyword"
  98. },
  99. "match_mapping_type": "string"
  100. }
  101. }
  102. ],
  103. "properties": {
  104. "@timestamp": {
  105. "type": "date"
  106. },
  107. "agent": {
  108. "properties": {
  109. "ephemeral_id": {
  110. "ignore_above": 1024,
  111. "type": "keyword"
  112. },
  113. "hostname": {
  114. "ignore_above": 1024,
  115. "type": "keyword"
  116. },
  117. "id": {
  118. "ignore_above": 1024,
  119. "type": "keyword"
  120. },
  121. "name": {
  122. "ignore_above": 1024,
  123. "type": "keyword"
  124. },
  125. "type": {
  126. "ignore_above": 1024,
  127. "type": "keyword"
  128. },
  129. "version": {
  130. "ignore_above": 1024,
  131. "type": "keyword"
  132. }
  133. }
  134. },
  135. "as": {
  136. "properties": {
  137. "number": {
  138. "type": "long"
  139. },
  140. "organization": {
  141. "properties": {
  142. "name": {
  143. "ignore_above": 1024,
  144. "type": "keyword"
  145. }
  146. }
  147. }
  148. }
  149. },
  150. "client": {
  151. "properties": {
  152. "address": {
  153. "ignore_above": 1024,
  154. "type": "keyword"
  155. },
  156. "as": {
  157. "properties": {
  158. "number": {
  159. "type": "long"
  160. },
  161. "organization": {
  162. "properties": {
  163. "name": {
  164. "ignore_above": 1024,
  165. "type": "keyword"
  166. }
  167. }
  168. }
  169. }
  170. },
  171. "bytes": {
  172. "type": "long"
  173. },
  174. "domain": {
  175. "ignore_above": 1024,
  176. "type": "keyword"
  177. },
  178. "geo": {
  179. "properties": {
  180. "city_name": {
  181. "ignore_above": 1024,
  182. "type": "keyword"
  183. },
  184. "continent_name": {
  185. "ignore_above": 1024,
  186. "type": "keyword"
  187. },
  188. "country_iso_code": {
  189. "ignore_above": 1024,
  190. "type": "keyword"
  191. },
  192. "country_name": {
  193. "ignore_above": 1024,
  194. "type": "keyword"
  195. },
  196. "location": {
  197. "type": "geo_point"
  198. },
  199. "name": {
  200. "ignore_above": 1024,
  201. "type": "keyword"
  202. },
  203. "region_iso_code": {
  204. "ignore_above": 1024,
  205. "type": "keyword"
  206. },
  207. "region_name": {
  208. "ignore_above": 1024,
  209. "type": "keyword"
  210. }
  211. }
  212. },
  213. "ip": {
  214. "type": "ip"
  215. },
  216. "mac": {
  217. "ignore_above": 1024,
  218. "type": "keyword"
  219. },
  220. "nat": {
  221. "properties": {
  222. "ip": {
  223. "type": "ip"
  224. },
  225. "port": {
  226. "type": "long"
  227. }
  228. }
  229. },
  230. "packets": {
  231. "type": "long"
  232. },
  233. "port": {
  234. "type": "long"
  235. },
  236. "user": {
  237. "properties": {
  238. "domain": {
  239. "ignore_above": 1024,
  240. "type": "keyword"
  241. },
  242. "email": {
  243. "ignore_above": 1024,
  244. "type": "keyword"
  245. },
  246. "full_name": {
  247. "ignore_above": 1024,
  248. "type": "keyword"
  249. },
  250. "group": {
  251. "properties": {
  252. "id": {
  253. "ignore_above": 1024,
  254. "type": "keyword"
  255. },
  256. "name": {
  257. "ignore_above": 1024,
  258. "type": "keyword"
  259. }
  260. }
  261. },
  262. "hash": {
  263. "ignore_above": 1024,
  264. "type": "keyword"
  265. },
  266. "id": {
  267. "ignore_above": 1024,
  268. "type": "keyword"
  269. },
  270. "name": {
  271. "ignore_above": 1024,
  272. "type": "keyword"
  273. }
  274. }
  275. }
  276. }
  277. },
  278. "cloud": {
  279. "properties": {
  280. "account": {
  281. "properties": {
  282. "id": {
  283. "ignore_above": 1024,
  284. "type": "keyword"
  285. }
  286. }
  287. },
  288. "availability_zone": {
  289. "ignore_above": 1024,
  290. "type": "keyword"
  291. },
  292. "image": {
  293. "properties": {
  294. "id": {
  295. "ignore_above": 1024,
  296. "type": "keyword"
  297. }
  298. }
  299. },
  300. "instance": {
  301. "properties": {
  302. "id": {
  303. "ignore_above": 1024,
  304. "type": "keyword"
  305. },
  306. "name": {
  307. "ignore_above": 1024,
  308. "type": "keyword"
  309. }
  310. }
  311. },
  312. "machine": {
  313. "properties": {
  314. "type": {
  315. "ignore_above": 1024,
  316. "type": "keyword"
  317. }
  318. }
  319. },
  320. "project": {
  321. "properties": {
  322. "id": {
  323. "ignore_above": 1024,
  324. "type": "keyword"
  325. }
  326. }
  327. },
  328. "provider": {
  329. "ignore_above": 1024,
  330. "type": "keyword"
  331. },
  332. "region": {
  333. "ignore_above": 1024,
  334. "type": "keyword"
  335. }
  336. }
  337. },
  338. "container": {
  339. "properties": {
  340. "id": {
  341. "ignore_above": 1024,
  342. "type": "keyword"
  343. },
  344. "image": {
  345. "properties": {
  346. "name": {
  347. "ignore_above": 1024,
  348. "type": "keyword"
  349. },
  350. "tag": {
  351. "ignore_above": 1024,
  352. "type": "keyword"
  353. }
  354. }
  355. },
  356. "labels": {
  357. "type": "object"
  358. },
  359. "name": {
  360. "ignore_above": 1024,
  361. "type": "keyword"
  362. },
  363. "runtime": {
  364. "ignore_above": 1024,
  365. "type": "keyword"
  366. }
  367. }
  368. },
  369. "destination": {
  370. "properties": {
  371. "address": {
  372. "ignore_above": 1024,
  373. "type": "keyword"
  374. },
  375. "as": {
  376. "properties": {
  377. "number": {
  378. "type": "long"
  379. },
  380. "organization": {
  381. "properties": {
  382. "name": {
  383. "ignore_above": 1024,
  384. "type": "keyword"
  385. }
  386. }
  387. }
  388. }
  389. },
  390. "bytes": {
  391. "type": "long"
  392. },
  393. "domain": {
  394. "ignore_above": 1024,
  395. "type": "keyword"
  396. },
  397. "geo": {
  398. "properties": {
  399. "city_name": {
  400. "ignore_above": 1024,
  401. "type": "keyword"
  402. },
  403. "continent_name": {
  404. "ignore_above": 1024,
  405. "type": "keyword"
  406. },
  407. "country_iso_code": {
  408. "ignore_above": 1024,
  409. "type": "keyword"
  410. },
  411. "country_name": {
  412. "ignore_above": 1024,
  413. "type": "keyword"
  414. },
  415. "location": {
  416. "type": "geo_point"
  417. },
  418. "name": {
  419. "ignore_above": 1024,
  420. "type": "keyword"
  421. },
  422. "region_iso_code": {
  423. "ignore_above": 1024,
  424. "type": "keyword"
  425. },
  426. "region_name": {
  427. "ignore_above": 1024,
  428. "type": "keyword"
  429. }
  430. }
  431. },
  432. "ip": {
  433. "type": "ip"
  434. },
  435. "mac": {
  436. "ignore_above": 1024,
  437. "type": "keyword"
  438. },
  439. "nat": {
  440. "properties": {
  441. "ip": {
  442. "type": "ip"
  443. },
  444. "port": {
  445. "type": "long"
  446. }
  447. }
  448. },
  449. "packets": {
  450. "type": "long"
  451. },
  452. "port": {
  453. "type": "long"
  454. },
  455. "user": {
  456. "properties": {
  457. "domain": {
  458. "ignore_above": 1024,
  459. "type": "keyword"
  460. },
  461. "email": {
  462. "ignore_above": 1024,
  463. "type": "keyword"
  464. },
  465. "full_name": {
  466. "ignore_above": 1024,
  467. "type": "keyword"
  468. },
  469. "group": {
  470. "properties": {
  471. "id": {
  472. "ignore_above": 1024,
  473. "type": "keyword"
  474. },
  475. "name": {
  476. "ignore_above": 1024,
  477. "type": "keyword"
  478. }
  479. }
  480. },
  481. "hash": {
  482. "ignore_above": 1024,
  483. "type": "keyword"
  484. },
  485. "id": {
  486. "ignore_above": 1024,
  487. "type": "keyword"
  488. },
  489. "name": {
  490. "ignore_above": 1024,
  491. "type": "keyword"
  492. }
  493. }
  494. }
  495. }
  496. },
  497. "dns": {
  498. "properties": {
  499. "answers": {
  500. "properties": {
  501. "class": {
  502. "ignore_above": 1024,
  503. "type": "keyword"
  504. },
  505. "data": {
  506. "ignore_above": 1024,
  507. "type": "keyword"
  508. },
  509. "name": {
  510. "ignore_above": 1024,
  511. "type": "keyword"
  512. },
  513. "ttl": {
  514. "type": "long"
  515. },
  516. "type": {
  517. "ignore_above": 1024,
  518. "type": "keyword"
  519. }
  520. },
  521. "type": "object"
  522. },
  523. "header_flags": {
  524. "ignore_above": 1024,
  525. "type": "keyword"
  526. },
  527. "id": {
  528. "ignore_above": 1024,
  529. "type": "keyword"
  530. },
  531. "op_code": {
  532. "ignore_above": 1024,
  533. "type": "keyword"
  534. },
  535. "question": {
  536. "properties": {
  537. "class": {
  538. "ignore_above": 1024,
  539. "type": "keyword"
  540. },
  541. "name": {
  542. "ignore_above": 1024,
  543. "type": "keyword"
  544. },
  545. "registered_domain": {
  546. "ignore_above": 1024,
  547. "type": "keyword"
  548. },
  549. "type": {
  550. "ignore_above": 1024,
  551. "type": "keyword"
  552. }
  553. }
  554. },
  555. "resolved_ip": {
  556. "type": "ip"
  557. },
  558. "response_code": {
  559. "ignore_above": 1024,
  560. "type": "keyword"
  561. },
  562. "type": {
  563. "ignore_above": 1024,
  564. "type": "keyword"
  565. }
  566. }
  567. },
  568. "docker": {
  569. "properties": {
  570. "container": {
  571. "properties": {
  572. "labels": {
  573. "type": "object"
  574. }
  575. }
  576. }
  577. }
  578. },
  579. "ecs": {
  580. "properties": {
  581. "version": {
  582. "ignore_above": 1024,
  583. "type": "keyword"
  584. }
  585. }
  586. },
  587. "error": {
  588. "properties": {
  589. "code": {
  590. "ignore_above": 1024,
  591. "type": "keyword"
  592. },
  593. "id": {
  594. "ignore_above": 1024,
  595. "type": "keyword"
  596. },
  597. "message": {
  598. "norms": false,
  599. "type": "text"
  600. },
  601. "type": {
  602. "ignore_above": 1024,
  603. "type": "keyword"
  604. }
  605. }
  606. },
  607. "event": {
  608. "properties": {
  609. "action": {
  610. "ignore_above": 1024,
  611. "type": "keyword"
  612. },
  613. "category": {
  614. "ignore_above": 1024,
  615. "type": "keyword"
  616. },
  617. "code": {
  618. "ignore_above": 1024,
  619. "type": "keyword"
  620. },
  621. "created": {
  622. "type": "date"
  623. },
  624. "dataset": {
  625. "ignore_above": 1024,
  626. "type": "keyword"
  627. },
  628. "duration": {
  629. "type": "long"
  630. },
  631. "end": {
  632. "type": "date"
  633. },
  634. "hash": {
  635. "ignore_above": 1024,
  636. "type": "keyword"
  637. },
  638. "id": {
  639. "ignore_above": 1024,
  640. "type": "keyword"
  641. },
  642. "kind": {
  643. "ignore_above": 1024,
  644. "type": "keyword"
  645. },
  646. "module": {
  647. "ignore_above": 1024,
  648. "type": "keyword"
  649. },
  650. "original": {
  651. "ignore_above": 1024,
  652. "type": "keyword"
  653. },
  654. "outcome": {
  655. "ignore_above": 1024,
  656. "type": "keyword"
  657. },
  658. "provider": {
  659. "ignore_above": 1024,
  660. "type": "keyword"
  661. },
  662. "risk_score": {
  663. "type": "float"
  664. },
  665. "risk_score_norm": {
  666. "type": "float"
  667. },
  668. "sequence": {
  669. "type": "long"
  670. },
  671. "severity": {
  672. "type": "long"
  673. },
  674. "start": {
  675. "type": "date"
  676. },
  677. "timezone": {
  678. "ignore_above": 1024,
  679. "type": "keyword"
  680. },
  681. "type": {
  682. "ignore_above": 1024,
  683. "type": "keyword"
  684. }
  685. }
  686. },
  687. "fields": {
  688. "type": "object"
  689. },
  690. "file": {
  691. "properties": {
  692. "accessed": {
  693. "type": "date"
  694. },
  695. "created": {
  696. "type": "date"
  697. },
  698. "ctime": {
  699. "type": "date"
  700. },
  701. "device": {
  702. "ignore_above": 1024,
  703. "type": "keyword"
  704. },
  705. "directory": {
  706. "ignore_above": 1024,
  707. "type": "keyword"
  708. },
  709. "extension": {
  710. "ignore_above": 1024,
  711. "type": "keyword"
  712. },
  713. "gid": {
  714. "ignore_above": 1024,
  715. "type": "keyword"
  716. },
  717. "group": {
  718. "ignore_above": 1024,
  719. "type": "keyword"
  720. },
  721. "hash": {
  722. "properties": {
  723. "md5": {
  724. "ignore_above": 1024,
  725. "type": "keyword"
  726. },
  727. "sha1": {
  728. "ignore_above": 1024,
  729. "type": "keyword"
  730. },
  731. "sha256": {
  732. "ignore_above": 1024,
  733. "type": "keyword"
  734. },
  735. "sha512": {
  736. "ignore_above": 1024,
  737. "type": "keyword"
  738. }
  739. }
  740. },
  741. "inode": {
  742. "ignore_above": 1024,
  743. "type": "keyword"
  744. },
  745. "mode": {
  746. "ignore_above": 1024,
  747. "type": "keyword"
  748. },
  749. "mtime": {
  750. "type": "date"
  751. },
  752. "name": {
  753. "ignore_above": 1024,
  754. "type": "keyword"
  755. },
  756. "owner": {
  757. "ignore_above": 1024,
  758. "type": "keyword"
  759. },
  760. "path": {
  761. "ignore_above": 1024,
  762. "type": "keyword"
  763. },
  764. "size": {
  765. "type": "long"
  766. },
  767. "target_path": {
  768. "ignore_above": 1024,
  769. "type": "keyword"
  770. },
  771. "type": {
  772. "ignore_above": 1024,
  773. "type": "keyword"
  774. },
  775. "uid": {
  776. "ignore_above": 1024,
  777. "type": "keyword"
  778. }
  779. }
  780. },
  781. "geo": {
  782. "properties": {
  783. "city_name": {
  784. "ignore_above": 1024,
  785. "type": "keyword"
  786. },
  787. "continent_name": {
  788. "ignore_above": 1024,
  789. "type": "keyword"
  790. },
  791. "country_iso_code": {
  792. "ignore_above": 1024,
  793. "type": "keyword"
  794. },
  795. "country_name": {
  796. "ignore_above": 1024,
  797. "type": "keyword"
  798. },
  799. "location": {
  800. "type": "geo_point"
  801. },
  802. "name": {
  803. "ignore_above": 1024,
  804. "type": "keyword"
  805. },
  806. "region_iso_code": {
  807. "ignore_above": 1024,
  808. "type": "keyword"
  809. },
  810. "region_name": {
  811. "ignore_above": 1024,
  812. "type": "keyword"
  813. }
  814. }
  815. },
  816. "group": {
  817. "properties": {
  818. "id": {
  819. "ignore_above": 1024,
  820. "type": "keyword"
  821. },
  822. "name": {
  823. "ignore_above": 1024,
  824. "type": "keyword"
  825. }
  826. }
  827. },
  828. "hash": {
  829. "properties": {
  830. "md5": {
  831. "ignore_above": 1024,
  832. "type": "keyword"
  833. },
  834. "sha1": {
  835. "ignore_above": 1024,
  836. "type": "keyword"
  837. },
  838. "sha256": {
  839. "ignore_above": 1024,
  840. "type": "keyword"
  841. },
  842. "sha512": {
  843. "ignore_above": 1024,
  844. "type": "keyword"
  845. }
  846. }
  847. },
  848. "host": {
  849. "properties": {
  850. "architecture": {
  851. "ignore_above": 1024,
  852. "type": "keyword"
  853. },
  854. "containerized": {
  855. "type": "boolean"
  856. },
  857. "geo": {
  858. "properties": {
  859. "city_name": {
  860. "ignore_above": 1024,
  861. "type": "keyword"
  862. },
  863. "continent_name": {
  864. "ignore_above": 1024,
  865. "type": "keyword"
  866. },
  867. "country_iso_code": {
  868. "ignore_above": 1024,
  869. "type": "keyword"
  870. },
  871. "country_name": {
  872. "ignore_above": 1024,
  873. "type": "keyword"
  874. },
  875. "location": {
  876. "type": "geo_point"
  877. },
  878. "name": {
  879. "ignore_above": 1024,
  880. "type": "keyword"
  881. },
  882. "region_iso_code": {
  883. "ignore_above": 1024,
  884. "type": "keyword"
  885. },
  886. "region_name": {
  887. "ignore_above": 1024,
  888. "type": "keyword"
  889. }
  890. }
  891. },
  892. "hostname": {
  893. "ignore_above": 1024,
  894. "type": "keyword"
  895. },
  896. "id": {
  897. "ignore_above": 1024,
  898. "type": "keyword"
  899. },
  900. "ip": {
  901. "type": "ip"
  902. },
  903. "mac": {
  904. "ignore_above": 1024,
  905. "type": "keyword"
  906. },
  907. "name": {
  908. "ignore_above": 1024,
  909. "type": "keyword"
  910. },
  911. "os": {
  912. "properties": {
  913. "build": {
  914. "ignore_above": 1024,
  915. "type": "keyword"
  916. },
  917. "codename": {
  918. "ignore_above": 1024,
  919. "type": "keyword"
  920. },
  921. "family": {
  922. "ignore_above": 1024,
  923. "type": "keyword"
  924. },
  925. "full": {
  926. "ignore_above": 1024,
  927. "type": "keyword"
  928. },
  929. "kernel": {
  930. "ignore_above": 1024,
  931. "type": "keyword"
  932. },
  933. "name": {
  934. "ignore_above": 1024,
  935. "type": "keyword"
  936. },
  937. "platform": {
  938. "ignore_above": 1024,
  939. "type": "keyword"
  940. },
  941. "version": {
  942. "ignore_above": 1024,
  943. "type": "keyword"
  944. }
  945. }
  946. },
  947. "type": {
  948. "ignore_above": 1024,
  949. "type": "keyword"
  950. },
  951. "uptime": {
  952. "type": "long"
  953. },
  954. "user": {
  955. "properties": {
  956. "domain": {
  957. "ignore_above": 1024,
  958. "type": "keyword"
  959. },
  960. "email": {
  961. "ignore_above": 1024,
  962. "type": "keyword"
  963. },
  964. "full_name": {
  965. "ignore_above": 1024,
  966. "type": "keyword"
  967. },
  968. "group": {
  969. "properties": {
  970. "id": {
  971. "ignore_above": 1024,
  972. "type": "keyword"
  973. },
  974. "name": {
  975. "ignore_above": 1024,
  976. "type": "keyword"
  977. }
  978. }
  979. },
  980. "hash": {
  981. "ignore_above": 1024,
  982. "type": "keyword"
  983. },
  984. "id": {
  985. "ignore_above": 1024,
  986. "type": "keyword"
  987. },
  988. "name": {
  989. "ignore_above": 1024,
  990. "type": "keyword"
  991. }
  992. }
  993. }
  994. }
  995. },
  996. "http": {
  997. "properties": {
  998. "request": {
  999. "properties": {
  1000. "body": {
  1001. "properties": {
  1002. "bytes": {
  1003. "type": "long"
  1004. },
  1005. "content": {
  1006. "ignore_above": 1024,
  1007. "type": "keyword"
  1008. }
  1009. }
  1010. },
  1011. "bytes": {
  1012. "type": "long"
  1013. },
  1014. "method": {
  1015. "ignore_above": 1024,
  1016. "type": "keyword"
  1017. },
  1018. "referrer": {
  1019. "ignore_above": 1024,
  1020. "type": "keyword"
  1021. }
  1022. }
  1023. },
  1024. "response": {
  1025. "properties": {
  1026. "body": {
  1027. "properties": {
  1028. "bytes": {
  1029. "type": "long"
  1030. },
  1031. "content": {
  1032. "ignore_above": 1024,
  1033. "type": "keyword"
  1034. }
  1035. }
  1036. },
  1037. "bytes": {
  1038. "type": "long"
  1039. },
  1040. "status_code": {
  1041. "type": "long"
  1042. }
  1043. }
  1044. },
  1045. "version": {
  1046. "ignore_above": 1024,
  1047. "type": "keyword"
  1048. }
  1049. }
  1050. },
  1051. "jolokia": {
  1052. "properties": {
  1053. "agent": {
  1054. "properties": {
  1055. "id": {
  1056. "ignore_above": 1024,
  1057. "type": "keyword"
  1058. },
  1059. "version": {
  1060. "ignore_above": 1024,
  1061. "type": "keyword"
  1062. }
  1063. }
  1064. },
  1065. "secured": {
  1066. "type": "boolean"
  1067. },
  1068. "server": {
  1069. "properties": {
  1070. "product": {
  1071. "ignore_above": 1024,
  1072. "type": "keyword"
  1073. },
  1074. "vendor": {
  1075. "ignore_above": 1024,
  1076. "type": "keyword"
  1077. },
  1078. "version": {
  1079. "ignore_above": 1024,
  1080. "type": "keyword"
  1081. }
  1082. }
  1083. },
  1084. "url": {
  1085. "ignore_above": 1024,
  1086. "type": "keyword"
  1087. }
  1088. }
  1089. },
  1090. "kubernetes": {
  1091. "properties": {
  1092. "annotations": {
  1093. "properties": {
  1094. "*": {
  1095. "type": "object"
  1096. }
  1097. }
  1098. },
  1099. "container": {
  1100. "properties": {
  1101. "image": {
  1102. "ignore_above": 1024,
  1103. "type": "keyword"
  1104. },
  1105. "name": {
  1106. "ignore_above": 1024,
  1107. "type": "keyword"
  1108. }
  1109. }
  1110. },
  1111. "deployment": {
  1112. "properties": {
  1113. "name": {
  1114. "ignore_above": 1024,
  1115. "type": "keyword"
  1116. }
  1117. }
  1118. },
  1119. "labels": {
  1120. "properties": {
  1121. "*": {
  1122. "type": "object"
  1123. }
  1124. }
  1125. },
  1126. "namespace": {
  1127. "ignore_above": 1024,
  1128. "type": "keyword"
  1129. },
  1130. "node": {
  1131. "properties": {
  1132. "name": {
  1133. "ignore_above": 1024,
  1134. "type": "keyword"
  1135. }
  1136. }
  1137. },
  1138. "pod": {
  1139. "properties": {
  1140. "name": {
  1141. "ignore_above": 1024,
  1142. "type": "keyword"
  1143. },
  1144. "uid": {
  1145. "ignore_above": 1024,
  1146. "type": "keyword"
  1147. }
  1148. }
  1149. },
  1150. "replicaset": {
  1151. "properties": {
  1152. "name": {
  1153. "ignore_above": 1024,
  1154. "type": "keyword"
  1155. }
  1156. }
  1157. },
  1158. "statefulset": {
  1159. "properties": {
  1160. "name": {
  1161. "ignore_above": 1024,
  1162. "type": "keyword"
  1163. }
  1164. }
  1165. }
  1166. }
  1167. },
  1168. "labels": {
  1169. "type": "object"
  1170. },
  1171. "log": {
  1172. "properties": {
  1173. "file": {
  1174. "properties": {
  1175. "path": {
  1176. "ignore_above": 1024,
  1177. "type": "keyword"
  1178. }
  1179. }
  1180. },
  1181. "level": {
  1182. "ignore_above": 1024,
  1183. "type": "keyword"
  1184. },
  1185. "logger": {
  1186. "ignore_above": 1024,
  1187. "type": "keyword"
  1188. },
  1189. "original": {
  1190. "ignore_above": 1024,
  1191. "type": "keyword"
  1192. }
  1193. }
  1194. },
  1195. "message": {
  1196. "norms": false,
  1197. "type": "text"
  1198. },
  1199. "network": {
  1200. "properties": {
  1201. "application": {
  1202. "ignore_above": 1024,
  1203. "type": "keyword"
  1204. },
  1205. "bytes": {
  1206. "type": "long"
  1207. },
  1208. "community_id": {
  1209. "ignore_above": 1024,
  1210. "type": "keyword"
  1211. },
  1212. "direction": {
  1213. "ignore_above": 1024,
  1214. "type": "keyword"
  1215. },
  1216. "forwarded_ip": {
  1217. "type": "ip"
  1218. },
  1219. "iana_number": {
  1220. "ignore_above": 1024,
  1221. "type": "keyword"
  1222. },
  1223. "name": {
  1224. "ignore_above": 1024,
  1225. "type": "keyword"
  1226. },
  1227. "packets": {
  1228. "type": "long"
  1229. },
  1230. "protocol": {
  1231. "ignore_above": 1024,
  1232. "type": "keyword"
  1233. },
  1234. "transport": {
  1235. "ignore_above": 1024,
  1236. "type": "keyword"
  1237. },
  1238. "type": {
  1239. "ignore_above": 1024,
  1240. "type": "keyword"
  1241. }
  1242. }
  1243. },
  1244. "observer": {
  1245. "properties": {
  1246. "geo": {
  1247. "properties": {
  1248. "city_name": {
  1249. "ignore_above": 1024,
  1250. "type": "keyword"
  1251. },
  1252. "continent_name": {
  1253. "ignore_above": 1024,
  1254. "type": "keyword"
  1255. },
  1256. "country_iso_code": {
  1257. "ignore_above": 1024,
  1258. "type": "keyword"
  1259. },
  1260. "country_name": {
  1261. "ignore_above": 1024,
  1262. "type": "keyword"
  1263. },
  1264. "location": {
  1265. "type": "geo_point"
  1266. },
  1267. "name": {
  1268. "ignore_above": 1024,
  1269. "type": "keyword"
  1270. },
  1271. "region_iso_code": {
  1272. "ignore_above": 1024,
  1273. "type": "keyword"
  1274. },
  1275. "region_name": {
  1276. "ignore_above": 1024,
  1277. "type": "keyword"
  1278. }
  1279. }
  1280. },
  1281. "hostname": {
  1282. "ignore_above": 1024,
  1283. "type": "keyword"
  1284. },
  1285. "ip": {
  1286. "type": "ip"
  1287. },
  1288. "mac": {
  1289. "ignore_above": 1024,
  1290. "type": "keyword"
  1291. },
  1292. "os": {
  1293. "properties": {
  1294. "family": {
  1295. "ignore_above": 1024,
  1296. "type": "keyword"
  1297. },
  1298. "full": {
  1299. "ignore_above": 1024,
  1300. "type": "keyword"
  1301. },
  1302. "kernel": {
  1303. "ignore_above": 1024,
  1304. "type": "keyword"
  1305. },
  1306. "name": {
  1307. "ignore_above": 1024,
  1308. "type": "keyword"
  1309. },
  1310. "platform": {
  1311. "ignore_above": 1024,
  1312. "type": "keyword"
  1313. },
  1314. "version": {
  1315. "ignore_above": 1024,
  1316. "type": "keyword"
  1317. }
  1318. }
  1319. },
  1320. "serial_number": {
  1321. "ignore_above": 1024,
  1322. "type": "keyword"
  1323. },
  1324. "type": {
  1325. "ignore_above": 1024,
  1326. "type": "keyword"
  1327. },
  1328. "vendor": {
  1329. "ignore_above": 1024,
  1330. "type": "keyword"
  1331. },
  1332. "version": {
  1333. "ignore_above": 1024,
  1334. "type": "keyword"
  1335. }
  1336. }
  1337. },
  1338. "organization": {
  1339. "properties": {
  1340. "id": {
  1341. "ignore_above": 1024,
  1342. "type": "keyword"
  1343. },
  1344. "name": {
  1345. "ignore_above": 1024,
  1346. "type": "keyword"
  1347. }
  1348. }
  1349. },
  1350. "os": {
  1351. "properties": {
  1352. "family": {
  1353. "ignore_above": 1024,
  1354. "type": "keyword"
  1355. },
  1356. "full": {
  1357. "ignore_above": 1024,
  1358. "type": "keyword"
  1359. },
  1360. "kernel": {
  1361. "ignore_above": 1024,
  1362. "type": "keyword"
  1363. },
  1364. "name": {
  1365. "ignore_above": 1024,
  1366. "type": "keyword"
  1367. },
  1368. "platform": {
  1369. "ignore_above": 1024,
  1370. "type": "keyword"
  1371. },
  1372. "version": {
  1373. "ignore_above": 1024,
  1374. "type": "keyword"
  1375. }
  1376. }
  1377. },
  1378. "process": {
  1379. "properties": {
  1380. "args": {
  1381. "ignore_above": 1024,
  1382. "type": "keyword"
  1383. },
  1384. "executable": {
  1385. "ignore_above": 1024,
  1386. "type": "keyword"
  1387. },
  1388. "hash": {
  1389. "properties": {
  1390. "md5": {
  1391. "ignore_above": 1024,
  1392. "type": "keyword"
  1393. },
  1394. "sha1": {
  1395. "ignore_above": 1024,
  1396. "type": "keyword"
  1397. },
  1398. "sha256": {
  1399. "ignore_above": 1024,
  1400. "type": "keyword"
  1401. },
  1402. "sha512": {
  1403. "ignore_above": 1024,
  1404. "type": "keyword"
  1405. }
  1406. }
  1407. },
  1408. "name": {
  1409. "ignore_above": 1024,
  1410. "type": "keyword"
  1411. },
  1412. "pgid": {
  1413. "type": "long"
  1414. },
  1415. "pid": {
  1416. "type": "long"
  1417. },
  1418. "ppid": {
  1419. "type": "long"
  1420. },
  1421. "start": {
  1422. "type": "date"
  1423. },
  1424. "thread": {
  1425. "properties": {
  1426. "id": {
  1427. "type": "long"
  1428. },
  1429. "name": {
  1430. "ignore_above": 1024,
  1431. "type": "keyword"
  1432. }
  1433. }
  1434. },
  1435. "title": {
  1436. "ignore_above": 1024,
  1437. "type": "keyword"
  1438. },
  1439. "uptime": {
  1440. "type": "long"
  1441. },
  1442. "working_directory": {
  1443. "ignore_above": 1024,
  1444. "type": "keyword"
  1445. }
  1446. }
  1447. },
  1448. "related": {
  1449. "properties": {
  1450. "ip": {
  1451. "type": "ip"
  1452. }
  1453. }
  1454. },
  1455. "server": {
  1456. "properties": {
  1457. "address": {
  1458. "ignore_above": 1024,
  1459. "type": "keyword"
  1460. },
  1461. "as": {
  1462. "properties": {
  1463. "number": {
  1464. "type": "long"
  1465. },
  1466. "organization": {
  1467. "properties": {
  1468. "name": {
  1469. "ignore_above": 1024,
  1470. "type": "keyword"
  1471. }
  1472. }
  1473. }
  1474. }
  1475. },
  1476. "bytes": {
  1477. "type": "long"
  1478. },
  1479. "domain": {
  1480. "ignore_above": 1024,
  1481. "type": "keyword"
  1482. },
  1483. "geo": {
  1484. "properties": {
  1485. "city_name": {
  1486. "ignore_above": 1024,
  1487. "type": "keyword"
  1488. },
  1489. "continent_name": {
  1490. "ignore_above": 1024,
  1491. "type": "keyword"
  1492. },
  1493. "country_iso_code": {
  1494. "ignore_above": 1024,
  1495. "type": "keyword"
  1496. },
  1497. "country_name": {
  1498. "ignore_above": 1024,
  1499. "type": "keyword"
  1500. },
  1501. "location": {
  1502. "type": "geo_point"
  1503. },
  1504. "name": {
  1505. "ignore_above": 1024,
  1506. "type": "keyword"
  1507. },
  1508. "region_iso_code": {
  1509. "ignore_above": 1024,
  1510. "type": "keyword"
  1511. },
  1512. "region_name": {
  1513. "ignore_above": 1024,
  1514. "type": "keyword"
  1515. }
  1516. }
  1517. },
  1518. "ip": {
  1519. "type": "ip"
  1520. },
  1521. "mac": {
  1522. "ignore_above": 1024,
  1523. "type": "keyword"
  1524. },
  1525. "nat": {
  1526. "properties": {
  1527. "ip": {
  1528. "type": "ip"
  1529. },
  1530. "port": {
  1531. "type": "long"
  1532. }
  1533. }
  1534. },
  1535. "packets": {
  1536. "type": "long"
  1537. },
  1538. "port": {
  1539. "type": "long"
  1540. },
  1541. "user": {
  1542. "properties": {
  1543. "domain": {
  1544. "ignore_above": 1024,
  1545. "type": "keyword"
  1546. },
  1547. "email": {
  1548. "ignore_above": 1024,
  1549. "type": "keyword"
  1550. },
  1551. "full_name": {
  1552. "ignore_above": 1024,
  1553. "type": "keyword"
  1554. },
  1555. "group": {
  1556. "properties": {
  1557. "id": {
  1558. "ignore_above": 1024,
  1559. "type": "keyword"
  1560. },
  1561. "name": {
  1562. "ignore_above": 1024,
  1563. "type": "keyword"
  1564. }
  1565. }
  1566. },
  1567. "hash": {
  1568. "ignore_above": 1024,
  1569. "type": "keyword"
  1570. },
  1571. "id": {
  1572. "ignore_above": 1024,
  1573. "type": "keyword"
  1574. },
  1575. "name": {
  1576. "ignore_above": 1024,
  1577. "type": "keyword"
  1578. }
  1579. }
  1580. }
  1581. }
  1582. },
  1583. "service": {
  1584. "properties": {
  1585. "ephemeral_id": {
  1586. "ignore_above": 1024,
  1587. "type": "keyword"
  1588. },
  1589. "id": {
  1590. "ignore_above": 1024,
  1591. "type": "keyword"
  1592. },
  1593. "name": {
  1594. "ignore_above": 1024,
  1595. "type": "keyword"
  1596. },
  1597. "state": {
  1598. "ignore_above": 1024,
  1599. "type": "keyword"
  1600. },
  1601. "type": {
  1602. "ignore_above": 1024,
  1603. "type": "keyword"
  1604. },
  1605. "version": {
  1606. "ignore_above": 1024,
  1607. "type": "keyword"
  1608. }
  1609. }
  1610. },
  1611. "source": {
  1612. "properties": {
  1613. "address": {
  1614. "ignore_above": 1024,
  1615. "type": "keyword"
  1616. },
  1617. "as": {
  1618. "properties": {
  1619. "number": {
  1620. "type": "long"
  1621. },
  1622. "organization": {
  1623. "properties": {
  1624. "name": {
  1625. "ignore_above": 1024,
  1626. "type": "keyword"
  1627. }
  1628. }
  1629. }
  1630. }
  1631. },
  1632. "bytes": {
  1633. "type": "long"
  1634. },
  1635. "domain": {
  1636. "ignore_above": 1024,
  1637. "type": "keyword"
  1638. },
  1639. "geo": {
  1640. "properties": {
  1641. "city_name": {
  1642. "ignore_above": 1024,
  1643. "type": "keyword"
  1644. },
  1645. "continent_name": {
  1646. "ignore_above": 1024,
  1647. "type": "keyword"
  1648. },
  1649. "country_iso_code": {
  1650. "ignore_above": 1024,
  1651. "type": "keyword"
  1652. },
  1653. "country_name": {
  1654. "ignore_above": 1024,
  1655. "type": "keyword"
  1656. },
  1657. "location": {
  1658. "type": "geo_point"
  1659. },
  1660. "name": {
  1661. "ignore_above": 1024,
  1662. "type": "keyword"
  1663. },
  1664. "region_iso_code": {
  1665. "ignore_above": 1024,
  1666. "type": "keyword"
  1667. },
  1668. "region_name": {
  1669. "ignore_above": 1024,
  1670. "type": "keyword"
  1671. }
  1672. }
  1673. },
  1674. "ip": {
  1675. "type": "ip"
  1676. },
  1677. "mac": {
  1678. "ignore_above": 1024,
  1679. "type": "keyword"
  1680. },
  1681. "nat": {
  1682. "properties": {
  1683. "ip": {
  1684. "type": "ip"
  1685. },
  1686. "port": {
  1687. "type": "long"
  1688. }
  1689. }
  1690. },
  1691. "packets": {
  1692. "type": "long"
  1693. },
  1694. "port": {
  1695. "type": "long"
  1696. },
  1697. "user": {
  1698. "properties": {
  1699. "domain": {
  1700. "ignore_above": 1024,
  1701. "type": "keyword"
  1702. },
  1703. "email": {
  1704. "ignore_above": 1024,
  1705. "type": "keyword"
  1706. },
  1707. "full_name": {
  1708. "ignore_above": 1024,
  1709. "type": "keyword"
  1710. },
  1711. "group": {
  1712. "properties": {
  1713. "id": {
  1714. "ignore_above": 1024,
  1715. "type": "keyword"
  1716. },
  1717. "name": {
  1718. "ignore_above": 1024,
  1719. "type": "keyword"
  1720. }
  1721. }
  1722. },
  1723. "hash": {
  1724. "ignore_above": 1024,
  1725. "type": "keyword"
  1726. },
  1727. "id": {
  1728. "ignore_above": 1024,
  1729. "type": "keyword"
  1730. },
  1731. "name": {
  1732. "ignore_above": 1024,
  1733. "type": "keyword"
  1734. }
  1735. }
  1736. }
  1737. }
  1738. },
  1739. "tags": {
  1740. "ignore_above": 1024,
  1741. "type": "keyword"
  1742. },
  1743. "timeseries": {
  1744. "properties": {
  1745. "instance": {
  1746. "ignore_above": 1024,
  1747. "type": "keyword"
  1748. }
  1749. }
  1750. },
  1751. "tracing": {
  1752. "properties": {
  1753. "trace": {
  1754. "properties": {
  1755. "id": {
  1756. "ignore_above": 1024,
  1757. "type": "keyword"
  1758. }
  1759. }
  1760. },
  1761. "transaction": {
  1762. "properties": {
  1763. "id": {
  1764. "ignore_above": 1024,
  1765. "type": "keyword"
  1766. }
  1767. }
  1768. }
  1769. }
  1770. },
  1771. "url": {
  1772. "properties": {
  1773. "domain": {
  1774. "ignore_above": 1024,
  1775. "type": "keyword"
  1776. },
  1777. "fragment": {
  1778. "ignore_above": 1024,
  1779. "type": "keyword"
  1780. },
  1781. "full": {
  1782. "ignore_above": 1024,
  1783. "type": "keyword"
  1784. },
  1785. "original": {
  1786. "ignore_above": 1024,
  1787. "type": "keyword"
  1788. },
  1789. "password": {
  1790. "ignore_above": 1024,
  1791. "type": "keyword"
  1792. },
  1793. "path": {
  1794. "ignore_above": 1024,
  1795. "type": "keyword"
  1796. },
  1797. "port": {
  1798. "type": "long"
  1799. },
  1800. "query": {
  1801. "ignore_above": 1024,
  1802. "type": "keyword"
  1803. },
  1804. "scheme": {
  1805. "ignore_above": 1024,
  1806. "type": "keyword"
  1807. },
  1808. "username": {
  1809. "ignore_above": 1024,
  1810. "type": "keyword"
  1811. }
  1812. }
  1813. },
  1814. "user": {
  1815. "properties": {
  1816. "domain": {
  1817. "ignore_above": 1024,
  1818. "type": "keyword"
  1819. },
  1820. "email": {
  1821. "ignore_above": 1024,
  1822. "type": "keyword"
  1823. },
  1824. "full_name": {
  1825. "ignore_above": 1024,
  1826. "type": "keyword"
  1827. },
  1828. "group": {
  1829. "properties": {
  1830. "id": {
  1831. "ignore_above": 1024,
  1832. "type": "keyword"
  1833. },
  1834. "name": {
  1835. "ignore_above": 1024,
  1836. "type": "keyword"
  1837. }
  1838. }
  1839. },
  1840. "hash": {
  1841. "ignore_above": 1024,
  1842. "type": "keyword"
  1843. },
  1844. "id": {
  1845. "ignore_above": 1024,
  1846. "type": "keyword"
  1847. },
  1848. "name": {
  1849. "ignore_above": 1024,
  1850. "type": "keyword"
  1851. }
  1852. }
  1853. },
  1854. "user_agent": {
  1855. "properties": {
  1856. "device": {
  1857. "properties": {
  1858. "name": {
  1859. "ignore_above": 1024,
  1860. "type": "keyword"
  1861. }
  1862. }
  1863. },
  1864. "name": {
  1865. "ignore_above": 1024,
  1866. "type": "keyword"
  1867. },
  1868. "original": {
  1869. "ignore_above": 1024,
  1870. "type": "keyword"
  1871. },
  1872. "os": {
  1873. "properties": {
  1874. "family": {
  1875. "ignore_above": 1024,
  1876. "type": "keyword"
  1877. },
  1878. "full": {
  1879. "ignore_above": 1024,
  1880. "type": "keyword"
  1881. },
  1882. "kernel": {
  1883. "ignore_above": 1024,
  1884. "type": "keyword"
  1885. },
  1886. "name": {
  1887. "ignore_above": 1024,
  1888. "type": "keyword"
  1889. },
  1890. "platform": {
  1891. "ignore_above": 1024,
  1892. "type": "keyword"
  1893. },
  1894. "version": {
  1895. "ignore_above": 1024,
  1896. "type": "keyword"
  1897. }
  1898. }
  1899. },
  1900. "version": {
  1901. "ignore_above": 1024,
  1902. "type": "keyword"
  1903. }
  1904. }
  1905. },
  1906. "winlog": {
  1907. "properties": {
  1908. "activity_id": {
  1909. "ignore_above": 1024,
  1910. "type": "keyword"
  1911. },
  1912. "api": {
  1913. "ignore_above": 1024,
  1914. "type": "keyword"
  1915. },
  1916. "channel": {
  1917. "ignore_above": 1024,
  1918. "type": "keyword"
  1919. },
  1920. "computer_name": {
  1921. "ignore_above": 1024,
  1922. "type": "keyword"
  1923. },
  1924. "event_data": {
  1925. "properties": {
  1926. "AuthenticationPackageName": {
  1927. "ignore_above": 1024,
  1928. "type": "keyword"
  1929. },
  1930. "Binary": {
  1931. "ignore_above": 1024,
  1932. "type": "keyword"
  1933. },
  1934. "BitlockerUserInputTime": {
  1935. "ignore_above": 1024,
  1936. "type": "keyword"
  1937. },
  1938. "BootMode": {
  1939. "ignore_above": 1024,
  1940. "type": "keyword"
  1941. },
  1942. "BootType": {
  1943. "ignore_above": 1024,
  1944. "type": "keyword"
  1945. },
  1946. "BuildVersion": {
  1947. "ignore_above": 1024,
  1948. "type": "keyword"
  1949. },
  1950. "Company": {
  1951. "ignore_above": 1024,
  1952. "type": "keyword"
  1953. },
  1954. "CorruptionActionState": {
  1955. "ignore_above": 1024,
  1956. "type": "keyword"
  1957. },
  1958. "CreationUtcTime": {
  1959. "ignore_above": 1024,
  1960. "type": "keyword"
  1961. },
  1962. "Description": {
  1963. "ignore_above": 1024,
  1964. "type": "keyword"
  1965. },
  1966. "Detail": {
  1967. "ignore_above": 1024,
  1968. "type": "keyword"
  1969. },
  1970. "DeviceName": {
  1971. "ignore_above": 1024,
  1972. "type": "keyword"
  1973. },
  1974. "DeviceNameLength": {
  1975. "ignore_above": 1024,
  1976. "type": "keyword"
  1977. },
  1978. "DeviceTime": {
  1979. "ignore_above": 1024,
  1980. "type": "keyword"
  1981. },
  1982. "DeviceVersionMajor": {
  1983. "ignore_above": 1024,
  1984. "type": "keyword"
  1985. },
  1986. "DeviceVersionMinor": {
  1987. "ignore_above": 1024,
  1988. "type": "keyword"
  1989. },
  1990. "DriveName": {
  1991. "ignore_above": 1024,
  1992. "type": "keyword"
  1993. },
  1994. "DriverName": {
  1995. "ignore_above": 1024,
  1996. "type": "keyword"
  1997. },
  1998. "DriverNameLength": {
  1999. "ignore_above": 1024,
  2000. "type": "keyword"
  2001. },
  2002. "DwordVal": {
  2003. "ignore_above": 1024,
  2004. "type": "keyword"
  2005. },
  2006. "EntryCount": {
  2007. "ignore_above": 1024,
  2008. "type": "keyword"
  2009. },
  2010. "ExtraInfo": {
  2011. "ignore_above": 1024,
  2012. "type": "keyword"
  2013. },
  2014. "FailureName": {
  2015. "ignore_above": 1024,
  2016. "type": "keyword"
  2017. },
  2018. "FailureNameLength": {
  2019. "ignore_above": 1024,
  2020. "type": "keyword"
  2021. },
  2022. "FileVersion": {
  2023. "ignore_above": 1024,
  2024. "type": "keyword"
  2025. },
  2026. "FinalStatus": {
  2027. "ignore_above": 1024,
  2028. "type": "keyword"
  2029. },
  2030. "Group": {
  2031. "ignore_above": 1024,
  2032. "type": "keyword"
  2033. },
  2034. "IdleImplementation": {
  2035. "ignore_above": 1024,
  2036. "type": "keyword"
  2037. },
  2038. "IdleStateCount": {
  2039. "ignore_above": 1024,
  2040. "type": "keyword"
  2041. },
  2042. "ImpersonationLevel": {
  2043. "ignore_above": 1024,
  2044. "type": "keyword"
  2045. },
  2046. "IntegrityLevel": {
  2047. "ignore_above": 1024,
  2048. "type": "keyword"
  2049. },
  2050. "IpAddress": {
  2051. "ignore_above": 1024,
  2052. "type": "keyword"
  2053. },
  2054. "IpPort": {
  2055. "ignore_above": 1024,
  2056. "type": "keyword"
  2057. },
  2058. "KeyLength": {
  2059. "ignore_above": 1024,
  2060. "type": "keyword"
  2061. },
  2062. "LastBootGood": {
  2063. "ignore_above": 1024,
  2064. "type": "keyword"
  2065. },
  2066. "LastShutdownGood": {
  2067. "ignore_above": 1024,
  2068. "type": "keyword"
  2069. },
  2070. "LmPackageName": {
  2071. "ignore_above": 1024,
  2072. "type": "keyword"
  2073. },
  2074. "LogonGuid": {
  2075. "ignore_above": 1024,
  2076. "type": "keyword"
  2077. },
  2078. "LogonId": {
  2079. "ignore_above": 1024,
  2080. "type": "keyword"
  2081. },
  2082. "LogonProcessName": {
  2083. "ignore_above": 1024,
  2084. "type": "keyword"
  2085. },
  2086. "LogonType": {
  2087. "ignore_above": 1024,
  2088. "type": "keyword"
  2089. },
  2090. "MajorVersion": {
  2091. "ignore_above": 1024,
  2092. "type": "keyword"
  2093. },
  2094. "MaximumPerformancePercent": {
  2095. "ignore_above": 1024,
  2096. "type": "keyword"
  2097. },
  2098. "MinimumPerformancePercent": {
  2099. "ignore_above": 1024,
  2100. "type": "keyword"
  2101. },
  2102. "MinimumThrottlePercent": {
  2103. "ignore_above": 1024,
  2104. "type": "keyword"
  2105. },
  2106. "MinorVersion": {
  2107. "ignore_above": 1024,
  2108. "type": "keyword"
  2109. },
  2110. "NewProcessId": {
  2111. "ignore_above": 1024,
  2112. "type": "keyword"
  2113. },
  2114. "NewProcessName": {
  2115. "ignore_above": 1024,
  2116. "type": "keyword"
  2117. },
  2118. "NewSchemeGuid": {
  2119. "ignore_above": 1024,
  2120. "type": "keyword"
  2121. },
  2122. "NewTime": {
  2123. "ignore_above": 1024,
  2124. "type": "keyword"
  2125. },
  2126. "NominalFrequency": {
  2127. "ignore_above": 1024,
  2128. "type": "keyword"
  2129. },
  2130. "Number": {
  2131. "ignore_above": 1024,
  2132. "type": "keyword"
  2133. },
  2134. "OldSchemeGuid": {
  2135. "ignore_above": 1024,
  2136. "type": "keyword"
  2137. },
  2138. "OldTime": {
  2139. "ignore_above": 1024,
  2140. "type": "keyword"
  2141. },
  2142. "OriginalFileName": {
  2143. "ignore_above": 1024,
  2144. "type": "keyword"
  2145. },
  2146. "Path": {
  2147. "ignore_above": 1024,
  2148. "type": "keyword"
  2149. },
  2150. "PerformanceImplementation": {
  2151. "ignore_above": 1024,
  2152. "type": "keyword"
  2153. },
  2154. "PreviousCreationUtcTime": {
  2155. "ignore_above": 1024,
  2156. "type": "keyword"
  2157. },
  2158. "PreviousTime": {
  2159. "ignore_above": 1024,
  2160. "type": "keyword"
  2161. },
  2162. "PrivilegeList": {
  2163. "ignore_above": 1024,
  2164. "type": "keyword"
  2165. },
  2166. "ProcessId": {
  2167. "ignore_above": 1024,
  2168. "type": "keyword"
  2169. },
  2170. "ProcessName": {
  2171. "ignore_above": 1024,
  2172. "type": "keyword"
  2173. },
  2174. "ProcessPath": {
  2175. "ignore_above": 1024,
  2176. "type": "keyword"
  2177. },
  2178. "ProcessPid": {
  2179. "ignore_above": 1024,
  2180. "type": "keyword"
  2181. },
  2182. "Product": {
  2183. "ignore_above": 1024,
  2184. "type": "keyword"
  2185. },
  2186. "PuaCount": {
  2187. "ignore_above": 1024,
  2188. "type": "keyword"
  2189. },
  2190. "PuaPolicyId": {
  2191. "ignore_above": 1024,
  2192. "type": "keyword"
  2193. },
  2194. "QfeVersion": {
  2195. "ignore_above": 1024,
  2196. "type": "keyword"
  2197. },
  2198. "Reason": {
  2199. "ignore_above": 1024,
  2200. "type": "keyword"
  2201. },
  2202. "SchemaVersion": {
  2203. "ignore_above": 1024,
  2204. "type": "keyword"
  2205. },
  2206. "ScriptBlockText": {
  2207. "ignore_above": 1024,
  2208. "type": "keyword"
  2209. },
  2210. "ServiceName": {
  2211. "ignore_above": 1024,
  2212. "type": "keyword"
  2213. },
  2214. "ServiceVersion": {
  2215. "ignore_above": 1024,
  2216. "type": "keyword"
  2217. },
  2218. "ShutdownActionType": {
  2219. "ignore_above": 1024,
  2220. "type": "keyword"
  2221. },
  2222. "ShutdownEventCode": {
  2223. "ignore_above": 1024,
  2224. "type": "keyword"
  2225. },
  2226. "ShutdownReason": {
  2227. "ignore_above": 1024,
  2228. "type": "keyword"
  2229. },
  2230. "Signature": {
  2231. "ignore_above": 1024,
  2232. "type": "keyword"
  2233. },
  2234. "SignatureStatus": {
  2235. "ignore_above": 1024,
  2236. "type": "keyword"
  2237. },
  2238. "Signed": {
  2239. "ignore_above": 1024,
  2240. "type": "keyword"
  2241. },
  2242. "StartTime": {
  2243. "ignore_above": 1024,
  2244. "type": "keyword"
  2245. },
  2246. "State": {
  2247. "ignore_above": 1024,
  2248. "type": "keyword"
  2249. },
  2250. "Status": {
  2251. "ignore_above": 1024,
  2252. "type": "keyword"
  2253. },
  2254. "StopTime": {
  2255. "ignore_above": 1024,
  2256. "type": "keyword"
  2257. },
  2258. "SubjectDomainName": {
  2259. "ignore_above": 1024,
  2260. "type": "keyword"
  2261. },
  2262. "SubjectLogonId": {
  2263. "ignore_above": 1024,
  2264. "type": "keyword"
  2265. },
  2266. "SubjectUserName": {
  2267. "ignore_above": 1024,
  2268. "type": "keyword"
  2269. },
  2270. "SubjectUserSid": {
  2271. "ignore_above": 1024,
  2272. "type": "keyword"
  2273. },
  2274. "TSId": {
  2275. "ignore_above": 1024,
  2276. "type": "keyword"
  2277. },
  2278. "TargetDomainName": {
  2279. "ignore_above": 1024,
  2280. "type": "keyword"
  2281. },
  2282. "TargetInfo": {
  2283. "ignore_above": 1024,
  2284. "type": "keyword"
  2285. },
  2286. "TargetLogonGuid": {
  2287. "ignore_above": 1024,
  2288. "type": "keyword"
  2289. },
  2290. "TargetLogonId": {
  2291. "ignore_above": 1024,
  2292. "type": "keyword"
  2293. },
  2294. "TargetServerName": {
  2295. "ignore_above": 1024,
  2296. "type": "keyword"
  2297. },
  2298. "TargetUserName": {
  2299. "ignore_above": 1024,
  2300. "type": "keyword"
  2301. },
  2302. "TargetUserSid": {
  2303. "ignore_above": 1024,
  2304. "type": "keyword"
  2305. },
  2306. "TerminalSessionId": {
  2307. "ignore_above": 1024,
  2308. "type": "keyword"
  2309. },
  2310. "TokenElevationType": {
  2311. "ignore_above": 1024,
  2312. "type": "keyword"
  2313. },
  2314. "TransmittedServices": {
  2315. "ignore_above": 1024,
  2316. "type": "keyword"
  2317. },
  2318. "UserSid": {
  2319. "ignore_above": 1024,
  2320. "type": "keyword"
  2321. },
  2322. "Version": {
  2323. "ignore_above": 1024,
  2324. "type": "keyword"
  2325. },
  2326. "Workstation": {
  2327. "ignore_above": 1024,
  2328. "type": "keyword"
  2329. },
  2330. "param1": {
  2331. "ignore_above": 1024,
  2332. "type": "keyword"
  2333. },
  2334. "param2": {
  2335. "ignore_above": 1024,
  2336. "type": "keyword"
  2337. },
  2338. "param3": {
  2339. "ignore_above": 1024,
  2340. "type": "keyword"
  2341. },
  2342. "param4": {
  2343. "ignore_above": 1024,
  2344. "type": "keyword"
  2345. },
  2346. "param5": {
  2347. "ignore_above": 1024,
  2348. "type": "keyword"
  2349. },
  2350. "param6": {
  2351. "ignore_above": 1024,
  2352. "type": "keyword"
  2353. },
  2354. "param7": {
  2355. "ignore_above": 1024,
  2356. "type": "keyword"
  2357. },
  2358. "param8": {
  2359. "ignore_above": 1024,
  2360. "type": "keyword"
  2361. }
  2362. }
  2363. },
  2364. "event_id": {
  2365. "ignore_above": 1024,
  2366. "type": "keyword"
  2367. },
  2368. "keywords": {
  2369. "ignore_above": 1024,
  2370. "type": "keyword"
  2371. },
  2372. "opcode": {
  2373. "ignore_above": 1024,
  2374. "type": "keyword"
  2375. },
  2376. "process": {
  2377. "properties": {
  2378. "pid": {
  2379. "type": "long"
  2380. },
  2381. "thread": {
  2382. "properties": {
  2383. "id": {
  2384. "type": "long"
  2385. }
  2386. }
  2387. }
  2388. }
  2389. },
  2390. "provider_guid": {
  2391. "ignore_above": 1024,
  2392. "type": "keyword"
  2393. },
  2394. "provider_name": {
  2395. "ignore_above": 1024,
  2396. "type": "keyword"
  2397. },
  2398. "record_id": {
  2399. "ignore_above": 1024,
  2400. "type": "keyword"
  2401. },
  2402. "related_activity_id": {
  2403. "ignore_above": 1024,
  2404. "type": "keyword"
  2405. },
  2406. "task": {
  2407. "ignore_above": 1024,
  2408. "type": "keyword"
  2409. },
  2410. "user": {
  2411. "properties": {
  2412. "domain": {
  2413. "ignore_above": 1024,
  2414. "type": "keyword"
  2415. },
  2416. "identifier": {
  2417. "ignore_above": 1024,
  2418. "type": "keyword"
  2419. },
  2420. "name": {
  2421. "ignore_above": 1024,
  2422. "type": "keyword"
  2423. },
  2424. "type": {
  2425. "ignore_above": 1024,
  2426. "type": "keyword"
  2427. }
  2428. }
  2429. },
  2430. "user_data": {
  2431. "type": "object"
  2432. },
  2433. "version": {
  2434. "type": "long"
  2435. }
  2436. }
  2437. }
  2438. }
  2439. },
  2440. "order": 1,
  2441. "settings": {
  2442. "index": {
  2443. "lifecycle": {
  2444. "name": "winlogbeat-7.5.1",
  2445. "rollover_alias": "winlogbeat-7.5.1"
  2446. },
  2447. "mapping": {
  2448. "total_fields": {
  2449. "limit": 10000
  2450. }
  2451. },
  2452. "number_of_routing_shards": 30,
  2453. "number_of_shards": 1,
  2454. "query": {
  2455. "default_field": [
  2456. "message",
  2457. "tags",
  2458. "agent.ephemeral_id",
  2459. "agent.id",
  2460. "agent.name",
  2461. "agent.type",
  2462. "agent.version",
  2463. "as.organization.name",
  2464. "client.address",
  2465. "client.as.organization.name",
  2466. "client.domain",
  2467. "client.geo.city_name",
  2468. "client.geo.continent_name",
  2469. "client.geo.country_iso_code",
  2470. "client.geo.country_name",
  2471. "client.geo.name",
  2472. "client.geo.region_iso_code",
  2473. "client.geo.region_name",
  2474. "client.mac",
  2475. "client.user.domain",
  2476. "client.user.email",
  2477. "client.user.full_name",
  2478. "client.user.group.id",
  2479. "client.user.group.name",
  2480. "client.user.hash",
  2481. "client.user.id",
  2482. "client.user.name",
  2483. "cloud.account.id",
  2484. "cloud.availability_zone",
  2485. "cloud.instance.id",
  2486. "cloud.instance.name",
  2487. "cloud.machine.type",
  2488. "cloud.provider",
  2489. "cloud.region",
  2490. "container.id",
  2491. "container.image.name",
  2492. "container.image.tag",
  2493. "container.name",
  2494. "container.runtime",
  2495. "destination.address",
  2496. "destination.as.organization.name",
  2497. "destination.domain",
  2498. "destination.geo.city_name",
  2499. "destination.geo.continent_name",
  2500. "destination.geo.country_iso_code",
  2501. "destination.geo.country_name",
  2502. "destination.geo.name",
  2503. "destination.geo.region_iso_code",
  2504. "destination.geo.region_name",
  2505. "destination.mac",
  2506. "destination.user.domain",
  2507. "destination.user.email",
  2508. "destination.user.full_name",
  2509. "destination.user.group.id",
  2510. "destination.user.group.name",
  2511. "destination.user.hash",
  2512. "destination.user.id",
  2513. "destination.user.name",
  2514. "dns.answers.class",
  2515. "dns.answers.data",
  2516. "dns.answers.name",
  2517. "dns.answers.type",
  2518. "dns.header_flags",
  2519. "dns.id",
  2520. "dns.op_code",
  2521. "dns.question.class",
  2522. "dns.question.name",
  2523. "dns.question.registered_domain",
  2524. "dns.question.type",
  2525. "dns.response_code",
  2526. "dns.type",
  2527. "ecs.version",
  2528. "error.code",
  2529. "error.id",
  2530. "error.message",
  2531. "event.action",
  2532. "event.category",
  2533. "event.code",
  2534. "event.dataset",
  2535. "event.hash",
  2536. "event.id",
  2537. "event.kind",
  2538. "event.module",
  2539. "event.original",
  2540. "event.outcome",
  2541. "event.provider",
  2542. "event.timezone",
  2543. "event.type",
  2544. "file.device",
  2545. "file.directory",
  2546. "file.extension",
  2547. "file.gid",
  2548. "file.group",
  2549. "file.hash.md5",
  2550. "file.hash.sha1",
  2551. "file.hash.sha256",
  2552. "file.hash.sha512",
  2553. "file.inode",
  2554. "file.mode",
  2555. "file.name",
  2556. "file.owner",
  2557. "file.path",
  2558. "file.target_path",
  2559. "file.type",
  2560. "file.uid",
  2561. "geo.city_name",
  2562. "geo.continent_name",
  2563. "geo.country_iso_code",
  2564. "geo.country_name",
  2565. "geo.name",
  2566. "geo.region_iso_code",
  2567. "geo.region_name",
  2568. "group.id",
  2569. "group.name",
  2570. "hash.md5",
  2571. "hash.sha1",
  2572. "hash.sha256",
  2573. "hash.sha512",
  2574. "host.architecture",
  2575. "host.geo.city_name",
  2576. "host.geo.continent_name",
  2577. "host.geo.country_iso_code",
  2578. "host.geo.country_name",
  2579. "host.geo.name",
  2580. "host.geo.region_iso_code",
  2581. "host.geo.region_name",
  2582. "host.hostname",
  2583. "host.id",
  2584. "host.mac",
  2585. "host.name",
  2586. "host.os.family",
  2587. "host.os.full",
  2588. "host.os.kernel",
  2589. "host.os.name",
  2590. "host.os.platform",
  2591. "host.os.version",
  2592. "host.type",
  2593. "host.user.domain",
  2594. "host.user.email",
  2595. "host.user.full_name",
  2596. "host.user.group.id",
  2597. "host.user.group.name",
  2598. "host.user.hash",
  2599. "host.user.id",
  2600. "host.user.name",
  2601. "http.request.body.content",
  2602. "http.request.method",
  2603. "http.request.referrer",
  2604. "http.response.body.content",
  2605. "http.version",
  2606. "log.level",
  2607. "log.logger",
  2608. "log.original",
  2609. "network.application",
  2610. "network.community_id",
  2611. "network.direction",
  2612. "network.iana_number",
  2613. "network.name",
  2614. "network.protocol",
  2615. "network.transport",
  2616. "network.type",
  2617. "observer.geo.city_name",
  2618. "observer.geo.continent_name",
  2619. "observer.geo.country_iso_code",
  2620. "observer.geo.country_name",
  2621. "observer.geo.name",
  2622. "observer.geo.region_iso_code",
  2623. "observer.geo.region_name",
  2624. "observer.hostname",
  2625. "observer.mac",
  2626. "observer.os.family",
  2627. "observer.os.full",
  2628. "observer.os.kernel",
  2629. "observer.os.name",
  2630. "observer.os.platform",
  2631. "observer.os.version",
  2632. "observer.serial_number",
  2633. "observer.type",
  2634. "observer.vendor",
  2635. "observer.version",
  2636. "organization.id",
  2637. "organization.name",
  2638. "os.family",
  2639. "os.full",
  2640. "os.kernel",
  2641. "os.name",
  2642. "os.platform",
  2643. "os.version",
  2644. "process.args",
  2645. "process.executable",
  2646. "process.hash.md5",
  2647. "process.hash.sha1",
  2648. "process.hash.sha256",
  2649. "process.hash.sha512",
  2650. "process.name",
  2651. "process.thread.name",
  2652. "process.title",
  2653. "process.working_directory",
  2654. "server.address",
  2655. "server.as.organization.name",
  2656. "server.domain",
  2657. "server.geo.city_name",
  2658. "server.geo.continent_name",
  2659. "server.geo.country_iso_code",
  2660. "server.geo.country_name",
  2661. "server.geo.name",
  2662. "server.geo.region_iso_code",
  2663. "server.geo.region_name",
  2664. "server.mac",
  2665. "server.user.domain",
  2666. "server.user.email",
  2667. "server.user.full_name",
  2668. "server.user.group.id",
  2669. "server.user.group.name",
  2670. "server.user.hash",
  2671. "server.user.id",
  2672. "server.user.name",
  2673. "service.ephemeral_id",
  2674. "service.id",
  2675. "service.name",
  2676. "service.state",
  2677. "service.type",
  2678. "service.version",
  2679. "source.address",
  2680. "source.as.organization.name",
  2681. "source.domain",
  2682. "source.geo.city_name",
  2683. "source.geo.continent_name",
  2684. "source.geo.country_iso_code",
  2685. "source.geo.country_name",
  2686. "source.geo.name",
  2687. "source.geo.region_iso_code",
  2688. "source.geo.region_name",
  2689. "source.mac",
  2690. "source.user.domain",
  2691. "source.user.email",
  2692. "source.user.full_name",
  2693. "source.user.group.id",
  2694. "source.user.group.name",
  2695. "source.user.hash",
  2696. "source.user.id",
  2697. "source.user.name",
  2698. "tracing.trace.id",
  2699. "tracing.transaction.id",
  2700. "url.domain",
  2701. "url.fragment",
  2702. "url.full",
  2703. "url.original",
  2704. "url.password",
  2705. "url.path",
  2706. "url.query",
  2707. "url.scheme",
  2708. "url.username",
  2709. "user.domain",
  2710. "user.email",
  2711. "user.full_name",
  2712. "user.group.id",
  2713. "user.group.name",
  2714. "user.hash",
  2715. "user.id",
  2716. "user.name",
  2717. "user_agent.device.name",
  2718. "user_agent.name",
  2719. "user_agent.original",
  2720. "user_agent.os.family",
  2721. "user_agent.os.full",
  2722. "user_agent.os.kernel",
  2723. "user_agent.os.name",
  2724. "user_agent.os.platform",
  2725. "user_agent.os.version",
  2726. "user_agent.version",
  2727. "agent.hostname",
  2728. "error.type",
  2729. "timeseries.instance",
  2730. "cloud.project.id",
  2731. "cloud.image.id",
  2732. "host.os.build",
  2733. "host.os.codename",
  2734. "kubernetes.pod.name",
  2735. "kubernetes.pod.uid",
  2736. "kubernetes.namespace",
  2737. "kubernetes.node.name",
  2738. "kubernetes.replicaset.name",
  2739. "kubernetes.deployment.name",
  2740. "kubernetes.statefulset.name",
  2741. "kubernetes.container.name",
  2742. "kubernetes.container.image",
  2743. "jolokia.agent.version",
  2744. "jolokia.agent.id",
  2745. "jolokia.server.product",
  2746. "jolokia.server.version",
  2747. "jolokia.server.vendor",
  2748. "jolokia.url",
  2749. "log.file.path",
  2750. "event.original",
  2751. "winlog.api",
  2752. "winlog.activity_id",
  2753. "winlog.computer_name",
  2754. "winlog.event_data.AuthenticationPackageName",
  2755. "winlog.event_data.Binary",
  2756. "winlog.event_data.BitlockerUserInputTime",
  2757. "winlog.event_data.BootMode",
  2758. "winlog.event_data.BootType",
  2759. "winlog.event_data.BuildVersion",
  2760. "winlog.event_data.Company",
  2761. "winlog.event_data.CorruptionActionState",
  2762. "winlog.event_data.CreationUtcTime",
  2763. "winlog.event_data.Description",
  2764. "winlog.event_data.Detail",
  2765. "winlog.event_data.DeviceName",
  2766. "winlog.event_data.DeviceNameLength",
  2767. "winlog.event_data.DeviceTime",
  2768. "winlog.event_data.DeviceVersionMajor",
  2769. "winlog.event_data.DeviceVersionMinor",
  2770. "winlog.event_data.DriveName",
  2771. "winlog.event_data.DriverName",
  2772. "winlog.event_data.DriverNameLength",
  2773. "winlog.event_data.DwordVal",
  2774. "winlog.event_data.EntryCount",
  2775. "winlog.event_data.ExtraInfo",
  2776. "winlog.event_data.FailureName",
  2777. "winlog.event_data.FailureNameLength",
  2778. "winlog.event_data.FileVersion",
  2779. "winlog.event_data.FinalStatus",
  2780. "winlog.event_data.Group",
  2781. "winlog.event_data.IdleImplementation",
  2782. "winlog.event_data.IdleStateCount",
  2783. "winlog.event_data.ImpersonationLevel",
  2784. "winlog.event_data.IntegrityLevel",
  2785. "winlog.event_data.IpAddress",
  2786. "winlog.event_data.IpPort",
  2787. "winlog.event_data.KeyLength",
  2788. "winlog.event_data.LastBootGood",
  2789. "winlog.event_data.LastShutdownGood",
  2790. "winlog.event_data.LmPackageName",
  2791. "winlog.event_data.LogonGuid",
  2792. "winlog.event_data.LogonId",
  2793. "winlog.event_data.LogonProcessName",
  2794. "winlog.event_data.LogonType",
  2795. "winlog.event_data.MajorVersion",
  2796. "winlog.event_data.MaximumPerformancePercent",
  2797. "winlog.event_data.MinimumPerformancePercent",
  2798. "winlog.event_data.MinimumThrottlePercent",
  2799. "winlog.event_data.MinorVersion",
  2800. "winlog.event_data.NewProcessId",
  2801. "winlog.event_data.NewProcessName",
  2802. "winlog.event_data.NewSchemeGuid",
  2803. "winlog.event_data.NewTime",
  2804. "winlog.event_data.NominalFrequency",
  2805. "winlog.event_data.Number",
  2806. "winlog.event_data.OldSchemeGuid",
  2807. "winlog.event_data.OldTime",
  2808. "winlog.event_data.OriginalFileName",
  2809. "winlog.event_data.Path",
  2810. "winlog.event_data.PerformanceImplementation",
  2811. "winlog.event_data.PreviousCreationUtcTime",
  2812. "winlog.event_data.PreviousTime",
  2813. "winlog.event_data.PrivilegeList",
  2814. "winlog.event_data.ProcessId",
  2815. "winlog.event_data.ProcessName",
  2816. "winlog.event_data.ProcessPath",
  2817. "winlog.event_data.ProcessPid",
  2818. "winlog.event_data.Product",
  2819. "winlog.event_data.PuaCount",
  2820. "winlog.event_data.PuaPolicyId",
  2821. "winlog.event_data.QfeVersion",
  2822. "winlog.event_data.Reason",
  2823. "winlog.event_data.SchemaVersion",
  2824. "winlog.event_data.ScriptBlockText",
  2825. "winlog.event_data.ServiceName",
  2826. "winlog.event_data.ServiceVersion",
  2827. "winlog.event_data.ShutdownActionType",
  2828. "winlog.event_data.ShutdownEventCode",
  2829. "winlog.event_data.ShutdownReason",
  2830. "winlog.event_data.Signature",
  2831. "winlog.event_data.SignatureStatus",
  2832. "winlog.event_data.Signed",
  2833. "winlog.event_data.StartTime",
  2834. "winlog.event_data.State",
  2835. "winlog.event_data.Status",
  2836. "winlog.event_data.StopTime",
  2837. "winlog.event_data.SubjectDomainName",
  2838. "winlog.event_data.SubjectLogonId",
  2839. "winlog.event_data.SubjectUserName",
  2840. "winlog.event_data.SubjectUserSid",
  2841. "winlog.event_data.TSId",
  2842. "winlog.event_data.TargetDomainName",
  2843. "winlog.event_data.TargetInfo",
  2844. "winlog.event_data.TargetLogonGuid",
  2845. "winlog.event_data.TargetLogonId",
  2846. "winlog.event_data.TargetServerName",
  2847. "winlog.event_data.TargetUserName",
  2848. "winlog.event_data.TargetUserSid",
  2849. "winlog.event_data.TerminalSessionId",
  2850. "winlog.event_data.TokenElevationType",
  2851. "winlog.event_data.TransmittedServices",
  2852. "winlog.event_data.UserSid",
  2853. "winlog.event_data.Version",
  2854. "winlog.event_data.Workstation",
  2855. "winlog.event_data.param1",
  2856. "winlog.event_data.param2",
  2857. "winlog.event_data.param3",
  2858. "winlog.event_data.param4",
  2859. "winlog.event_data.param5",
  2860. "winlog.event_data.param6",
  2861. "winlog.event_data.param7",
  2862. "winlog.event_data.param8",
  2863. "winlog.event_id",
  2864. "winlog.keywords",
  2865. "winlog.channel",
  2866. "winlog.record_id",
  2867. "winlog.related_activity_id",
  2868. "winlog.opcode",
  2869. "winlog.provider_guid",
  2870. "winlog.provider_name",
  2871. "winlog.task",
  2872. "winlog.user.identifier",
  2873. "winlog.user.name",
  2874. "winlog.user.domain",
  2875. "winlog.user.type",
  2876. "fields.*"
  2877. ]
  2878. },
  2879. "refresh_interval": "5s"
  2880. }
  2881. }
  2882. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!