diff --git a/src/dev/typescript/projects.ts b/src/dev/typescript/projects.ts
index 4fe1d5e83bd2..225788ddc3c2 100644
--- a/src/dev/typescript/projects.ts
+++ b/src/dev/typescript/projects.ts
@@ -24,6 +24,10 @@ export const PROJECTS = [
name: 'apm/cypress',
disableTypeCheck: true,
}),
+ new Project(resolve(REPO_ROOT, 'x-pack/plugins/apm/ftr_e2e/tsconfig.json'), {
+ name: 'apm/ftr_e2e',
+ disableTypeCheck: true,
+ }),
new Project(resolve(REPO_ROOT, 'x-pack/plugins/apm/scripts/tsconfig.json'), {
name: 'apm/scripts',
disableTypeCheck: true,
diff --git a/x-pack/plugins/apm/ftr_e2e/config.ts b/x-pack/plugins/apm/ftr_e2e/config.ts
new file mode 100644
index 000000000000..26b6923ca90a
--- /dev/null
+++ b/x-pack/plugins/apm/ftr_e2e/config.ts
@@ -0,0 +1,50 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { resolve } from 'path';
+
+import { FtrConfigProviderContext } from '@kbn/test/types/ftr';
+
+import { CA_CERT_PATH } from '@kbn/dev-utils';
+async function config({ readConfigFile }: FtrConfigProviderContext) {
+ const kibanaCommonTestsConfig = await readConfigFile(
+ require.resolve('../../../../test/common/config.js')
+ );
+ const xpackFunctionalTestsConfig = await readConfigFile(
+ require.resolve('../../../test/functional/config.js')
+ );
+
+ return {
+ ...kibanaCommonTestsConfig.getAll(),
+
+ esArchiver: {
+ directory: resolve(__dirname, 'cypress/fixtures/es_archiver'),
+ },
+
+ esTestCluster: {
+ ...xpackFunctionalTestsConfig.get('esTestCluster'),
+ serverArgs: [
+ ...xpackFunctionalTestsConfig.get('esTestCluster.serverArgs'),
+ // define custom es server here
+ // API Keys is enabled at the top level
+ 'xpack.security.enabled=true',
+ ],
+ },
+
+ kbnTestServer: {
+ ...xpackFunctionalTestsConfig.get('kbnTestServer'),
+ serverArgs: [
+ ...xpackFunctionalTestsConfig.get('kbnTestServer.serverArgs'),
+ '--csp.strict=false',
+ // define custom kibana server args here
+ `--elasticsearch.ssl.certificateAuthorities=${CA_CERT_PATH}`,
+ ],
+ },
+ };
+}
+
+// eslint-disable-next-line import/no-default-export
+export default config;
diff --git a/x-pack/plugins/apm/ftr_e2e/cypress.json b/x-pack/plugins/apm/ftr_e2e/cypress.json
new file mode 100644
index 000000000000..f8f20cd5f6ee
--- /dev/null
+++ b/x-pack/plugins/apm/ftr_e2e/cypress.json
@@ -0,0 +1,16 @@
+{
+ "fileServerFolder": "./cypress",
+ "fixturesFolder": "./cypress/fixtures",
+ "integrationFolder": "./cypress/integration",
+ "pluginsFile": "./cypress/plugins/index.js",
+ "screenshotsFolder": "./cypress/screenshots",
+ "supportFile": "./cypress/support/index.js",
+ "videosFolder": "./cypress/videos",
+ "defaultCommandTimeout": 30000,
+ "execTimeout": 120000,
+ "pageLoadTimeout": 120000,
+ "viewportHeight": 900,
+ "viewportWidth": 1440,
+ "video": false,
+ "screenshotOnRunFailure": false
+}
\ No newline at end of file
diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/fixtures/es_archiver/apm_8.0.0/data.json.gz b/x-pack/plugins/apm/ftr_e2e/cypress/fixtures/es_archiver/apm_8.0.0/data.json.gz
new file mode 100644
index 000000000000..5b2f72512ab6
Binary files /dev/null and b/x-pack/plugins/apm/ftr_e2e/cypress/fixtures/es_archiver/apm_8.0.0/data.json.gz differ
diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/fixtures/es_archiver/apm_8.0.0/mappings.json b/x-pack/plugins/apm/ftr_e2e/cypress/fixtures/es_archiver/apm_8.0.0/mappings.json
new file mode 100644
index 000000000000..13bfec74269b
--- /dev/null
+++ b/x-pack/plugins/apm/ftr_e2e/cypress/fixtures/es_archiver/apm_8.0.0/mappings.json
@@ -0,0 +1,22355 @@
+{
+ "type": "index",
+ "value": {
+ "aliases": {
+ ".kibana": {
+ }
+ },
+ "index": ".kibana_1",
+ "mappings": {
+ "_meta": {
+ "migrationMappingPropertyHashes": {
+ "action": "6e96ac5e648f57523879661ea72525b7",
+ "action_task_params": "a9d49f184ee89641044be0ca2950fa3a",
+ "alert": "0359d7fcc04da9878ee9aadbda38ba55",
+ "api_key_pending_invalidation": "16f515278a295f6245149ad7c5ddedb7",
+ "apm-indices": "9bb9b2bf1fa636ed8619cbab5ce6a1dd",
+ "apm-telemetry": "3d1b76c39bfb2cc8296b024d73854724",
+ "app_search_telemetry": "3d1b76c39bfb2cc8296b024d73854724",
+ "application_usage_daily": "43b8830d5d0df85a6823d290885fc9fd",
+ "application_usage_totals": "3d1b76c39bfb2cc8296b024d73854724",
+ "application_usage_transactional": "3d1b76c39bfb2cc8296b024d73854724",
+ "search-session": "404e2e2355a045f400c393e751445b42",
+ "canvas-element": "7390014e1091044523666d97247392fc",
+ "canvas-workpad": "b0a1706d356228dbdcb4a17e6b9eb231",
+ "canvas-workpad-template": "ae2673f678281e2c055d764b153e9715",
+ "cases": "477f214ff61acc3af26a7b7818e380c1",
+ "cases-comments": "8a50736330e953bca91747723a319593",
+ "cases-configure": "387c5f3a3bda7e0ae0dd4e106f914a69",
+ "cases-user-actions": "32277330ec6b721abe3b846cfd939a71",
+ "config": "c63748b75f39d0c54de12d12c1ccbc20",
+ "core-usage-stats": "3d1b76c39bfb2cc8296b024d73854724",
+ "dashboard": "40554caf09725935e2c02e02563a2d07",
+ "endpoint:user-artifact": "4a11183eee21e6fbad864f7a30b39ad0",
+ "endpoint:user-artifact-manifest": "4b9c0e7cfaf86d82a7ee9ed68065e50d",
+ "enterprise_search_telemetry": "3d1b76c39bfb2cc8296b024d73854724",
+ "epm-packages": "2b83397e3eaaaa8ef15e38813f3721c3",
+ "exception-list": "67f055ab8c10abd7b2ebfd969b836788",
+ "exception-list-agnostic": "67f055ab8c10abd7b2ebfd969b836788",
+ "file-upload-telemetry": "0ed4d3e1983d1217a30982630897092e",
+ "fleet-agent-actions": "9511b565b1cc6441a42033db3d5de8e9",
+ "fleet-agent-events": "e20a508b6e805189356be381dbfac8db",
+ "fleet-agents": "cb661e8ede2b640c42c8e5ef99db0683",
+ "fleet-enrollment-api-keys": "a69ef7ae661dab31561d6c6f052ef2a7",
+ "graph-workspace": "cd7ba1330e6682e9cc00b78850874be1",
+ "index-pattern": "45915a1ad866812242df474eb0479052",
+ "infrastructure-ui-source": "3d1b76c39bfb2cc8296b024d73854724",
+ "ingest-agent-policies": "8b0733cce189659593659dad8db426f0",
+ "ingest-outputs": "8854f34453a47e26f86a29f8f3b80b4e",
+ "ingest-package-policies": "c91ca97b1ff700f0fc64dc6b13d65a85",
+ "ingest_manager_settings": "02a03095f0e05b7a538fa801b88a217f",
+ "inventory-view": "3d1b76c39bfb2cc8296b024d73854724",
+ "kql-telemetry": "d12a98a6f19a2d273696597547e064ee",
+ "lens": "52346cfec69ff7b47d5f0c12361a2797",
+ "lens-ui-telemetry": "509bfa5978586998e05f9e303c07a327",
+ "map": "4a05b35c3a3a58fbc72dd0202dc3487f",
+ "maps-telemetry": "5ef305b18111b77789afefbd36b66171",
+ "metrics-explorer-view": "3d1b76c39bfb2cc8296b024d73854724",
+ "migrationVersion": "4a1746014a75ade3a714e1db5763276f",
+ "ml-job": "3bb64c31915acf93fc724af137a0891b",
+ "ml-telemetry": "257fd1d4b4fdbb9cb4b8a3b27da201e9",
+ "monitoring-telemetry": "2669d5ec15e82391cf58df4294ee9c68",
+ "namespace": "2f4316de49999235636386fe51dc06c1",
+ "namespaces": "2f4316de49999235636386fe51dc06c1",
+ "originId": "2f4316de49999235636386fe51dc06c1",
+ "query": "11aaeb7f5f7fa5bb43f25e18ce26e7d9",
+ "references": "7997cf5a56cc02bdc9c93361bde732b0",
+ "sample-data-telemetry": "7d3cfeb915303c9641c59681967ffeb4",
+ "search": "43012c7ebc4cb57054e0a490e4b43023",
+ "search-telemetry": "3d1b76c39bfb2cc8296b024d73854724",
+ "siem-detection-engine-rule-actions": "6569b288c169539db10cb262bf79de18",
+ "siem-detection-engine-rule-status": "ae783f41c6937db6b7a2ef5c93a9e9b0",
+ "siem-ui-timeline": "d12c5474364d737d17252acf1dc4585c",
+ "siem-ui-timeline-note": "8874706eedc49059d4cf0f5094559084",
+ "siem-ui-timeline-pinned-event": "20638091112f0e14f0e443d512301c29",
+ "space": "c5ca8acafa0beaa4d08d014a97b6bc6b",
+ "spaces-usage-stats": "3d1b76c39bfb2cc8296b024d73854724",
+ "tag": "83d55da58f6530f7055415717ec06474",
+ "telemetry": "36a616f7026dfa617d6655df850fe16d",
+ "timelion-sheet": "9a2a2748877c7a7b582fef201ab1d4cf",
+ "tsvb-validation-telemetry": "3a37ef6c8700ae6fc97d5c7da00e9215",
+ "type": "2f4316de49999235636386fe51dc06c1",
+ "ui-metric": "0d409297dc5ebe1e3a1da691c6ee32e3",
+ "updated_at": "00da57df13e94e9d98437d13ace4bfe0",
+ "upgrade-assistant-reindex-operation": "215107c281839ea9b3ad5f6419819763",
+ "upgrade-assistant-telemetry": "56702cec857e0a9dacfb696655b4ff7b",
+ "uptime-dynamic-settings": "3d1b76c39bfb2cc8296b024d73854724",
+ "url": "c7f66a0df8b1b52f17c28c4adb111105",
+ "visualization": "f819cf6636b75c9e76ba733a0c6ef355",
+ "workplace_search_telemetry": "3d1b76c39bfb2cc8296b024d73854724"
+ }
+ },
+ "dynamic": "strict",
+ "properties": {
+ "action": {
+ "properties": {
+ "actionTypeId": {
+ "type": "keyword"
+ },
+ "config": {
+ "enabled": false,
+ "type": "object"
+ },
+ "name": {
+ "fields": {
+ "keyword": {
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "secrets": {
+ "type": "binary"
+ }
+ }
+ },
+ "action_task_params": {
+ "properties": {
+ "actionId": {
+ "type": "keyword"
+ },
+ "apiKey": {
+ "type": "binary"
+ },
+ "params": {
+ "enabled": false,
+ "type": "object"
+ }
+ }
+ },
+ "alert": {
+ "properties": {
+ "actions": {
+ "properties": {
+ "actionRef": {
+ "type": "keyword"
+ },
+ "actionTypeId": {
+ "type": "keyword"
+ },
+ "group": {
+ "type": "keyword"
+ },
+ "params": {
+ "enabled": false,
+ "type": "object"
+ }
+ },
+ "type": "nested"
+ },
+ "alertTypeId": {
+ "type": "keyword"
+ },
+ "apiKey": {
+ "type": "binary"
+ },
+ "apiKeyOwner": {
+ "type": "keyword"
+ },
+ "consumer": {
+ "type": "keyword"
+ },
+ "createdAt": {
+ "type": "date"
+ },
+ "createdBy": {
+ "type": "keyword"
+ },
+ "enabled": {
+ "type": "boolean"
+ },
+ "executionStatus": {
+ "properties": {
+ "error": {
+ "properties": {
+ "message": {
+ "type": "keyword"
+ },
+ "reason": {
+ "type": "keyword"
+ }
+ }
+ },
+ "lastExecutionDate": {
+ "type": "date"
+ },
+ "status": {
+ "type": "keyword"
+ }
+ }
+ },
+ "meta": {
+ "properties": {
+ "versionApiKeyLastmodified": {
+ "type": "keyword"
+ }
+ }
+ },
+ "muteAll": {
+ "type": "boolean"
+ },
+ "mutedInstanceIds": {
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "keyword": {
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "params": {
+ "enabled": false,
+ "type": "object"
+ },
+ "schedule": {
+ "properties": {
+ "interval": {
+ "type": "keyword"
+ }
+ }
+ },
+ "scheduledTaskId": {
+ "type": "keyword"
+ },
+ "tags": {
+ "type": "keyword"
+ },
+ "throttle": {
+ "type": "keyword"
+ },
+ "updatedAt": {
+ "type": "date"
+ },
+ "updatedBy": {
+ "type": "keyword"
+ }
+ }
+ },
+ "api_key_pending_invalidation": {
+ "properties": {
+ "apiKeyId": {
+ "type": "keyword"
+ },
+ "createdAt": {
+ "type": "date"
+ }
+ }
+ },
+ "apm-indices": {
+ "properties": {
+ "apm_oss": {
+ "properties": {
+ "errorIndices": {
+ "type": "keyword"
+ },
+ "metricsIndices": {
+ "type": "keyword"
+ },
+ "onboardingIndices": {
+ "type": "keyword"
+ },
+ "sourcemapIndices": {
+ "type": "keyword"
+ },
+ "spanIndices": {
+ "type": "keyword"
+ },
+ "transactionIndices": {
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "apm-telemetry": {
+ "dynamic": "false",
+ "type": "object"
+ },
+ "app_search_telemetry": {
+ "dynamic": "false",
+ "type": "object"
+ },
+ "application_usage_daily": {
+ "dynamic": "false",
+ "properties": {
+ "timestamp": {
+ "type": "date"
+ }
+ }
+ },
+ "application_usage_totals": {
+ "dynamic": "false",
+ "type": "object"
+ },
+ "application_usage_transactional": {
+ "dynamic": "false",
+ "type": "object"
+ },
+ "search-session": {
+ "properties": {
+ "appId": {
+ "type": "keyword"
+ },
+ "created": {
+ "type": "date"
+ },
+ "expires": {
+ "type": "date"
+ },
+ "idMapping": {
+ "enabled": false,
+ "type": "object"
+ },
+ "initialState": {
+ "enabled": false,
+ "type": "object"
+ },
+ "name": {
+ "type": "keyword"
+ },
+ "restoreState": {
+ "enabled": false,
+ "type": "object"
+ },
+ "status": {
+ "type": "keyword"
+ },
+ "urlGeneratorId": {
+ "type": "keyword"
+ }
+ }
+ },
+ "canvas-element": {
+ "dynamic": "false",
+ "properties": {
+ "@created": {
+ "type": "date"
+ },
+ "@timestamp": {
+ "type": "date"
+ },
+ "content": {
+ "type": "text"
+ },
+ "help": {
+ "type": "text"
+ },
+ "image": {
+ "type": "text"
+ },
+ "name": {
+ "fields": {
+ "keyword": {
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ }
+ }
+ },
+ "canvas-workpad": {
+ "dynamic": "false",
+ "properties": {
+ "@created": {
+ "type": "date"
+ },
+ "@timestamp": {
+ "type": "date"
+ },
+ "name": {
+ "fields": {
+ "keyword": {
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ }
+ }
+ },
+ "canvas-workpad-template": {
+ "dynamic": "false",
+ "properties": {
+ "help": {
+ "fields": {
+ "keyword": {
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "name": {
+ "fields": {
+ "keyword": {
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "tags": {
+ "fields": {
+ "keyword": {
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "template_key": {
+ "type": "keyword"
+ }
+ }
+ },
+ "cases": {
+ "properties": {
+ "closed_at": {
+ "type": "date"
+ },
+ "closed_by": {
+ "properties": {
+ "email": {
+ "type": "keyword"
+ },
+ "full_name": {
+ "type": "keyword"
+ },
+ "username": {
+ "type": "keyword"
+ }
+ }
+ },
+ "connector": {
+ "properties": {
+ "fields": {
+ "properties": {
+ "key": {
+ "type": "text"
+ },
+ "value": {
+ "type": "text"
+ }
+ }
+ },
+ "id": {
+ "type": "keyword"
+ },
+ "name": {
+ "type": "text"
+ },
+ "type": {
+ "type": "keyword"
+ }
+ }
+ },
+ "created_at": {
+ "type": "date"
+ },
+ "created_by": {
+ "properties": {
+ "email": {
+ "type": "keyword"
+ },
+ "full_name": {
+ "type": "keyword"
+ },
+ "username": {
+ "type": "keyword"
+ }
+ }
+ },
+ "description": {
+ "type": "text"
+ },
+ "external_service": {
+ "properties": {
+ "connector_id": {
+ "type": "keyword"
+ },
+ "connector_name": {
+ "type": "keyword"
+ },
+ "external_id": {
+ "type": "keyword"
+ },
+ "external_title": {
+ "type": "text"
+ },
+ "external_url": {
+ "type": "text"
+ },
+ "pushed_at": {
+ "type": "date"
+ },
+ "pushed_by": {
+ "properties": {
+ "email": {
+ "type": "keyword"
+ },
+ "full_name": {
+ "type": "keyword"
+ },
+ "username": {
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "status": {
+ "type": "keyword"
+ },
+ "tags": {
+ "type": "keyword"
+ },
+ "title": {
+ "type": "keyword"
+ },
+ "updated_at": {
+ "type": "date"
+ },
+ "updated_by": {
+ "properties": {
+ "email": {
+ "type": "keyword"
+ },
+ "full_name": {
+ "type": "keyword"
+ },
+ "username": {
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "cases-comments": {
+ "properties": {
+ "alertId": {
+ "type": "keyword"
+ },
+ "comment": {
+ "type": "text"
+ },
+ "created_at": {
+ "type": "date"
+ },
+ "created_by": {
+ "properties": {
+ "email": {
+ "type": "keyword"
+ },
+ "full_name": {
+ "type": "keyword"
+ },
+ "username": {
+ "type": "keyword"
+ }
+ }
+ },
+ "index": {
+ "type": "keyword"
+ },
+ "pushed_at": {
+ "type": "date"
+ },
+ "pushed_by": {
+ "properties": {
+ "email": {
+ "type": "keyword"
+ },
+ "full_name": {
+ "type": "keyword"
+ },
+ "username": {
+ "type": "keyword"
+ }
+ }
+ },
+ "type": {
+ "type": "keyword"
+ },
+ "updated_at": {
+ "type": "date"
+ },
+ "updated_by": {
+ "properties": {
+ "email": {
+ "type": "keyword"
+ },
+ "full_name": {
+ "type": "keyword"
+ },
+ "username": {
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "cases-configure": {
+ "properties": {
+ "closure_type": {
+ "type": "keyword"
+ },
+ "connector": {
+ "properties": {
+ "fields": {
+ "properties": {
+ "key": {
+ "type": "text"
+ },
+ "value": {
+ "type": "text"
+ }
+ }
+ },
+ "id": {
+ "type": "keyword"
+ },
+ "name": {
+ "type": "text"
+ },
+ "type": {
+ "type": "keyword"
+ }
+ }
+ },
+ "created_at": {
+ "type": "date"
+ },
+ "created_by": {
+ "properties": {
+ "email": {
+ "type": "keyword"
+ },
+ "full_name": {
+ "type": "keyword"
+ },
+ "username": {
+ "type": "keyword"
+ }
+ }
+ },
+ "updated_at": {
+ "type": "date"
+ },
+ "updated_by": {
+ "properties": {
+ "email": {
+ "type": "keyword"
+ },
+ "full_name": {
+ "type": "keyword"
+ },
+ "username": {
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "cases-user-actions": {
+ "properties": {
+ "action": {
+ "type": "keyword"
+ },
+ "action_at": {
+ "type": "date"
+ },
+ "action_by": {
+ "properties": {
+ "email": {
+ "type": "keyword"
+ },
+ "full_name": {
+ "type": "keyword"
+ },
+ "username": {
+ "type": "keyword"
+ }
+ }
+ },
+ "action_field": {
+ "type": "keyword"
+ },
+ "new_value": {
+ "type": "text"
+ },
+ "old_value": {
+ "type": "text"
+ }
+ }
+ },
+ "config": {
+ "dynamic": "false",
+ "properties": {
+ "buildNum": {
+ "type": "keyword"
+ }
+ }
+ },
+ "core-usage-stats": {
+ "dynamic": "false",
+ "type": "object"
+ },
+ "dashboard": {
+ "properties": {
+ "description": {
+ "type": "text"
+ },
+ "hits": {
+ "doc_values": false,
+ "index": false,
+ "type": "integer"
+ },
+ "kibanaSavedObjectMeta": {
+ "properties": {
+ "searchSourceJSON": {
+ "index": false,
+ "type": "text"
+ }
+ }
+ },
+ "optionsJSON": {
+ "index": false,
+ "type": "text"
+ },
+ "panelsJSON": {
+ "index": false,
+ "type": "text"
+ },
+ "refreshInterval": {
+ "properties": {
+ "display": {
+ "doc_values": false,
+ "index": false,
+ "type": "keyword"
+ },
+ "pause": {
+ "doc_values": false,
+ "index": false,
+ "type": "boolean"
+ },
+ "section": {
+ "doc_values": false,
+ "index": false,
+ "type": "integer"
+ },
+ "value": {
+ "doc_values": false,
+ "index": false,
+ "type": "integer"
+ }
+ }
+ },
+ "timeFrom": {
+ "doc_values": false,
+ "index": false,
+ "type": "keyword"
+ },
+ "timeRestore": {
+ "doc_values": false,
+ "index": false,
+ "type": "boolean"
+ },
+ "timeTo": {
+ "doc_values": false,
+ "index": false,
+ "type": "keyword"
+ },
+ "title": {
+ "type": "text"
+ },
+ "version": {
+ "type": "integer"
+ }
+ }
+ },
+ "endpoint:user-artifact": {
+ "properties": {
+ "body": {
+ "type": "binary"
+ },
+ "compressionAlgorithm": {
+ "index": false,
+ "type": "keyword"
+ },
+ "created": {
+ "index": false,
+ "type": "date"
+ },
+ "decodedSha256": {
+ "index": false,
+ "type": "keyword"
+ },
+ "decodedSize": {
+ "index": false,
+ "type": "long"
+ },
+ "encodedSha256": {
+ "type": "keyword"
+ },
+ "encodedSize": {
+ "index": false,
+ "type": "long"
+ },
+ "encryptionAlgorithm": {
+ "index": false,
+ "type": "keyword"
+ },
+ "identifier": {
+ "type": "keyword"
+ }
+ }
+ },
+ "endpoint:user-artifact-manifest": {
+ "properties": {
+ "created": {
+ "index": false,
+ "type": "date"
+ },
+ "ids": {
+ "index": false,
+ "type": "keyword"
+ },
+ "schemaVersion": {
+ "type": "keyword"
+ },
+ "semanticVersion": {
+ "index": false,
+ "type": "keyword"
+ }
+ }
+ },
+ "enterprise_search_telemetry": {
+ "dynamic": "false",
+ "type": "object"
+ },
+ "epm-packages": {
+ "properties": {
+ "es_index_patterns": {
+ "enabled": false,
+ "type": "object"
+ },
+ "install_source": {
+ "type": "keyword"
+ },
+ "install_started_at": {
+ "type": "date"
+ },
+ "install_status": {
+ "type": "keyword"
+ },
+ "install_version": {
+ "type": "keyword"
+ },
+ "installed_es": {
+ "properties": {
+ "id": {
+ "type": "keyword"
+ },
+ "type": {
+ "type": "keyword"
+ }
+ },
+ "type": "nested"
+ },
+ "installed_kibana": {
+ "properties": {
+ "id": {
+ "type": "keyword"
+ },
+ "type": {
+ "type": "keyword"
+ }
+ },
+ "type": "nested"
+ },
+ "internal": {
+ "type": "boolean"
+ },
+ "name": {
+ "type": "keyword"
+ },
+ "removable": {
+ "type": "boolean"
+ },
+ "version": {
+ "type": "keyword"
+ }
+ }
+ },
+ "exception-list": {
+ "properties": {
+ "_tags": {
+ "type": "keyword"
+ },
+ "comments": {
+ "properties": {
+ "comment": {
+ "type": "keyword"
+ },
+ "created_at": {
+ "type": "keyword"
+ },
+ "created_by": {
+ "type": "keyword"
+ },
+ "id": {
+ "type": "keyword"
+ },
+ "updated_at": {
+ "type": "keyword"
+ },
+ "updated_by": {
+ "type": "keyword"
+ }
+ }
+ },
+ "created_at": {
+ "type": "keyword"
+ },
+ "created_by": {
+ "type": "keyword"
+ },
+ "description": {
+ "type": "keyword"
+ },
+ "entries": {
+ "properties": {
+ "entries": {
+ "properties": {
+ "field": {
+ "type": "keyword"
+ },
+ "operator": {
+ "type": "keyword"
+ },
+ "type": {
+ "type": "keyword"
+ },
+ "value": {
+ "fields": {
+ "text": {
+ "type": "text"
+ }
+ },
+ "type": "keyword"
+ }
+ }
+ },
+ "field": {
+ "type": "keyword"
+ },
+ "list": {
+ "properties": {
+ "id": {
+ "type": "keyword"
+ },
+ "type": {
+ "type": "keyword"
+ }
+ }
+ },
+ "operator": {
+ "type": "keyword"
+ },
+ "type": {
+ "type": "keyword"
+ },
+ "value": {
+ "fields": {
+ "text": {
+ "type": "text"
+ }
+ },
+ "type": "keyword"
+ }
+ }
+ },
+ "immutable": {
+ "type": "boolean"
+ },
+ "item_id": {
+ "type": "keyword"
+ },
+ "list_id": {
+ "type": "keyword"
+ },
+ "list_type": {
+ "type": "keyword"
+ },
+ "meta": {
+ "type": "keyword"
+ },
+ "name": {
+ "type": "keyword"
+ },
+ "os_types": {
+ "type": "keyword"
+ },
+ "tags": {
+ "type": "keyword"
+ },
+ "tie_breaker_id": {
+ "type": "keyword"
+ },
+ "type": {
+ "type": "keyword"
+ },
+ "updated_by": {
+ "type": "keyword"
+ },
+ "version": {
+ "type": "keyword"
+ }
+ }
+ },
+ "exception-list-agnostic": {
+ "properties": {
+ "_tags": {
+ "type": "keyword"
+ },
+ "comments": {
+ "properties": {
+ "comment": {
+ "type": "keyword"
+ },
+ "created_at": {
+ "type": "keyword"
+ },
+ "created_by": {
+ "type": "keyword"
+ },
+ "id": {
+ "type": "keyword"
+ },
+ "updated_at": {
+ "type": "keyword"
+ },
+ "updated_by": {
+ "type": "keyword"
+ }
+ }
+ },
+ "created_at": {
+ "type": "keyword"
+ },
+ "created_by": {
+ "type": "keyword"
+ },
+ "description": {
+ "type": "keyword"
+ },
+ "entries": {
+ "properties": {
+ "entries": {
+ "properties": {
+ "field": {
+ "type": "keyword"
+ },
+ "operator": {
+ "type": "keyword"
+ },
+ "type": {
+ "type": "keyword"
+ },
+ "value": {
+ "fields": {
+ "text": {
+ "type": "text"
+ }
+ },
+ "type": "keyword"
+ }
+ }
+ },
+ "field": {
+ "type": "keyword"
+ },
+ "list": {
+ "properties": {
+ "id": {
+ "type": "keyword"
+ },
+ "type": {
+ "type": "keyword"
+ }
+ }
+ },
+ "operator": {
+ "type": "keyword"
+ },
+ "type": {
+ "type": "keyword"
+ },
+ "value": {
+ "fields": {
+ "text": {
+ "type": "text"
+ }
+ },
+ "type": "keyword"
+ }
+ }
+ },
+ "immutable": {
+ "type": "boolean"
+ },
+ "item_id": {
+ "type": "keyword"
+ },
+ "list_id": {
+ "type": "keyword"
+ },
+ "list_type": {
+ "type": "keyword"
+ },
+ "meta": {
+ "type": "keyword"
+ },
+ "name": {
+ "type": "keyword"
+ },
+ "os_types": {
+ "type": "keyword"
+ },
+ "tags": {
+ "type": "keyword"
+ },
+ "tie_breaker_id": {
+ "type": "keyword"
+ },
+ "type": {
+ "type": "keyword"
+ },
+ "updated_by": {
+ "type": "keyword"
+ },
+ "version": {
+ "type": "keyword"
+ }
+ }
+ },
+ "file-upload-telemetry": {
+ "properties": {
+ "filesUploadedTotalCount": {
+ "type": "long"
+ }
+ }
+ },
+ "fleet-agent-actions": {
+ "properties": {
+ "ack_data": {
+ "type": "text"
+ },
+ "agent_id": {
+ "type": "keyword"
+ },
+ "created_at": {
+ "type": "date"
+ },
+ "data": {
+ "type": "binary"
+ },
+ "policy_id": {
+ "type": "keyword"
+ },
+ "policy_revision": {
+ "type": "integer"
+ },
+ "sent_at": {
+ "type": "date"
+ },
+ "type": {
+ "type": "keyword"
+ }
+ }
+ },
+ "fleet-agent-events": {
+ "properties": {
+ "action_id": {
+ "type": "keyword"
+ },
+ "agent_id": {
+ "type": "keyword"
+ },
+ "data": {
+ "type": "text"
+ },
+ "message": {
+ "type": "text"
+ },
+ "payload": {
+ "type": "text"
+ },
+ "policy_id": {
+ "type": "keyword"
+ },
+ "stream_id": {
+ "type": "keyword"
+ },
+ "subtype": {
+ "type": "keyword"
+ },
+ "timestamp": {
+ "type": "date"
+ },
+ "type": {
+ "type": "keyword"
+ }
+ }
+ },
+ "fleet-agents": {
+ "properties": {
+ "access_api_key_id": {
+ "type": "keyword"
+ },
+ "active": {
+ "type": "boolean"
+ },
+ "current_error_events": {
+ "index": false,
+ "type": "text"
+ },
+ "default_api_key": {
+ "type": "binary"
+ },
+ "default_api_key_id": {
+ "type": "keyword"
+ },
+ "enrolled_at": {
+ "type": "date"
+ },
+ "last_checkin": {
+ "type": "date"
+ },
+ "last_checkin_status": {
+ "type": "keyword"
+ },
+ "last_updated": {
+ "type": "date"
+ },
+ "local_metadata": {
+ "type": "flattened"
+ },
+ "packages": {
+ "type": "keyword"
+ },
+ "policy_id": {
+ "type": "keyword"
+ },
+ "policy_revision": {
+ "type": "integer"
+ },
+ "shared_id": {
+ "type": "keyword"
+ },
+ "type": {
+ "type": "keyword"
+ },
+ "unenrolled_at": {
+ "type": "date"
+ },
+ "unenrollment_started_at": {
+ "type": "date"
+ },
+ "updated_at": {
+ "type": "date"
+ },
+ "upgrade_started_at": {
+ "type": "date"
+ },
+ "upgraded_at": {
+ "type": "date"
+ },
+ "user_provided_metadata": {
+ "type": "flattened"
+ },
+ "version": {
+ "type": "keyword"
+ }
+ }
+ },
+ "fleet-enrollment-api-keys": {
+ "properties": {
+ "active": {
+ "type": "boolean"
+ },
+ "api_key": {
+ "type": "binary"
+ },
+ "api_key_id": {
+ "type": "keyword"
+ },
+ "created_at": {
+ "type": "date"
+ },
+ "expire_at": {
+ "type": "date"
+ },
+ "name": {
+ "type": "keyword"
+ },
+ "policy_id": {
+ "type": "keyword"
+ },
+ "type": {
+ "type": "keyword"
+ },
+ "updated_at": {
+ "type": "date"
+ }
+ }
+ },
+ "graph-workspace": {
+ "properties": {
+ "description": {
+ "type": "text"
+ },
+ "kibanaSavedObjectMeta": {
+ "properties": {
+ "searchSourceJSON": {
+ "type": "text"
+ }
+ }
+ },
+ "numLinks": {
+ "type": "integer"
+ },
+ "numVertices": {
+ "type": "integer"
+ },
+ "title": {
+ "type": "text"
+ },
+ "version": {
+ "type": "integer"
+ },
+ "wsState": {
+ "type": "text"
+ }
+ }
+ },
+ "index-pattern": {
+ "dynamic": "false",
+ "properties": {
+ "title": {
+ "type": "text"
+ },
+ "type": {
+ "type": "keyword"
+ }
+ }
+ },
+ "infrastructure-ui-source": {
+ "dynamic": "false",
+ "type": "object"
+ },
+ "ingest-agent-policies": {
+ "properties": {
+ "description": {
+ "type": "text"
+ },
+ "is_default": {
+ "type": "boolean"
+ },
+ "monitoring_enabled": {
+ "index": false,
+ "type": "keyword"
+ },
+ "name": {
+ "type": "keyword"
+ },
+ "namespace": {
+ "type": "keyword"
+ },
+ "package_policies": {
+ "type": "keyword"
+ },
+ "revision": {
+ "type": "integer"
+ },
+ "status": {
+ "type": "keyword"
+ },
+ "updated_at": {
+ "type": "date"
+ },
+ "updated_by": {
+ "type": "keyword"
+ }
+ }
+ },
+ "ingest-outputs": {
+ "properties": {
+ "ca_sha256": {
+ "index": false,
+ "type": "keyword"
+ },
+ "config": {
+ "type": "flattened"
+ },
+ "config_yaml": {
+ "type": "text"
+ },
+ "fleet_enroll_password": {
+ "type": "binary"
+ },
+ "fleet_enroll_username": {
+ "type": "binary"
+ },
+ "hosts": {
+ "type": "keyword"
+ },
+ "is_default": {
+ "type": "boolean"
+ },
+ "name": {
+ "type": "keyword"
+ },
+ "type": {
+ "type": "keyword"
+ }
+ }
+ },
+ "ingest-package-policies": {
+ "properties": {
+ "created_at": {
+ "type": "date"
+ },
+ "created_by": {
+ "type": "keyword"
+ },
+ "description": {
+ "type": "text"
+ },
+ "enabled": {
+ "type": "boolean"
+ },
+ "inputs": {
+ "enabled": false,
+ "properties": {
+ "compiled_input": {
+ "type": "flattened"
+ },
+ "config": {
+ "type": "flattened"
+ },
+ "enabled": {
+ "type": "boolean"
+ },
+ "streams": {
+ "properties": {
+ "compiled_stream": {
+ "type": "flattened"
+ },
+ "config": {
+ "type": "flattened"
+ },
+ "data_stream": {
+ "properties": {
+ "dataset": {
+ "type": "keyword"
+ },
+ "type": {
+ "type": "keyword"
+ }
+ }
+ },
+ "enabled": {
+ "type": "boolean"
+ },
+ "id": {
+ "type": "keyword"
+ },
+ "vars": {
+ "type": "flattened"
+ }
+ },
+ "type": "nested"
+ },
+ "type": {
+ "type": "keyword"
+ },
+ "vars": {
+ "type": "flattened"
+ }
+ },
+ "type": "nested"
+ },
+ "name": {
+ "type": "keyword"
+ },
+ "namespace": {
+ "type": "keyword"
+ },
+ "output_id": {
+ "type": "keyword"
+ },
+ "package": {
+ "properties": {
+ "name": {
+ "type": "keyword"
+ },
+ "title": {
+ "type": "keyword"
+ },
+ "version": {
+ "type": "keyword"
+ }
+ }
+ },
+ "policy_id": {
+ "type": "keyword"
+ },
+ "revision": {
+ "type": "integer"
+ },
+ "updated_at": {
+ "type": "date"
+ },
+ "updated_by": {
+ "type": "keyword"
+ }
+ }
+ },
+ "ingest_manager_settings": {
+ "properties": {
+ "agent_auto_upgrade": {
+ "type": "keyword"
+ },
+ "has_seen_add_data_notice": {
+ "index": false,
+ "type": "boolean"
+ },
+ "kibana_ca_sha256": {
+ "type": "keyword"
+ },
+ "kibana_urls": {
+ "type": "keyword"
+ },
+ "package_auto_upgrade": {
+ "type": "keyword"
+ }
+ }
+ },
+ "inventory-view": {
+ "dynamic": "false",
+ "type": "object"
+ },
+ "kql-telemetry": {
+ "properties": {
+ "optInCount": {
+ "type": "long"
+ },
+ "optOutCount": {
+ "type": "long"
+ }
+ }
+ },
+ "lens": {
+ "properties": {
+ "description": {
+ "type": "text"
+ },
+ "expression": {
+ "doc_values": false,
+ "index": false,
+ "type": "keyword"
+ },
+ "state": {
+ "type": "flattened"
+ },
+ "title": {
+ "type": "text"
+ },
+ "visualizationType": {
+ "type": "keyword"
+ }
+ }
+ },
+ "lens-ui-telemetry": {
+ "properties": {
+ "count": {
+ "type": "integer"
+ },
+ "date": {
+ "type": "date"
+ },
+ "name": {
+ "type": "keyword"
+ },
+ "type": {
+ "type": "keyword"
+ }
+ }
+ },
+ "map": {
+ "properties": {
+ "description": {
+ "type": "text"
+ },
+ "layerListJSON": {
+ "type": "text"
+ },
+ "mapStateJSON": {
+ "type": "text"
+ },
+ "title": {
+ "type": "text"
+ },
+ "uiStateJSON": {
+ "type": "text"
+ },
+ "version": {
+ "type": "integer"
+ }
+ }
+ },
+ "maps-telemetry": {
+ "enabled": false,
+ "type": "object"
+ },
+ "metrics-explorer-view": {
+ "dynamic": "false",
+ "type": "object"
+ },
+ "migrationVersion": {
+ "dynamic": "true",
+ "properties": {
+ "action": {
+ "fields": {
+ "keyword": {
+ "ignore_above": 256,
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "alert": {
+ "fields": {
+ "keyword": {
+ "ignore_above": 256,
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "canvas-workpad": {
+ "fields": {
+ "keyword": {
+ "ignore_above": 256,
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "config": {
+ "fields": {
+ "keyword": {
+ "ignore_above": 256,
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "dashboard": {
+ "fields": {
+ "keyword": {
+ "ignore_above": 256,
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "exception-list-agnostic": {
+ "fields": {
+ "keyword": {
+ "ignore_above": 256,
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "fleet-agent-actions": {
+ "fields": {
+ "keyword": {
+ "ignore_above": 256,
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "fleet-agent-events": {
+ "fields": {
+ "keyword": {
+ "ignore_above": 256,
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "fleet-agents": {
+ "fields": {
+ "keyword": {
+ "ignore_above": 256,
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "fleet-enrollment-api-keys": {
+ "fields": {
+ "keyword": {
+ "ignore_above": 256,
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "graph-workspace": {
+ "fields": {
+ "keyword": {
+ "ignore_above": 256,
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "index-pattern": {
+ "fields": {
+ "keyword": {
+ "ignore_above": 256,
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "infrastructure-ui-source": {
+ "fields": {
+ "keyword": {
+ "ignore_above": 256,
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "ingest-agent-policies": {
+ "fields": {
+ "keyword": {
+ "ignore_above": 256,
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "ingest-package-policies": {
+ "fields": {
+ "keyword": {
+ "ignore_above": 256,
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "ingest_manager_settings": {
+ "fields": {
+ "keyword": {
+ "ignore_above": 256,
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "lens": {
+ "fields": {
+ "keyword": {
+ "ignore_above": 256,
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "map": {
+ "fields": {
+ "keyword": {
+ "ignore_above": 256,
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "ml-job": {
+ "fields": {
+ "keyword": {
+ "ignore_above": 256,
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "search": {
+ "fields": {
+ "keyword": {
+ "ignore_above": 256,
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "space": {
+ "fields": {
+ "keyword": {
+ "ignore_above": 256,
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "tsvb-validation-telemetry": {
+ "fields": {
+ "keyword": {
+ "ignore_above": 256,
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "visualization": {
+ "fields": {
+ "keyword": {
+ "ignore_above": 256,
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ }
+ }
+ },
+ "ml-job": {
+ "properties": {
+ "datafeed_id": {
+ "fields": {
+ "keyword": {
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "job_id": {
+ "fields": {
+ "keyword": {
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "type": {
+ "type": "keyword"
+ }
+ }
+ },
+ "ml-telemetry": {
+ "properties": {
+ "file_data_visualizer": {
+ "properties": {
+ "index_creation_count": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "monitoring-telemetry": {
+ "properties": {
+ "reportedClusterUuids": {
+ "type": "keyword"
+ }
+ }
+ },
+ "namespace": {
+ "type": "keyword"
+ },
+ "namespaces": {
+ "type": "keyword"
+ },
+ "originId": {
+ "type": "keyword"
+ },
+ "query": {
+ "properties": {
+ "description": {
+ "type": "text"
+ },
+ "filters": {
+ "enabled": false,
+ "type": "object"
+ },
+ "query": {
+ "properties": {
+ "language": {
+ "type": "keyword"
+ },
+ "query": {
+ "index": false,
+ "type": "keyword"
+ }
+ }
+ },
+ "timefilter": {
+ "enabled": false,
+ "type": "object"
+ },
+ "title": {
+ "type": "text"
+ }
+ }
+ },
+ "references": {
+ "properties": {
+ "id": {
+ "type": "keyword"
+ },
+ "name": {
+ "type": "keyword"
+ },
+ "type": {
+ "type": "keyword"
+ }
+ },
+ "type": "nested"
+ },
+ "sample-data-telemetry": {
+ "properties": {
+ "installCount": {
+ "type": "long"
+ },
+ "unInstallCount": {
+ "type": "long"
+ }
+ }
+ },
+ "search": {
+ "properties": {
+ "columns": {
+ "doc_values": false,
+ "index": false,
+ "type": "keyword"
+ },
+ "description": {
+ "type": "text"
+ },
+ "hits": {
+ "doc_values": false,
+ "index": false,
+ "type": "integer"
+ },
+ "kibanaSavedObjectMeta": {
+ "properties": {
+ "searchSourceJSON": {
+ "index": false,
+ "type": "text"
+ }
+ }
+ },
+ "sort": {
+ "doc_values": false,
+ "index": false,
+ "type": "keyword"
+ },
+ "title": {
+ "type": "text"
+ },
+ "version": {
+ "type": "integer"
+ }
+ }
+ },
+ "search-telemetry": {
+ "dynamic": "false",
+ "type": "object"
+ },
+ "siem-detection-engine-rule-actions": {
+ "properties": {
+ "actions": {
+ "properties": {
+ "action_type_id": {
+ "type": "keyword"
+ },
+ "group": {
+ "type": "keyword"
+ },
+ "id": {
+ "type": "keyword"
+ },
+ "params": {
+ "enabled": false,
+ "type": "object"
+ }
+ }
+ },
+ "alertThrottle": {
+ "type": "keyword"
+ },
+ "ruleAlertId": {
+ "type": "keyword"
+ },
+ "ruleThrottle": {
+ "type": "keyword"
+ }
+ }
+ },
+ "siem-detection-engine-rule-status": {
+ "properties": {
+ "alertId": {
+ "type": "keyword"
+ },
+ "bulkCreateTimeDurations": {
+ "type": "float"
+ },
+ "gap": {
+ "type": "text"
+ },
+ "lastFailureAt": {
+ "type": "date"
+ },
+ "lastFailureMessage": {
+ "type": "text"
+ },
+ "lastLookBackDate": {
+ "type": "date"
+ },
+ "lastSuccessAt": {
+ "type": "date"
+ },
+ "lastSuccessMessage": {
+ "type": "text"
+ },
+ "searchAfterTimeDurations": {
+ "type": "float"
+ },
+ "status": {
+ "type": "keyword"
+ },
+ "statusDate": {
+ "type": "date"
+ }
+ }
+ },
+ "siem-ui-timeline": {
+ "properties": {
+ "columns": {
+ "properties": {
+ "aggregatable": {
+ "type": "boolean"
+ },
+ "category": {
+ "type": "keyword"
+ },
+ "columnHeaderType": {
+ "type": "keyword"
+ },
+ "description": {
+ "type": "text"
+ },
+ "example": {
+ "type": "text"
+ },
+ "id": {
+ "type": "keyword"
+ },
+ "indexes": {
+ "type": "keyword"
+ },
+ "name": {
+ "type": "text"
+ },
+ "placeholder": {
+ "type": "text"
+ },
+ "searchable": {
+ "type": "boolean"
+ },
+ "type": {
+ "type": "keyword"
+ }
+ }
+ },
+ "created": {
+ "type": "date"
+ },
+ "createdBy": {
+ "type": "text"
+ },
+ "dataProviders": {
+ "properties": {
+ "and": {
+ "properties": {
+ "enabled": {
+ "type": "boolean"
+ },
+ "excluded": {
+ "type": "boolean"
+ },
+ "id": {
+ "type": "keyword"
+ },
+ "kqlQuery": {
+ "type": "text"
+ },
+ "name": {
+ "type": "text"
+ },
+ "queryMatch": {
+ "properties": {
+ "displayField": {
+ "type": "text"
+ },
+ "displayValue": {
+ "type": "text"
+ },
+ "field": {
+ "type": "text"
+ },
+ "operator": {
+ "type": "text"
+ },
+ "value": {
+ "type": "text"
+ }
+ }
+ },
+ "type": {
+ "type": "text"
+ }
+ }
+ },
+ "enabled": {
+ "type": "boolean"
+ },
+ "excluded": {
+ "type": "boolean"
+ },
+ "id": {
+ "type": "keyword"
+ },
+ "kqlQuery": {
+ "type": "text"
+ },
+ "name": {
+ "type": "text"
+ },
+ "queryMatch": {
+ "properties": {
+ "displayField": {
+ "type": "text"
+ },
+ "displayValue": {
+ "type": "text"
+ },
+ "field": {
+ "type": "text"
+ },
+ "operator": {
+ "type": "text"
+ },
+ "value": {
+ "type": "text"
+ }
+ }
+ },
+ "type": {
+ "type": "text"
+ }
+ }
+ },
+ "dateRange": {
+ "properties": {
+ "end": {
+ "type": "date"
+ },
+ "start": {
+ "type": "date"
+ }
+ }
+ },
+ "description": {
+ "type": "text"
+ },
+ "eventType": {
+ "type": "keyword"
+ },
+ "excludedRowRendererIds": {
+ "type": "text"
+ },
+ "favorite": {
+ "properties": {
+ "favoriteDate": {
+ "type": "date"
+ },
+ "fullName": {
+ "type": "text"
+ },
+ "keySearch": {
+ "type": "text"
+ },
+ "userName": {
+ "type": "text"
+ }
+ }
+ },
+ "filters": {
+ "properties": {
+ "exists": {
+ "type": "text"
+ },
+ "match_all": {
+ "type": "text"
+ },
+ "meta": {
+ "properties": {
+ "alias": {
+ "type": "text"
+ },
+ "controlledBy": {
+ "type": "text"
+ },
+ "disabled": {
+ "type": "boolean"
+ },
+ "field": {
+ "type": "text"
+ },
+ "formattedValue": {
+ "type": "text"
+ },
+ "index": {
+ "type": "keyword"
+ },
+ "key": {
+ "type": "keyword"
+ },
+ "negate": {
+ "type": "boolean"
+ },
+ "params": {
+ "type": "text"
+ },
+ "type": {
+ "type": "keyword"
+ },
+ "value": {
+ "type": "text"
+ }
+ }
+ },
+ "missing": {
+ "type": "text"
+ },
+ "query": {
+ "type": "text"
+ },
+ "range": {
+ "type": "text"
+ },
+ "script": {
+ "type": "text"
+ }
+ }
+ },
+ "indexNames": {
+ "type": "text"
+ },
+ "kqlMode": {
+ "type": "keyword"
+ },
+ "kqlQuery": {
+ "properties": {
+ "filterQuery": {
+ "properties": {
+ "kuery": {
+ "properties": {
+ "expression": {
+ "type": "text"
+ },
+ "kind": {
+ "type": "keyword"
+ }
+ }
+ },
+ "serializedQuery": {
+ "type": "text"
+ }
+ }
+ }
+ }
+ },
+ "savedQueryId": {
+ "type": "keyword"
+ },
+ "sort": {
+ "properties": {
+ "columnId": {
+ "type": "keyword"
+ },
+ "sortDirection": {
+ "type": "keyword"
+ }
+ }
+ },
+ "status": {
+ "type": "keyword"
+ },
+ "templateTimelineId": {
+ "type": "text"
+ },
+ "templateTimelineVersion": {
+ "type": "integer"
+ },
+ "timelineType": {
+ "type": "keyword"
+ },
+ "title": {
+ "type": "text"
+ },
+ "updated": {
+ "type": "date"
+ },
+ "updatedBy": {
+ "type": "text"
+ }
+ }
+ },
+ "siem-ui-timeline-note": {
+ "properties": {
+ "created": {
+ "type": "date"
+ },
+ "createdBy": {
+ "type": "text"
+ },
+ "eventId": {
+ "type": "keyword"
+ },
+ "note": {
+ "type": "text"
+ },
+ "timelineId": {
+ "type": "keyword"
+ },
+ "updated": {
+ "type": "date"
+ },
+ "updatedBy": {
+ "type": "text"
+ }
+ }
+ },
+ "siem-ui-timeline-pinned-event": {
+ "properties": {
+ "created": {
+ "type": "date"
+ },
+ "createdBy": {
+ "type": "text"
+ },
+ "eventId": {
+ "type": "keyword"
+ },
+ "timelineId": {
+ "type": "keyword"
+ },
+ "updated": {
+ "type": "date"
+ },
+ "updatedBy": {
+ "type": "text"
+ }
+ }
+ },
+ "space": {
+ "properties": {
+ "_reserved": {
+ "type": "boolean"
+ },
+ "color": {
+ "type": "keyword"
+ },
+ "description": {
+ "type": "text"
+ },
+ "disabledFeatures": {
+ "type": "keyword"
+ },
+ "imageUrl": {
+ "index": false,
+ "type": "text"
+ },
+ "initials": {
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "keyword": {
+ "ignore_above": 2048,
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ }
+ }
+ },
+ "spaces-usage-stats": {
+ "dynamic": "false",
+ "type": "object"
+ },
+ "tag": {
+ "properties": {
+ "color": {
+ "type": "text"
+ },
+ "description": {
+ "type": "text"
+ },
+ "name": {
+ "type": "text"
+ }
+ }
+ },
+ "telemetry": {
+ "properties": {
+ "allowChangingOptInStatus": {
+ "type": "boolean"
+ },
+ "enabled": {
+ "type": "boolean"
+ },
+ "lastReported": {
+ "type": "date"
+ },
+ "lastVersionChecked": {
+ "type": "keyword"
+ },
+ "reportFailureCount": {
+ "type": "integer"
+ },
+ "reportFailureVersion": {
+ "type": "keyword"
+ },
+ "sendUsageFrom": {
+ "type": "keyword"
+ },
+ "userHasSeenNotice": {
+ "type": "boolean"
+ }
+ }
+ },
+ "timelion-sheet": {
+ "properties": {
+ "description": {
+ "type": "text"
+ },
+ "hits": {
+ "type": "integer"
+ },
+ "kibanaSavedObjectMeta": {
+ "properties": {
+ "searchSourceJSON": {
+ "type": "text"
+ }
+ }
+ },
+ "timelion_chart_height": {
+ "type": "integer"
+ },
+ "timelion_columns": {
+ "type": "integer"
+ },
+ "timelion_interval": {
+ "type": "keyword"
+ },
+ "timelion_other_interval": {
+ "type": "keyword"
+ },
+ "timelion_rows": {
+ "type": "integer"
+ },
+ "timelion_sheet": {
+ "type": "text"
+ },
+ "title": {
+ "type": "text"
+ },
+ "version": {
+ "type": "integer"
+ }
+ }
+ },
+ "tsvb-validation-telemetry": {
+ "properties": {
+ "failedRequests": {
+ "type": "long"
+ }
+ }
+ },
+ "type": {
+ "type": "keyword"
+ },
+ "ui-metric": {
+ "properties": {
+ "count": {
+ "type": "integer"
+ }
+ }
+ },
+ "updated_at": {
+ "type": "date"
+ },
+ "upgrade-assistant-reindex-operation": {
+ "properties": {
+ "errorMessage": {
+ "fields": {
+ "keyword": {
+ "ignore_above": 256,
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "indexName": {
+ "type": "keyword"
+ },
+ "lastCompletedStep": {
+ "type": "long"
+ },
+ "locked": {
+ "type": "date"
+ },
+ "newIndexName": {
+ "fields": {
+ "keyword": {
+ "ignore_above": 256,
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "reindexOptions": {
+ "properties": {
+ "openAndClose": {
+ "type": "boolean"
+ },
+ "queueSettings": {
+ "properties": {
+ "queuedAt": {
+ "type": "long"
+ },
+ "startedAt": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "reindexTaskId": {
+ "fields": {
+ "keyword": {
+ "ignore_above": 256,
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ },
+ "reindexTaskPercComplete": {
+ "type": "float"
+ },
+ "runningReindexCount": {
+ "type": "integer"
+ },
+ "status": {
+ "type": "integer"
+ }
+ }
+ },
+ "upgrade-assistant-telemetry": {
+ "properties": {
+ "features": {
+ "properties": {
+ "deprecation_logging": {
+ "properties": {
+ "enabled": {
+ "null_value": true,
+ "type": "boolean"
+ }
+ }
+ }
+ }
+ },
+ "ui_open": {
+ "properties": {
+ "cluster": {
+ "null_value": 0,
+ "type": "long"
+ },
+ "indices": {
+ "null_value": 0,
+ "type": "long"
+ },
+ "overview": {
+ "null_value": 0,
+ "type": "long"
+ }
+ }
+ },
+ "ui_reindex": {
+ "properties": {
+ "close": {
+ "null_value": 0,
+ "type": "long"
+ },
+ "open": {
+ "null_value": 0,
+ "type": "long"
+ },
+ "start": {
+ "null_value": 0,
+ "type": "long"
+ },
+ "stop": {
+ "null_value": 0,
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "uptime-dynamic-settings": {
+ "dynamic": "false",
+ "type": "object"
+ },
+ "url": {
+ "properties": {
+ "accessCount": {
+ "type": "long"
+ },
+ "accessDate": {
+ "type": "date"
+ },
+ "createDate": {
+ "type": "date"
+ },
+ "url": {
+ "fields": {
+ "keyword": {
+ "ignore_above": 2048,
+ "type": "keyword"
+ }
+ },
+ "type": "text"
+ }
+ }
+ },
+ "visualization": {
+ "properties": {
+ "description": {
+ "type": "text"
+ },
+ "kibanaSavedObjectMeta": {
+ "properties": {
+ "searchSourceJSON": {
+ "index": false,
+ "type": "text"
+ }
+ }
+ },
+ "savedSearchRefName": {
+ "doc_values": false,
+ "index": false,
+ "type": "keyword"
+ },
+ "title": {
+ "type": "text"
+ },
+ "uiStateJSON": {
+ "index": false,
+ "type": "text"
+ },
+ "version": {
+ "type": "integer"
+ },
+ "visState": {
+ "index": false,
+ "type": "text"
+ }
+ }
+ },
+ "workplace_search_telemetry": {
+ "dynamic": "false",
+ "type": "object"
+ }
+ }
+ },
+ "settings": {
+ "index": {
+ "auto_expand_replicas": "0-1",
+ "number_of_replicas": "1",
+ "number_of_shards": "1"
+ }
+ }
+ }
+}
+
+{
+ "type": "index",
+ "value": {
+ "aliases": {
+ ".ml-anomalies-.write-apm-environment_not_defined-5626-high_mean_transaction_duration": {
+ "is_hidden": true
+ },
+ ".ml-anomalies-.write-apm-production-1369-high_mean_transaction_duration": {
+ "is_hidden": true
+ },
+ ".ml-anomalies-.write-apm-production-d92e-high_mean_transaction_duration": {
+ "is_hidden": true
+ },
+ ".ml-anomalies-.write-apm-testing-384f-high_mean_transaction_duration": {
+ "is_hidden": true
+ },
+ ".ml-anomalies-.write-kibana-logs-ui-default-default-log-entry-rate": {
+ "is_hidden": true
+ },
+ ".ml-anomalies-.write-kibana-metrics-ui-default-default-hosts_memory_usage": {
+ "is_hidden": true
+ },
+ ".ml-anomalies-.write-kibana-metrics-ui-default-default-hosts_network_in": {
+ "is_hidden": true
+ },
+ ".ml-anomalies-.write-kibana-metrics-ui-default-default-hosts_network_out": {
+ "is_hidden": true
+ },
+ ".ml-anomalies-.write-kibana-metrics-ui-kate-demo-default-hosts_memory_usage": {
+ "is_hidden": true
+ },
+ ".ml-anomalies-.write-kibana-metrics-ui-kate-demo-default-hosts_network_in": {
+ "is_hidden": true
+ },
+ ".ml-anomalies-.write-kibana-metrics-ui-kate-demo-default-hosts_network_out": {
+ "is_hidden": true
+ },
+ ".ml-anomalies-apm-environment_not_defined-5626-high_mean_transaction_duration": {
+ "filter": {
+ "term": {
+ "job_id": {
+ "boost": 1,
+ "value": "apm-environment_not_defined-5626-high_mean_transaction_duration"
+ }
+ }
+ },
+ "is_hidden": true
+ },
+ ".ml-anomalies-apm-production-1369-high_mean_transaction_duration": {
+ "filter": {
+ "term": {
+ "job_id": {
+ "boost": 1,
+ "value": "apm-production-1369-high_mean_transaction_duration"
+ }
+ }
+ },
+ "is_hidden": true
+ },
+ ".ml-anomalies-apm-production-d92e-high_mean_transaction_duration": {
+ "filter": {
+ "term": {
+ "job_id": {
+ "boost": 1,
+ "value": "apm-production-d92e-high_mean_transaction_duration"
+ }
+ }
+ },
+ "is_hidden": true
+ },
+ ".ml-anomalies-apm-testing-384f-high_mean_transaction_duration": {
+ "filter": {
+ "term": {
+ "job_id": {
+ "boost": 1,
+ "value": "apm-testing-384f-high_mean_transaction_duration"
+ }
+ }
+ },
+ "is_hidden": true
+ },
+ ".ml-anomalies-kibana-logs-ui-default-default-log-entry-rate": {
+ "filter": {
+ "term": {
+ "job_id": {
+ "boost": 1,
+ "value": "kibana-logs-ui-default-default-log-entry-rate"
+ }
+ }
+ },
+ "is_hidden": true
+ },
+ ".ml-anomalies-kibana-metrics-ui-default-default-hosts_memory_usage": {
+ "filter": {
+ "term": {
+ "job_id": {
+ "boost": 1,
+ "value": "kibana-metrics-ui-default-default-hosts_memory_usage"
+ }
+ }
+ },
+ "is_hidden": true
+ },
+ ".ml-anomalies-kibana-metrics-ui-default-default-hosts_network_in": {
+ "filter": {
+ "term": {
+ "job_id": {
+ "boost": 1,
+ "value": "kibana-metrics-ui-default-default-hosts_network_in"
+ }
+ }
+ },
+ "is_hidden": true
+ },
+ ".ml-anomalies-kibana-metrics-ui-default-default-hosts_network_out": {
+ "filter": {
+ "term": {
+ "job_id": {
+ "boost": 1,
+ "value": "kibana-metrics-ui-default-default-hosts_network_out"
+ }
+ }
+ },
+ "is_hidden": true
+ },
+ ".ml-anomalies-kibana-metrics-ui-kate-demo-default-hosts_memory_usage": {
+ "filter": {
+ "term": {
+ "job_id": {
+ "boost": 1,
+ "value": "kibana-metrics-ui-kate-demo-default-hosts_memory_usage"
+ }
+ }
+ },
+ "is_hidden": true
+ },
+ ".ml-anomalies-kibana-metrics-ui-kate-demo-default-hosts_network_in": {
+ "filter": {
+ "term": {
+ "job_id": {
+ "boost": 1,
+ "value": "kibana-metrics-ui-kate-demo-default-hosts_network_in"
+ }
+ }
+ },
+ "is_hidden": true
+ },
+ ".ml-anomalies-kibana-metrics-ui-kate-demo-default-hosts_network_out": {
+ "filter": {
+ "term": {
+ "job_id": {
+ "boost": 1,
+ "value": "kibana-metrics-ui-kate-demo-default-hosts_network_out"
+ }
+ }
+ },
+ "is_hidden": true
+ }
+ },
+ "index": ".ml-anomalies-shared",
+ "mappings": {
+ "_meta": {
+ "version": "8.0.0"
+ },
+ "dynamic_templates": [
+ {
+ "strings_as_keywords": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match": "*"
+ }
+ }
+ ],
+ "properties": {
+ "actual": {
+ "type": "double"
+ },
+ "all_field_values": {
+ "analyzer": "whitespace",
+ "type": "text"
+ },
+ "anomaly_score": {
+ "type": "double"
+ },
+ "average_bucket_processing_time_ms": {
+ "type": "double"
+ },
+ "bucket_allocation_failures_count": {
+ "type": "long"
+ },
+ "bucket_count": {
+ "type": "long"
+ },
+ "bucket_influencers": {
+ "properties": {
+ "anomaly_score": {
+ "type": "double"
+ },
+ "bucket_span": {
+ "type": "long"
+ },
+ "influencer_field_name": {
+ "type": "keyword"
+ },
+ "initial_anomaly_score": {
+ "type": "double"
+ },
+ "is_interim": {
+ "type": "boolean"
+ },
+ "job_id": {
+ "type": "keyword"
+ },
+ "probability": {
+ "type": "double"
+ },
+ "raw_anomaly_score": {
+ "type": "double"
+ },
+ "result_type": {
+ "type": "keyword"
+ },
+ "timestamp": {
+ "type": "date"
+ }
+ },
+ "type": "nested"
+ },
+ "bucket_span": {
+ "type": "long"
+ },
+ "by_field_name": {
+ "type": "keyword"
+ },
+ "by_field_value": {
+ "copy_to": [
+ "all_field_values"
+ ],
+ "type": "keyword"
+ },
+ "categorization_status": {
+ "type": "keyword"
+ },
+ "categorized_doc_count": {
+ "type": "keyword"
+ },
+ "category_id": {
+ "type": "long"
+ },
+ "causes": {
+ "properties": {
+ "actual": {
+ "type": "double"
+ },
+ "by_field_name": {
+ "type": "keyword"
+ },
+ "by_field_value": {
+ "copy_to": [
+ "all_field_values"
+ ],
+ "type": "keyword"
+ },
+ "correlated_by_field_value": {
+ "copy_to": [
+ "all_field_values"
+ ],
+ "type": "keyword"
+ },
+ "field_name": {
+ "type": "keyword"
+ },
+ "function": {
+ "type": "keyword"
+ },
+ "function_description": {
+ "type": "keyword"
+ },
+ "geo_results": {
+ "properties": {
+ "actual_point": {
+ "type": "geo_point"
+ },
+ "typical_point": {
+ "type": "geo_point"
+ }
+ }
+ },
+ "over_field_name": {
+ "type": "keyword"
+ },
+ "over_field_value": {
+ "copy_to": [
+ "all_field_values"
+ ],
+ "type": "keyword"
+ },
+ "partition_field_name": {
+ "type": "keyword"
+ },
+ "partition_field_value": {
+ "copy_to": [
+ "all_field_values"
+ ],
+ "type": "keyword"
+ },
+ "probability": {
+ "type": "double"
+ },
+ "typical": {
+ "type": "double"
+ }
+ },
+ "type": "nested"
+ },
+ "dead_category_count": {
+ "type": "keyword"
+ },
+ "description": {
+ "type": "text"
+ },
+ "detector_index": {
+ "type": "integer"
+ },
+ "earliest_record_timestamp": {
+ "type": "date"
+ },
+ "empty_bucket_count": {
+ "type": "long"
+ },
+ "event": {
+ "properties": {
+ "dataset": {
+ "type": "keyword"
+ }
+ }
+ },
+ "event_count": {
+ "type": "long"
+ },
+ "examples": {
+ "type": "text"
+ },
+ "exponential_average_bucket_processing_time_ms": {
+ "type": "double"
+ },
+ "exponential_average_calculation_context": {
+ "properties": {
+ "incremental_metric_value_ms": {
+ "type": "double"
+ },
+ "latest_timestamp": {
+ "type": "date"
+ },
+ "previous_exponential_average_ms": {
+ "type": "double"
+ }
+ }
+ },
+ "failed_category_count": {
+ "type": "keyword"
+ },
+ "field_name": {
+ "type": "keyword"
+ },
+ "forecast_create_timestamp": {
+ "type": "date"
+ },
+ "forecast_end_timestamp": {
+ "type": "date"
+ },
+ "forecast_expiry_timestamp": {
+ "type": "date"
+ },
+ "forecast_id": {
+ "type": "keyword"
+ },
+ "forecast_lower": {
+ "type": "double"
+ },
+ "forecast_memory_bytes": {
+ "type": "long"
+ },
+ "forecast_messages": {
+ "type": "keyword"
+ },
+ "forecast_prediction": {
+ "type": "double"
+ },
+ "forecast_progress": {
+ "type": "double"
+ },
+ "forecast_start_timestamp": {
+ "type": "date"
+ },
+ "forecast_status": {
+ "type": "keyword"
+ },
+ "forecast_upper": {
+ "type": "double"
+ },
+ "frequent_category_count": {
+ "type": "keyword"
+ },
+ "function": {
+ "type": "keyword"
+ },
+ "function_description": {
+ "type": "keyword"
+ },
+ "geo_results": {
+ "properties": {
+ "actual_point": {
+ "type": "geo_point"
+ },
+ "typical_point": {
+ "type": "geo_point"
+ }
+ }
+ },
+ "host": {
+ "properties": {
+ "name": {
+ "type": "keyword"
+ }
+ }
+ },
+ "influencer_field_name": {
+ "type": "keyword"
+ },
+ "influencer_field_value": {
+ "copy_to": [
+ "all_field_values"
+ ],
+ "type": "keyword"
+ },
+ "influencer_score": {
+ "type": "double"
+ },
+ "influencers": {
+ "properties": {
+ "influencer_field_name": {
+ "type": "keyword"
+ },
+ "influencer_field_values": {
+ "copy_to": [
+ "all_field_values"
+ ],
+ "type": "keyword"
+ }
+ },
+ "type": "nested"
+ },
+ "initial_anomaly_score": {
+ "type": "double"
+ },
+ "initial_influencer_score": {
+ "type": "double"
+ },
+ "initial_record_score": {
+ "type": "double"
+ },
+ "input_bytes": {
+ "type": "long"
+ },
+ "input_field_count": {
+ "type": "long"
+ },
+ "input_record_count": {
+ "type": "long"
+ },
+ "invalid_date_count": {
+ "type": "long"
+ },
+ "is_interim": {
+ "type": "boolean"
+ },
+ "job_id": {
+ "copy_to": [
+ "all_field_values"
+ ],
+ "type": "keyword"
+ },
+ "last_data_time": {
+ "type": "date"
+ },
+ "latest_empty_bucket_timestamp": {
+ "type": "date"
+ },
+ "latest_record_time_stamp": {
+ "type": "date"
+ },
+ "latest_record_timestamp": {
+ "type": "date"
+ },
+ "latest_result_time_stamp": {
+ "type": "date"
+ },
+ "latest_sparse_bucket_timestamp": {
+ "type": "date"
+ },
+ "log_time": {
+ "type": "date"
+ },
+ "max_matching_length": {
+ "type": "long"
+ },
+ "maximum_bucket_processing_time_ms": {
+ "type": "double"
+ },
+ "memory_status": {
+ "type": "keyword"
+ },
+ "min_version": {
+ "type": "keyword"
+ },
+ "minimum_bucket_processing_time_ms": {
+ "type": "double"
+ },
+ "missing_field_count": {
+ "type": "long"
+ },
+ "mlcategory": {
+ "type": "keyword"
+ },
+ "model_bytes": {
+ "type": "long"
+ },
+ "model_bytes_exceeded": {
+ "type": "keyword"
+ },
+ "model_bytes_memory_limit": {
+ "type": "keyword"
+ },
+ "model_feature": {
+ "type": "keyword"
+ },
+ "model_lower": {
+ "type": "double"
+ },
+ "model_median": {
+ "type": "double"
+ },
+ "model_size_stats": {
+ "properties": {
+ "bucket_allocation_failures_count": {
+ "type": "long"
+ },
+ "categorization_status": {
+ "type": "keyword"
+ },
+ "categorized_doc_count": {
+ "type": "keyword"
+ },
+ "dead_category_count": {
+ "type": "keyword"
+ },
+ "failed_category_count": {
+ "type": "keyword"
+ },
+ "frequent_category_count": {
+ "type": "keyword"
+ },
+ "job_id": {
+ "type": "keyword"
+ },
+ "log_time": {
+ "type": "date"
+ },
+ "memory_status": {
+ "type": "keyword"
+ },
+ "model_bytes": {
+ "type": "long"
+ },
+ "model_bytes_exceeded": {
+ "type": "keyword"
+ },
+ "model_bytes_memory_limit": {
+ "type": "keyword"
+ },
+ "peak_model_bytes": {
+ "type": "long"
+ },
+ "rare_category_count": {
+ "type": "keyword"
+ },
+ "result_type": {
+ "type": "keyword"
+ },
+ "timestamp": {
+ "type": "date"
+ },
+ "total_by_field_count": {
+ "type": "long"
+ },
+ "total_category_count": {
+ "type": "keyword"
+ },
+ "total_over_field_count": {
+ "type": "long"
+ },
+ "total_partition_field_count": {
+ "type": "long"
+ }
+ }
+ },
+ "model_upper": {
+ "type": "double"
+ },
+ "multi_bucket_impact": {
+ "type": "double"
+ },
+ "num_matches": {
+ "type": "long"
+ },
+ "out_of_order_timestamp_count": {
+ "type": "long"
+ },
+ "over_field_name": {
+ "type": "keyword"
+ },
+ "over_field_value": {
+ "copy_to": [
+ "all_field_values"
+ ],
+ "type": "keyword"
+ },
+ "partition_field_name": {
+ "type": "keyword"
+ },
+ "partition_field_value": {
+ "copy_to": [
+ "all_field_values"
+ ],
+ "type": "keyword"
+ },
+ "peak_model_bytes": {
+ "type": "keyword"
+ },
+ "preferred_to_categories": {
+ "type": "long"
+ },
+ "probability": {
+ "type": "double"
+ },
+ "processed_field_count": {
+ "type": "long"
+ },
+ "processed_record_count": {
+ "type": "long"
+ },
+ "processing_time_ms": {
+ "type": "long"
+ },
+ "quantiles": {
+ "enabled": false,
+ "type": "object"
+ },
+ "rare_category_count": {
+ "type": "keyword"
+ },
+ "raw_anomaly_score": {
+ "type": "double"
+ },
+ "record_score": {
+ "type": "double"
+ },
+ "regex": {
+ "type": "keyword"
+ },
+ "result_type": {
+ "type": "keyword"
+ },
+ "retain": {
+ "type": "boolean"
+ },
+ "scheduled_events": {
+ "type": "keyword"
+ },
+ "search_count": {
+ "type": "long"
+ },
+ "service": {
+ "properties": {
+ "name": {
+ "type": "keyword"
+ }
+ }
+ },
+ "snapshot_doc_count": {
+ "type": "integer"
+ },
+ "snapshot_id": {
+ "type": "keyword"
+ },
+ "sparse_bucket_count": {
+ "type": "long"
+ },
+ "terms": {
+ "type": "text"
+ },
+ "timestamp": {
+ "type": "date"
+ },
+ "total_by_field_count": {
+ "type": "long"
+ },
+ "total_category_count": {
+ "type": "keyword"
+ },
+ "total_over_field_count": {
+ "type": "long"
+ },
+ "total_partition_field_count": {
+ "type": "long"
+ },
+ "total_search_time_ms": {
+ "type": "double"
+ },
+ "transaction": {
+ "properties": {
+ "type": {
+ "type": "keyword"
+ }
+ }
+ },
+ "typical": {
+ "type": "double"
+ }
+ }
+ },
+ "settings": {
+ "index": {
+ "auto_expand_replicas": "0-1",
+ "hidden": "true",
+ "number_of_replicas": "1",
+ "number_of_shards": "1",
+ "translog": {
+ "durability": "async"
+ }
+ }
+ }
+ }
+}
+
+{
+ "type": "index",
+ "value": {
+ "aliases": {
+ },
+ "index": ".ml-config",
+ "mappings": {
+ "_meta": {
+ "version": "8.0.0"
+ },
+ "dynamic_templates": [
+ {
+ "strings_as_keywords": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match": "*"
+ }
+ }
+ ],
+ "properties": {
+ "aggregations": {
+ "enabled": false,
+ "type": "object"
+ },
+ "allow_lazy_open": {
+ "type": "keyword"
+ },
+ "analysis": {
+ "properties": {
+ "classification": {
+ "properties": {
+ "class_assignment_objective": {
+ "type": "keyword"
+ },
+ "dependent_variable": {
+ "type": "keyword"
+ },
+ "eta": {
+ "type": "double"
+ },
+ "feature_bag_fraction": {
+ "type": "double"
+ },
+ "feature_processors": {
+ "enabled": false,
+ "type": "object"
+ },
+ "gamma": {
+ "type": "double"
+ },
+ "lambda": {
+ "type": "double"
+ },
+ "max_trees": {
+ "type": "integer"
+ },
+ "num_top_classes": {
+ "type": "integer"
+ },
+ "num_top_feature_importance_values": {
+ "type": "integer"
+ },
+ "prediction_field_name": {
+ "type": "keyword"
+ },
+ "training_percent": {
+ "type": "double"
+ }
+ }
+ },
+ "outlier_detection": {
+ "properties": {
+ "feature_influence_threshold": {
+ "type": "double"
+ },
+ "method": {
+ "type": "keyword"
+ },
+ "n_neighbors": {
+ "type": "integer"
+ }
+ }
+ },
+ "regression": {
+ "properties": {
+ "dependent_variable": {
+ "type": "keyword"
+ },
+ "eta": {
+ "type": "double"
+ },
+ "feature_bag_fraction": {
+ "type": "double"
+ },
+ "feature_processors": {
+ "enabled": false,
+ "type": "object"
+ },
+ "gamma": {
+ "type": "double"
+ },
+ "lambda": {
+ "type": "double"
+ },
+ "loss_function": {
+ "type": "keyword"
+ },
+ "loss_function_parameter": {
+ "type": "double"
+ },
+ "max_trees": {
+ "type": "integer"
+ },
+ "num_top_feature_importance_values": {
+ "type": "integer"
+ },
+ "prediction_field_name": {
+ "type": "keyword"
+ },
+ "training_percent": {
+ "type": "double"
+ }
+ }
+ }
+ }
+ },
+ "analysis_config": {
+ "properties": {
+ "bucket_span": {
+ "type": "keyword"
+ },
+ "categorization_analyzer": {
+ "enabled": false,
+ "type": "object"
+ },
+ "categorization_field_name": {
+ "type": "keyword"
+ },
+ "categorization_filters": {
+ "type": "keyword"
+ },
+ "detectors": {
+ "properties": {
+ "by_field_name": {
+ "type": "keyword"
+ },
+ "custom_rules": {
+ "properties": {
+ "actions": {
+ "type": "keyword"
+ },
+ "conditions": {
+ "properties": {
+ "applies_to": {
+ "type": "keyword"
+ },
+ "operator": {
+ "type": "keyword"
+ },
+ "value": {
+ "type": "double"
+ }
+ },
+ "type": "nested"
+ },
+ "scope": {
+ "enabled": false,
+ "type": "object"
+ }
+ },
+ "type": "nested"
+ },
+ "detector_description": {
+ "type": "text"
+ },
+ "detector_index": {
+ "type": "integer"
+ },
+ "exclude_frequent": {
+ "type": "keyword"
+ },
+ "field_name": {
+ "type": "keyword"
+ },
+ "function": {
+ "type": "keyword"
+ },
+ "over_field_name": {
+ "type": "keyword"
+ },
+ "partition_field_name": {
+ "type": "keyword"
+ },
+ "use_null": {
+ "type": "boolean"
+ }
+ }
+ },
+ "influencers": {
+ "type": "keyword"
+ },
+ "latency": {
+ "type": "keyword"
+ },
+ "multivariate_by_fields": {
+ "type": "boolean"
+ },
+ "per_partition_categorization": {
+ "properties": {
+ "enabled": {
+ "type": "boolean"
+ },
+ "stop_on_warn": {
+ "type": "boolean"
+ }
+ }
+ },
+ "summary_count_field_name": {
+ "type": "keyword"
+ }
+ }
+ },
+ "analysis_limits": {
+ "properties": {
+ "categorization_examples_limit": {
+ "type": "long"
+ },
+ "model_memory_limit": {
+ "type": "keyword"
+ }
+ }
+ },
+ "analyzed_fields": {
+ "enabled": false,
+ "type": "object"
+ },
+ "background_persist_interval": {
+ "type": "keyword"
+ },
+ "chunking_config": {
+ "properties": {
+ "mode": {
+ "type": "keyword"
+ },
+ "time_span": {
+ "type": "keyword"
+ }
+ }
+ },
+ "config_type": {
+ "type": "keyword"
+ },
+ "create_time": {
+ "type": "date"
+ },
+ "custom_settings": {
+ "enabled": false,
+ "type": "object"
+ },
+ "daily_model_snapshot_retention_after_days": {
+ "type": "long"
+ },
+ "data_description": {
+ "properties": {
+ "field_delimiter": {
+ "type": "keyword"
+ },
+ "format": {
+ "type": "keyword"
+ },
+ "quote_character": {
+ "type": "keyword"
+ },
+ "time_field": {
+ "type": "keyword"
+ },
+ "time_format": {
+ "type": "keyword"
+ }
+ }
+ },
+ "datafeed_id": {
+ "type": "keyword"
+ },
+ "delayed_data_check_config": {
+ "properties": {
+ "check_window": {
+ "type": "keyword"
+ },
+ "enabled": {
+ "type": "boolean"
+ }
+ }
+ },
+ "deleting": {
+ "type": "keyword"
+ },
+ "description": {
+ "type": "text"
+ },
+ "dest": {
+ "properties": {
+ "index": {
+ "type": "keyword"
+ },
+ "results_field": {
+ "type": "keyword"
+ }
+ }
+ },
+ "finished_time": {
+ "type": "date"
+ },
+ "frequency": {
+ "type": "keyword"
+ },
+ "groups": {
+ "type": "keyword"
+ },
+ "headers": {
+ "enabled": false,
+ "type": "object"
+ },
+ "id": {
+ "type": "keyword"
+ },
+ "indices": {
+ "type": "keyword"
+ },
+ "indices_options": {
+ "enabled": false,
+ "type": "object"
+ },
+ "job_id": {
+ "type": "keyword"
+ },
+ "job_type": {
+ "type": "keyword"
+ },
+ "job_version": {
+ "type": "keyword"
+ },
+ "max_num_threads": {
+ "type": "integer"
+ },
+ "model_memory_limit": {
+ "type": "keyword"
+ },
+ "model_plot_config": {
+ "properties": {
+ "annotations_enabled": {
+ "type": "boolean"
+ },
+ "enabled": {
+ "type": "boolean"
+ },
+ "terms": {
+ "type": "keyword"
+ }
+ }
+ },
+ "model_snapshot_id": {
+ "type": "keyword"
+ },
+ "model_snapshot_min_version": {
+ "type": "keyword"
+ },
+ "model_snapshot_retention_days": {
+ "type": "long"
+ },
+ "query": {
+ "enabled": false,
+ "type": "object"
+ },
+ "query_delay": {
+ "type": "keyword"
+ },
+ "renormalization_window_days": {
+ "type": "long"
+ },
+ "results_index_name": {
+ "type": "keyword"
+ },
+ "results_retention_days": {
+ "type": "long"
+ },
+ "script_fields": {
+ "enabled": false,
+ "type": "object"
+ },
+ "scroll_size": {
+ "type": "long"
+ },
+ "source": {
+ "properties": {
+ "_source": {
+ "enabled": false,
+ "type": "object"
+ },
+ "index": {
+ "type": "keyword"
+ },
+ "query": {
+ "enabled": false,
+ "type": "object"
+ }
+ }
+ },
+ "version": {
+ "type": "keyword"
+ }
+ }
+ },
+ "settings": {
+ "index": {
+ "auto_expand_replicas": "0-1",
+ "max_result_window": "10000",
+ "number_of_replicas": "1",
+ "number_of_shards": "1"
+ }
+ }
+ }
+}
+
+{
+ "type": "index",
+ "value": {
+ "aliases": {
+ "apm-8.0.0-error": {
+ "is_write_index": true
+ }
+ },
+ "index": "apm-8.0.0-error-2020.12.03-000001",
+ "mappings": {
+ "_meta": {
+ "beat": "apm",
+ "version": "8.0.0"
+ },
+ "date_detection": false,
+ "dynamic_templates": [
+ {
+ "labels": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "container.labels": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "container.labels.*"
+ }
+ },
+ {
+ "fields": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "fields.*"
+ }
+ },
+ {
+ "docker.container.labels": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "docker.container.labels.*"
+ }
+ },
+ {
+ "kubernetes.labels.*": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "path_match": "kubernetes.labels.*"
+ }
+ },
+ {
+ "kubernetes.annotations.*": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "path_match": "kubernetes.annotations.*"
+ }
+ },
+ {
+ "labels_string": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_boolean": {
+ "mapping": {
+ "type": "boolean"
+ },
+ "match_mapping_type": "boolean",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_string": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_boolean": {
+ "mapping": {
+ "type": "boolean"
+ },
+ "match_mapping_type": "boolean",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_string": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_boolean": {
+ "mapping": {
+ "type": "boolean"
+ },
+ "match_mapping_type": "boolean",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_string": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_boolean": {
+ "mapping": {
+ "type": "boolean"
+ },
+ "match_mapping_type": "boolean",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_string": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_boolean": {
+ "mapping": {
+ "type": "boolean"
+ },
+ "match_mapping_type": "boolean",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "transaction.marks": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "transaction.marks.*"
+ }
+ },
+ {
+ "transaction.marks.*.*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "transaction.marks.*.*"
+ }
+ },
+ {
+ "strings_as_keyword": {
+ "mapping": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "match_mapping_type": "string"
+ }
+ }
+ ],
+ "properties": {
+ "@timestamp": {
+ "type": "date"
+ },
+ "agent": {
+ "dynamic": "false",
+ "properties": {
+ "build": {
+ "properties": {
+ "original": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ephemeral_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hostname": {
+ "path": "agent.name",
+ "type": "alias"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "child": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "client": {
+ "dynamic": "false",
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "roles": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "cloud": {
+ "properties": {
+ "account": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "availability_zone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "image": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "instance": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "machine": {
+ "dynamic": "false",
+ "properties": {
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "project": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "provider": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "container": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "image": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "tag": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "labels": {
+ "type": "object"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "runtime": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "destination": {
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "roles": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "dll": {
+ "properties": {
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "pe": {
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "imphash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "dns": {
+ "properties": {
+ "answers": {
+ "properties": {
+ "class": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "data": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ttl": {
+ "type": "long"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "header_flags": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "op_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "question": {
+ "properties": {
+ "class": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subdomain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "resolved_ip": {
+ "type": "ip"
+ },
+ "response_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "docker": {
+ "properties": {
+ "container": {
+ "properties": {
+ "labels": {
+ "type": "object"
+ }
+ }
+ }
+ }
+ },
+ "ecs": {
+ "properties": {
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "error": {
+ "dynamic": "false",
+ "properties": {
+ "code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "culprit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "exception": {
+ "properties": {
+ "code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "handled": {
+ "type": "boolean"
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "module": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "grouping_key": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "log": {
+ "properties": {
+ "level": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "logger_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "param_message": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "stack_trace": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "index": false,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "event": {
+ "properties": {
+ "action": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "category": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "created": {
+ "type": "date"
+ },
+ "dataset": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "duration": {
+ "type": "long"
+ },
+ "end": {
+ "type": "date"
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ingested": {
+ "type": "date"
+ },
+ "kind": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "module": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original": {
+ "ignore_above": 1024,
+ "index": false,
+ "type": "keyword"
+ },
+ "outcome": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "provider": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reason": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "risk_score": {
+ "type": "float"
+ },
+ "risk_score_norm": {
+ "type": "float"
+ },
+ "sequence": {
+ "type": "long"
+ },
+ "severity": {
+ "type": "long"
+ },
+ "start": {
+ "type": "date"
+ },
+ "timezone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "url": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "experimental": {
+ "dynamic": "true",
+ "type": "object"
+ },
+ "fields": {
+ "type": "object"
+ },
+ "file": {
+ "properties": {
+ "accessed": {
+ "type": "date"
+ },
+ "attributes": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "created": {
+ "type": "date"
+ },
+ "ctime": {
+ "type": "date"
+ },
+ "device": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "directory": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "drive_letter": {
+ "ignore_above": 1,
+ "type": "keyword"
+ },
+ "extension": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "gid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "inode": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mime_type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mode": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mtime": {
+ "type": "date"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "owner": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "pe": {
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "imphash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "size": {
+ "type": "long"
+ },
+ "target_path": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "x509": {
+ "properties": {
+ "alternative_names": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "issuer": {
+ "properties": {
+ "common_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "distinguished_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "locality": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organization": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organizational_unit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "state_or_province": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "public_key_algorithm": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "public_key_curve": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "public_key_exponent": {
+ "index": false,
+ "type": "long"
+ },
+ "public_key_size": {
+ "type": "long"
+ },
+ "serial_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "signature_algorithm": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject": {
+ "properties": {
+ "common_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "distinguished_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "locality": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organization": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organizational_unit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "state_or_province": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "version_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "host": {
+ "dynamic": "false",
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "containerized": {
+ "type": "boolean"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hostname": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "os": {
+ "properties": {
+ "build": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "codename": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uptime": {
+ "type": "long"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "roles": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "http": {
+ "dynamic": "false",
+ "properties": {
+ "request": {
+ "properties": {
+ "body": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ },
+ "content": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "headers": {
+ "enabled": false,
+ "type": "object"
+ },
+ "method": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "referrer": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "response": {
+ "properties": {
+ "body": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ },
+ "content": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "finished": {
+ "type": "boolean"
+ },
+ "headers": {
+ "enabled": false,
+ "type": "object"
+ },
+ "status_code": {
+ "type": "long"
+ }
+ }
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "interface": {
+ "properties": {
+ "alias": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "kubernetes": {
+ "dynamic": "false",
+ "properties": {
+ "annotations": {
+ "properties": {
+ "*": {
+ "type": "object"
+ }
+ }
+ },
+ "container": {
+ "properties": {
+ "image": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "deployment": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "labels": {
+ "properties": {
+ "*": {
+ "type": "object"
+ }
+ }
+ },
+ "namespace": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "node": {
+ "properties": {
+ "hostname": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pod": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "replicaset": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "statefulset": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "labels": {
+ "dynamic": "true",
+ "properties": {
+ "city": {
+ "type": "keyword"
+ },
+ "company": {
+ "type": "keyword"
+ },
+ "country_code": {
+ "type": "keyword"
+ },
+ "customer_tier": {
+ "type": "keyword"
+ },
+ "git_rev": {
+ "type": "keyword"
+ },
+ "in_eu": {
+ "type": "boolean"
+ },
+ "ip": {
+ "type": "keyword"
+ },
+ "lang": {
+ "type": "keyword"
+ },
+ "request_id": {
+ "type": "keyword"
+ },
+ "u": {
+ "type": "keyword"
+ }
+ }
+ },
+ "log": {
+ "properties": {
+ "file": {
+ "properties": {
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "level": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "logger": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "origin": {
+ "properties": {
+ "file": {
+ "properties": {
+ "line": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "function": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "original": {
+ "ignore_above": 1024,
+ "index": false,
+ "type": "keyword"
+ },
+ "syslog": {
+ "properties": {
+ "facility": {
+ "properties": {
+ "code": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "priority": {
+ "type": "long"
+ },
+ "severity": {
+ "properties": {
+ "code": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "metricset": {
+ "properties": {
+ "period": {
+ "type": "long"
+ }
+ }
+ },
+ "network": {
+ "properties": {
+ "application": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "community_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "direction": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "forwarded_ip": {
+ "type": "ip"
+ },
+ "iana_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "inner": {
+ "properties": {
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "packets": {
+ "type": "long"
+ },
+ "protocol": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "transport": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "observer": {
+ "dynamic": "false",
+ "properties": {
+ "egress": {
+ "properties": {
+ "interface": {
+ "properties": {
+ "alias": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "zone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hostname": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ingress": {
+ "properties": {
+ "interface": {
+ "properties": {
+ "alias": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "zone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "listening": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "os": {
+ "properties": {
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "serial_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "vendor": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version_major": {
+ "type": "byte"
+ }
+ }
+ },
+ "organization": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "os": {
+ "properties": {
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "package": {
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "build_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "checksum": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "install_scope": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "installed": {
+ "type": "date"
+ },
+ "license": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "size": {
+ "type": "long"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "parent": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pe": {
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "imphash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "process": {
+ "dynamic": "false",
+ "properties": {
+ "args": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "args_count": {
+ "type": "long"
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "command_line": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "entity_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "executable": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "exit_code": {
+ "type": "long"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "parent": {
+ "properties": {
+ "args": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "args_count": {
+ "type": "long"
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "command_line": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "entity_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "executable": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "exit_code": {
+ "type": "long"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "pe": {
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "imphash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pgid": {
+ "type": "long"
+ },
+ "pid": {
+ "type": "long"
+ },
+ "ppid": {
+ "type": "long"
+ },
+ "start": {
+ "type": "date"
+ },
+ "thread": {
+ "properties": {
+ "id": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "title": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uptime": {
+ "type": "long"
+ },
+ "working_directory": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pe": {
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "imphash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pgid": {
+ "type": "long"
+ },
+ "pid": {
+ "type": "long"
+ },
+ "ppid": {
+ "type": "long"
+ },
+ "start": {
+ "type": "date"
+ },
+ "thread": {
+ "properties": {
+ "id": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "title": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uptime": {
+ "type": "long"
+ },
+ "working_directory": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "processor": {
+ "properties": {
+ "event": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "profile": {
+ "dynamic": "false",
+ "properties": {
+ "alloc_objects": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "alloc_space": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "cpu": {
+ "properties": {
+ "ns": {
+ "type": "long"
+ }
+ }
+ },
+ "duration": {
+ "type": "long"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "inuse_objects": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "inuse_space": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "samples": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "stack": {
+ "dynamic": "false",
+ "properties": {
+ "filename": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "function": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "line": {
+ "type": "long"
+ }
+ }
+ },
+ "top": {
+ "dynamic": "false",
+ "properties": {
+ "filename": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "function": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "line": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "registry": {
+ "properties": {
+ "data": {
+ "properties": {
+ "bytes": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "strings": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hive": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "key": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "value": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "related": {
+ "properties": {
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hosts": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "user": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "rule": {
+ "properties": {
+ "author": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "category": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "license": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ruleset": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uuid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "server": {
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "roles": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "service": {
+ "dynamic": "false",
+ "properties": {
+ "environment": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ephemeral_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "framework": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "language": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "node": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "runtime": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "state": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "source": {
+ "dynamic": "false",
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "roles": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "sourcemap": {
+ "dynamic": "false",
+ "properties": {
+ "bundle_filepath": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "service": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "span": {
+ "dynamic": "false",
+ "properties": {
+ "action": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "db": {
+ "dynamic": "false",
+ "properties": {
+ "link": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "rows_affected": {
+ "type": "long"
+ }
+ }
+ },
+ "destination": {
+ "dynamic": "false",
+ "properties": {
+ "service": {
+ "dynamic": "false",
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "resource": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "response_time": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "sum": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "duration": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "message": {
+ "dynamic": "false",
+ "properties": {
+ "age": {
+ "properties": {
+ "ms": {
+ "type": "long"
+ }
+ }
+ },
+ "queue": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "self_time": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "sum": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "start": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "subtype": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sync": {
+ "type": "boolean"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "system": {
+ "properties": {
+ "cpu": {
+ "properties": {
+ "total": {
+ "properties": {
+ "norm": {
+ "properties": {
+ "pct": {
+ "scaling_factor": 1000,
+ "type": "scaled_float"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "memory": {
+ "properties": {
+ "actual": {
+ "properties": {
+ "free": {
+ "type": "long"
+ }
+ }
+ },
+ "total": {
+ "type": "long"
+ }
+ }
+ },
+ "process": {
+ "properties": {
+ "cgroup": {
+ "properties": {
+ "memory": {
+ "properties": {
+ "mem": {
+ "properties": {
+ "limit": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "usage": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "cpu": {
+ "properties": {
+ "total": {
+ "properties": {
+ "norm": {
+ "properties": {
+ "pct": {
+ "scaling_factor": 1000,
+ "type": "scaled_float"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "memory": {
+ "properties": {
+ "rss": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "size": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "tags": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "threat": {
+ "properties": {
+ "framework": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "tactic": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "technique": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "timeseries": {
+ "properties": {
+ "instance": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "timestamp": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "tls": {
+ "properties": {
+ "cipher": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "client": {
+ "properties": {
+ "certificate": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "certificate_chain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "issuer": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ja3": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "server_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "supported_ciphers": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "x509": {
+ "properties": {
+ "alternative_names": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "issuer": {
+ "properties": {
+ "common_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "distinguished_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "locality": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organization": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organizational_unit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "state_or_province": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "public_key_algorithm": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "public_key_curve": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "public_key_exponent": {
+ "index": false,
+ "type": "long"
+ },
+ "public_key_size": {
+ "type": "long"
+ },
+ "serial_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "signature_algorithm": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject": {
+ "properties": {
+ "common_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "distinguished_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "locality": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organization": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organizational_unit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "state_or_province": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "version_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "curve": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "established": {
+ "type": "boolean"
+ },
+ "next_protocol": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "resumed": {
+ "type": "boolean"
+ },
+ "server": {
+ "properties": {
+ "certificate": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "certificate_chain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "issuer": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ja3s": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "subject": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "x509": {
+ "properties": {
+ "alternative_names": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "issuer": {
+ "properties": {
+ "common_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "distinguished_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "locality": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organization": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organizational_unit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "state_or_province": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "public_key_algorithm": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "public_key_curve": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "public_key_exponent": {
+ "index": false,
+ "type": "long"
+ },
+ "public_key_size": {
+ "type": "long"
+ },
+ "serial_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "signature_algorithm": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject": {
+ "properties": {
+ "common_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "distinguished_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "locality": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organization": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organizational_unit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "state_or_province": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "version_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version_protocol": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "trace": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "tracing": {
+ "properties": {
+ "span": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "trace": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "transaction": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "transaction": {
+ "dynamic": "false",
+ "properties": {
+ "breakdown": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "duration": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "histogram": {
+ "type": "histogram"
+ },
+ "sum": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "experience": {
+ "properties": {
+ "cls": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "fid": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "longtask": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "max": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "sum": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ }
+ }
+ },
+ "tbt": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ }
+ }
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "marks": {
+ "dynamic": "true",
+ "properties": {
+ "*": {
+ "properties": {
+ "*": {
+ "dynamic": "true",
+ "type": "object"
+ }
+ }
+ }
+ }
+ },
+ "message": {
+ "dynamic": "false",
+ "properties": {
+ "age": {
+ "properties": {
+ "ms": {
+ "type": "long"
+ }
+ }
+ },
+ "queue": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "result": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "root": {
+ "type": "boolean"
+ },
+ "sampled": {
+ "type": "boolean"
+ },
+ "self_time": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "sum": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "span_count": {
+ "properties": {
+ "dropped": {
+ "type": "long"
+ }
+ }
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "url": {
+ "dynamic": "false",
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "extension": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "fragment": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "password": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "port": {
+ "type": "long"
+ },
+ "query": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "scheme": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "username": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "user": {
+ "dynamic": "false",
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "roles": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "user_agent": {
+ "dynamic": "false",
+ "properties": {
+ "device": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "os": {
+ "properties": {
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "view spans": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "vulnerability": {
+ "properties": {
+ "category": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "classification": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "enumeration": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "report_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "scanner": {
+ "properties": {
+ "vendor": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "score": {
+ "properties": {
+ "base": {
+ "type": "float"
+ },
+ "environmental": {
+ "type": "float"
+ },
+ "temporal": {
+ "type": "float"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "severity": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "x509": {
+ "properties": {
+ "alternative_names": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "issuer": {
+ "properties": {
+ "common_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "distinguished_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "locality": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organization": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organizational_unit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "state_or_province": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "public_key_algorithm": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "public_key_curve": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "public_key_exponent": {
+ "index": false,
+ "type": "long"
+ },
+ "public_key_size": {
+ "type": "long"
+ },
+ "serial_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "signature_algorithm": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject": {
+ "properties": {
+ "common_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "distinguished_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "locality": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organization": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organizational_unit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "state_or_province": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "version_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "settings": {
+ "index": {
+ "codec": "best_compression",
+ "lifecycle": {
+ "name": "apm-rollover-30-days",
+ "rollover_alias": "apm-8.0.0-error"
+ },
+ "mapping": {
+ "total_fields": {
+ "limit": "2000"
+ }
+ },
+ "max_docvalue_fields_search": "200",
+ "number_of_replicas": "1",
+ "number_of_shards": "1",
+ "priority": "100",
+ "refresh_interval": "5s"
+ }
+ }
+ }
+}
+
+{
+ "type": "index",
+ "value": {
+ "aliases": {
+ "apm-8.0.0-metric": {
+ "is_write_index": true
+ }
+ },
+ "index": "apm-8.0.0-metric-2020.12.03-000001",
+ "mappings": {
+ "_meta": {
+ "beat": "apm",
+ "version": "8.0.0"
+ },
+ "date_detection": false,
+ "dynamic_templates": [
+ {
+ "labels": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "container.labels": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "container.labels.*"
+ }
+ },
+ {
+ "fields": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "fields.*"
+ }
+ },
+ {
+ "docker.container.labels": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "docker.container.labels.*"
+ }
+ },
+ {
+ "kubernetes.labels.*": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "path_match": "kubernetes.labels.*"
+ }
+ },
+ {
+ "kubernetes.annotations.*": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "path_match": "kubernetes.annotations.*"
+ }
+ },
+ {
+ "labels_string": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_boolean": {
+ "mapping": {
+ "type": "boolean"
+ },
+ "match_mapping_type": "boolean",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_string": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_boolean": {
+ "mapping": {
+ "type": "boolean"
+ },
+ "match_mapping_type": "boolean",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_string": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_boolean": {
+ "mapping": {
+ "type": "boolean"
+ },
+ "match_mapping_type": "boolean",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_string": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_boolean": {
+ "mapping": {
+ "type": "boolean"
+ },
+ "match_mapping_type": "boolean",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_string": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_boolean": {
+ "mapping": {
+ "type": "boolean"
+ },
+ "match_mapping_type": "boolean",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "transaction.marks": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "transaction.marks.*"
+ }
+ },
+ {
+ "transaction.marks.*.*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "transaction.marks.*.*"
+ }
+ },
+ {
+ "strings_as_keyword": {
+ "mapping": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "match_mapping_type": "string"
+ }
+ }
+ ],
+ "properties": {
+ "@timestamp": {
+ "type": "date"
+ },
+ "agent": {
+ "dynamic": "false",
+ "properties": {
+ "build": {
+ "properties": {
+ "original": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ephemeral_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hostname": {
+ "path": "agent.name",
+ "type": "alias"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "child": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "client": {
+ "dynamic": "false",
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "roles": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "cloud": {
+ "properties": {
+ "account": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "availability_zone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "image": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "instance": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "machine": {
+ "dynamic": "false",
+ "properties": {
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "project": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "provider": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "clr": {
+ "properties": {
+ "gc": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "gen0size": {
+ "type": "float"
+ },
+ "gen1size": {
+ "type": "float"
+ },
+ "gen2size": {
+ "type": "float"
+ },
+ "gen3size": {
+ "type": "float"
+ }
+ }
+ }
+ }
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "container": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "image": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "tag": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "labels": {
+ "type": "object"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "runtime": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "destination": {
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "roles": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "dll": {
+ "properties": {
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "pe": {
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "imphash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "dns": {
+ "properties": {
+ "answers": {
+ "properties": {
+ "class": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "data": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ttl": {
+ "type": "long"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "header_flags": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "op_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "question": {
+ "properties": {
+ "class": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subdomain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "resolved_ip": {
+ "type": "ip"
+ },
+ "response_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "docker": {
+ "properties": {
+ "container": {
+ "properties": {
+ "labels": {
+ "type": "object"
+ }
+ }
+ }
+ }
+ },
+ "ecs": {
+ "properties": {
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "error": {
+ "dynamic": "false",
+ "properties": {
+ "code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "culprit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "exception": {
+ "properties": {
+ "code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "handled": {
+ "type": "boolean"
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "module": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "grouping_key": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "log": {
+ "properties": {
+ "level": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "logger_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "param_message": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "stack_trace": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "index": false,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "event": {
+ "properties": {
+ "action": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "category": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "created": {
+ "type": "date"
+ },
+ "dataset": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "duration": {
+ "type": "long"
+ },
+ "end": {
+ "type": "date"
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ingested": {
+ "type": "date"
+ },
+ "kind": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "module": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original": {
+ "ignore_above": 1024,
+ "index": false,
+ "type": "keyword"
+ },
+ "outcome": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "provider": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reason": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "risk_score": {
+ "type": "float"
+ },
+ "risk_score_norm": {
+ "type": "float"
+ },
+ "sequence": {
+ "type": "long"
+ },
+ "severity": {
+ "type": "long"
+ },
+ "start": {
+ "type": "date"
+ },
+ "timezone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "url": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "experimental": {
+ "dynamic": "true",
+ "type": "object"
+ },
+ "fields": {
+ "type": "object"
+ },
+ "file": {
+ "properties": {
+ "accessed": {
+ "type": "date"
+ },
+ "attributes": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "created": {
+ "type": "date"
+ },
+ "ctime": {
+ "type": "date"
+ },
+ "device": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "directory": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "drive_letter": {
+ "ignore_above": 1,
+ "type": "keyword"
+ },
+ "extension": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "gid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "inode": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mime_type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mode": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mtime": {
+ "type": "date"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "owner": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "pe": {
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "imphash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "size": {
+ "type": "long"
+ },
+ "target_path": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "x509": {
+ "properties": {
+ "alternative_names": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "issuer": {
+ "properties": {
+ "common_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "distinguished_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "locality": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organization": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organizational_unit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "state_or_province": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "public_key_algorithm": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "public_key_curve": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "public_key_exponent": {
+ "index": false,
+ "type": "long"
+ },
+ "public_key_size": {
+ "type": "long"
+ },
+ "serial_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "signature_algorithm": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject": {
+ "properties": {
+ "common_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "distinguished_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "locality": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organization": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organizational_unit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "state_or_province": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "version_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "golang": {
+ "properties": {
+ "goroutines": {
+ "type": "long"
+ },
+ "heap": {
+ "properties": {
+ "allocations": {
+ "properties": {
+ "active": {
+ "type": "float"
+ },
+ "allocated": {
+ "type": "float"
+ },
+ "frees": {
+ "type": "float"
+ },
+ "idle": {
+ "type": "float"
+ },
+ "mallocs": {
+ "type": "float"
+ },
+ "objects": {
+ "type": "long"
+ },
+ "total": {
+ "type": "float"
+ }
+ }
+ },
+ "gc": {
+ "properties": {
+ "cpu_fraction": {
+ "type": "float"
+ },
+ "next_gc_limit": {
+ "type": "float"
+ },
+ "total_count": {
+ "type": "long"
+ },
+ "total_pause": {
+ "properties": {
+ "ns": {
+ "type": "float"
+ }
+ }
+ }
+ }
+ },
+ "system": {
+ "properties": {
+ "obtained": {
+ "type": "float"
+ },
+ "released": {
+ "type": "float"
+ },
+ "stack": {
+ "type": "long"
+ },
+ "total": {
+ "type": "float"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "host": {
+ "dynamic": "false",
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "containerized": {
+ "type": "boolean"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hostname": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "os": {
+ "properties": {
+ "build": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "codename": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uptime": {
+ "type": "long"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "roles": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "http": {
+ "dynamic": "false",
+ "properties": {
+ "request": {
+ "properties": {
+ "body": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ },
+ "content": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "headers": {
+ "enabled": false,
+ "type": "object"
+ },
+ "method": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "referrer": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "response": {
+ "properties": {
+ "body": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ },
+ "content": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "finished": {
+ "type": "boolean"
+ },
+ "headers": {
+ "enabled": false,
+ "type": "object"
+ },
+ "status_code": {
+ "type": "long"
+ }
+ }
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "interface": {
+ "properties": {
+ "alias": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "jvm": {
+ "properties": {
+ "gc": {
+ "properties": {
+ "alloc": {
+ "type": "float"
+ },
+ "count": {
+ "type": "long"
+ },
+ "time": {
+ "type": "long"
+ }
+ }
+ },
+ "memory": {
+ "properties": {
+ "heap": {
+ "properties": {
+ "committed": {
+ "type": "float"
+ },
+ "max": {
+ "type": "float"
+ },
+ "pool": {
+ "properties": {
+ "committed": {
+ "type": "float"
+ },
+ "max": {
+ "type": "float"
+ },
+ "used": {
+ "type": "float"
+ }
+ }
+ },
+ "used": {
+ "type": "float"
+ }
+ }
+ },
+ "non_heap": {
+ "properties": {
+ "committed": {
+ "type": "float"
+ },
+ "max": {
+ "type": "long"
+ },
+ "used": {
+ "type": "float"
+ }
+ }
+ }
+ }
+ },
+ "thread": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "kubernetes": {
+ "dynamic": "false",
+ "properties": {
+ "annotations": {
+ "properties": {
+ "*": {
+ "type": "object"
+ }
+ }
+ },
+ "container": {
+ "properties": {
+ "image": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "deployment": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "labels": {
+ "properties": {
+ "*": {
+ "type": "object"
+ }
+ }
+ },
+ "namespace": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "node": {
+ "properties": {
+ "hostname": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pod": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "replicaset": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "statefulset": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "labels": {
+ "dynamic": "true",
+ "properties": {
+ "city": {
+ "type": "keyword"
+ },
+ "country_code": {
+ "type": "keyword"
+ },
+ "env": {
+ "type": "keyword"
+ },
+ "git_rev": {
+ "type": "keyword"
+ },
+ "hostname": {
+ "type": "keyword"
+ },
+ "in_eu": {
+ "type": "boolean"
+ },
+ "ip": {
+ "type": "keyword"
+ },
+ "lang": {
+ "type": "keyword"
+ },
+ "name": {
+ "type": "keyword"
+ },
+ "u": {
+ "type": "keyword"
+ }
+ }
+ },
+ "log": {
+ "properties": {
+ "file": {
+ "properties": {
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "level": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "logger": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "origin": {
+ "properties": {
+ "file": {
+ "properties": {
+ "line": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "function": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "original": {
+ "ignore_above": 1024,
+ "index": false,
+ "type": "keyword"
+ },
+ "syslog": {
+ "properties": {
+ "facility": {
+ "properties": {
+ "code": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "priority": {
+ "type": "long"
+ },
+ "severity": {
+ "properties": {
+ "code": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "metricset": {
+ "properties": {
+ "period": {
+ "type": "long"
+ }
+ }
+ },
+ "network": {
+ "properties": {
+ "application": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "community_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "direction": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "forwarded_ip": {
+ "type": "ip"
+ },
+ "iana_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "inner": {
+ "properties": {
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "packets": {
+ "type": "long"
+ },
+ "protocol": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "transport": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "nodejs": {
+ "properties": {
+ "eventloop": {
+ "properties": {
+ "delay": {
+ "properties": {
+ "avg": {
+ "properties": {
+ "ms": {
+ "type": "float"
+ }
+ }
+ },
+ "ns": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "handles": {
+ "properties": {
+ "active": {
+ "type": "long"
+ }
+ }
+ },
+ "memory": {
+ "properties": {
+ "arrayBuffers": {
+ "properties": {
+ "bytes": {
+ "type": "float"
+ }
+ }
+ },
+ "external": {
+ "properties": {
+ "bytes": {
+ "type": "float"
+ }
+ }
+ },
+ "heap": {
+ "properties": {
+ "allocated": {
+ "properties": {
+ "bytes": {
+ "type": "float"
+ }
+ }
+ },
+ "used": {
+ "properties": {
+ "bytes": {
+ "type": "float"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "requests": {
+ "properties": {
+ "active": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "observer": {
+ "dynamic": "false",
+ "properties": {
+ "egress": {
+ "properties": {
+ "interface": {
+ "properties": {
+ "alias": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "zone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hostname": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ingress": {
+ "properties": {
+ "interface": {
+ "properties": {
+ "alias": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "zone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "listening": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "os": {
+ "properties": {
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "serial_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "vendor": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version_major": {
+ "type": "byte"
+ }
+ }
+ },
+ "organization": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "os": {
+ "properties": {
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "package": {
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "build_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "checksum": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "install_scope": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "installed": {
+ "type": "date"
+ },
+ "license": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "size": {
+ "type": "long"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "parent": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pe": {
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "imphash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "process": {
+ "dynamic": "false",
+ "properties": {
+ "args": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "args_count": {
+ "type": "long"
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "command_line": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "entity_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "executable": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "exit_code": {
+ "type": "long"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "parent": {
+ "properties": {
+ "args": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "args_count": {
+ "type": "long"
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "command_line": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "entity_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "executable": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "exit_code": {
+ "type": "long"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "pe": {
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "imphash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pgid": {
+ "type": "long"
+ },
+ "pid": {
+ "type": "long"
+ },
+ "ppid": {
+ "type": "long"
+ },
+ "start": {
+ "type": "date"
+ },
+ "thread": {
+ "properties": {
+ "id": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "title": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uptime": {
+ "type": "long"
+ },
+ "working_directory": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pe": {
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "imphash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pgid": {
+ "type": "long"
+ },
+ "pid": {
+ "type": "long"
+ },
+ "ppid": {
+ "type": "long"
+ },
+ "start": {
+ "type": "date"
+ },
+ "thread": {
+ "properties": {
+ "id": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "title": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uptime": {
+ "type": "long"
+ },
+ "working_directory": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "processor": {
+ "properties": {
+ "event": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "profile": {
+ "dynamic": "false",
+ "properties": {
+ "alloc_objects": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "alloc_space": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "cpu": {
+ "properties": {
+ "ns": {
+ "type": "long"
+ }
+ }
+ },
+ "duration": {
+ "type": "long"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "inuse_objects": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "inuse_space": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "samples": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "stack": {
+ "dynamic": "false",
+ "properties": {
+ "filename": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "function": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "line": {
+ "type": "long"
+ }
+ }
+ },
+ "top": {
+ "dynamic": "false",
+ "properties": {
+ "filename": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "function": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "line": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "registry": {
+ "properties": {
+ "data": {
+ "properties": {
+ "bytes": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "strings": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hive": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "key": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "value": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "related": {
+ "properties": {
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hosts": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "user": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ruby": {
+ "properties": {
+ "gc": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "heap": {
+ "properties": {
+ "allocations": {
+ "properties": {
+ "total": {
+ "type": "float"
+ }
+ }
+ },
+ "slots": {
+ "properties": {
+ "free": {
+ "type": "long"
+ },
+ "live": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "threads": {
+ "type": "long"
+ }
+ }
+ },
+ "rule": {
+ "properties": {
+ "author": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "category": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "license": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ruleset": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uuid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "server": {
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "roles": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "service": {
+ "dynamic": "false",
+ "properties": {
+ "environment": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ephemeral_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "framework": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "language": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "node": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "runtime": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "state": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "source": {
+ "dynamic": "false",
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "roles": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "sourcemap": {
+ "dynamic": "false",
+ "properties": {
+ "bundle_filepath": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "service": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "span": {
+ "dynamic": "false",
+ "properties": {
+ "action": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "db": {
+ "dynamic": "false",
+ "properties": {
+ "link": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "rows_affected": {
+ "type": "long"
+ }
+ }
+ },
+ "destination": {
+ "dynamic": "false",
+ "properties": {
+ "service": {
+ "dynamic": "false",
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "resource": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "response_time": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "sum": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "duration": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "message": {
+ "dynamic": "false",
+ "properties": {
+ "age": {
+ "properties": {
+ "ms": {
+ "type": "long"
+ }
+ }
+ },
+ "queue": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "self_time": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "sum": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "start": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "subtype": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sync": {
+ "type": "boolean"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "system": {
+ "properties": {
+ "cpu": {
+ "properties": {
+ "total": {
+ "properties": {
+ "norm": {
+ "properties": {
+ "pct": {
+ "scaling_factor": 1000,
+ "type": "scaled_float"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "memory": {
+ "properties": {
+ "actual": {
+ "properties": {
+ "free": {
+ "type": "long"
+ }
+ }
+ },
+ "total": {
+ "type": "long"
+ }
+ }
+ },
+ "process": {
+ "properties": {
+ "cgroup": {
+ "properties": {
+ "memory": {
+ "properties": {
+ "mem": {
+ "properties": {
+ "limit": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "usage": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "stats": {
+ "properties": {
+ "inactive_file": {
+ "properties": {
+ "bytes": {
+ "type": "float"
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "cpu": {
+ "properties": {
+ "system": {
+ "properties": {
+ "norm": {
+ "properties": {
+ "pct": {
+ "type": "float"
+ }
+ }
+ }
+ }
+ },
+ "total": {
+ "properties": {
+ "norm": {
+ "properties": {
+ "pct": {
+ "scaling_factor": 1000,
+ "type": "scaled_float"
+ }
+ }
+ }
+ }
+ },
+ "user": {
+ "properties": {
+ "norm": {
+ "properties": {
+ "pct": {
+ "type": "float"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "memory": {
+ "properties": {
+ "rss": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "size": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "tags": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "threat": {
+ "properties": {
+ "framework": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "tactic": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "technique": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "timeseries": {
+ "properties": {
+ "instance": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "timestamp": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "tls": {
+ "properties": {
+ "cipher": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "client": {
+ "properties": {
+ "certificate": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "certificate_chain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "issuer": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ja3": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "server_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "supported_ciphers": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "x509": {
+ "properties": {
+ "alternative_names": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "issuer": {
+ "properties": {
+ "common_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "distinguished_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "locality": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organization": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organizational_unit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "state_or_province": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "public_key_algorithm": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "public_key_curve": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "public_key_exponent": {
+ "index": false,
+ "type": "long"
+ },
+ "public_key_size": {
+ "type": "long"
+ },
+ "serial_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "signature_algorithm": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject": {
+ "properties": {
+ "common_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "distinguished_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "locality": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organization": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organizational_unit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "state_or_province": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "version_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "curve": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "established": {
+ "type": "boolean"
+ },
+ "next_protocol": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "resumed": {
+ "type": "boolean"
+ },
+ "server": {
+ "properties": {
+ "certificate": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "certificate_chain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "issuer": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ja3s": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "subject": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "x509": {
+ "properties": {
+ "alternative_names": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "issuer": {
+ "properties": {
+ "common_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "distinguished_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "locality": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organization": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organizational_unit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "state_or_province": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "public_key_algorithm": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "public_key_curve": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "public_key_exponent": {
+ "index": false,
+ "type": "long"
+ },
+ "public_key_size": {
+ "type": "long"
+ },
+ "serial_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "signature_algorithm": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject": {
+ "properties": {
+ "common_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "distinguished_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "locality": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organization": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organizational_unit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "state_or_province": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "version_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version_protocol": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "trace": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "tracing": {
+ "properties": {
+ "span": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "trace": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "transaction": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "transaction": {
+ "dynamic": "false",
+ "properties": {
+ "breakdown": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "duration": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "histogram": {
+ "type": "histogram"
+ },
+ "sum": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "experience": {
+ "properties": {
+ "cls": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "fid": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "longtask": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "max": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "sum": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ }
+ }
+ },
+ "tbt": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ }
+ }
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "marks": {
+ "dynamic": "true",
+ "properties": {
+ "*": {
+ "properties": {
+ "*": {
+ "dynamic": "true",
+ "type": "object"
+ }
+ }
+ }
+ }
+ },
+ "message": {
+ "dynamic": "false",
+ "properties": {
+ "age": {
+ "properties": {
+ "ms": {
+ "type": "long"
+ }
+ }
+ },
+ "queue": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "result": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "root": {
+ "type": "boolean"
+ },
+ "sampled": {
+ "type": "boolean"
+ },
+ "self_time": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "sum": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "span_count": {
+ "properties": {
+ "dropped": {
+ "type": "long"
+ }
+ }
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "url": {
+ "dynamic": "false",
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "extension": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "fragment": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "password": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "port": {
+ "type": "long"
+ },
+ "query": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "scheme": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "username": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "user": {
+ "dynamic": "false",
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "roles": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "user_agent": {
+ "dynamic": "false",
+ "properties": {
+ "device": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "os": {
+ "properties": {
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "view spans": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "vulnerability": {
+ "properties": {
+ "category": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "classification": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "enumeration": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "report_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "scanner": {
+ "properties": {
+ "vendor": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "score": {
+ "properties": {
+ "base": {
+ "type": "float"
+ },
+ "environmental": {
+ "type": "float"
+ },
+ "temporal": {
+ "type": "float"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "severity": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "x509": {
+ "properties": {
+ "alternative_names": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "issuer": {
+ "properties": {
+ "common_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "distinguished_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "locality": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organization": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organizational_unit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "state_or_province": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "public_key_algorithm": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "public_key_curve": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "public_key_exponent": {
+ "index": false,
+ "type": "long"
+ },
+ "public_key_size": {
+ "type": "long"
+ },
+ "serial_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "signature_algorithm": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject": {
+ "properties": {
+ "common_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "distinguished_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "locality": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organization": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organizational_unit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "state_or_province": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "version_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "settings": {
+ "index": {
+ "codec": "best_compression",
+ "lifecycle": {
+ "name": "apm-rollover-30-days",
+ "rollover_alias": "apm-8.0.0-metric"
+ },
+ "mapping": {
+ "total_fields": {
+ "limit": "2000"
+ }
+ },
+ "max_docvalue_fields_search": "200",
+ "number_of_replicas": "1",
+ "number_of_shards": "1",
+ "priority": "100",
+ "refresh_interval": "5s"
+ }
+ }
+ }
+}
+
+{
+ "type": "index",
+ "value": {
+ "aliases": {
+ "apm-8.0.0-span": {
+ "is_write_index": true
+ }
+ },
+ "index": "apm-8.0.0-span-2020.12.03-000001",
+ "mappings": {
+ "_meta": {
+ "beat": "apm",
+ "version": "8.0.0"
+ },
+ "date_detection": false,
+ "dynamic_templates": [
+ {
+ "labels": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "container.labels": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "container.labels.*"
+ }
+ },
+ {
+ "fields": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "fields.*"
+ }
+ },
+ {
+ "docker.container.labels": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "docker.container.labels.*"
+ }
+ },
+ {
+ "kubernetes.labels.*": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "path_match": "kubernetes.labels.*"
+ }
+ },
+ {
+ "kubernetes.annotations.*": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "path_match": "kubernetes.annotations.*"
+ }
+ },
+ {
+ "labels_string": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_boolean": {
+ "mapping": {
+ "type": "boolean"
+ },
+ "match_mapping_type": "boolean",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_string": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_boolean": {
+ "mapping": {
+ "type": "boolean"
+ },
+ "match_mapping_type": "boolean",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_string": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_boolean": {
+ "mapping": {
+ "type": "boolean"
+ },
+ "match_mapping_type": "boolean",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_string": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_boolean": {
+ "mapping": {
+ "type": "boolean"
+ },
+ "match_mapping_type": "boolean",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_string": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_boolean": {
+ "mapping": {
+ "type": "boolean"
+ },
+ "match_mapping_type": "boolean",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "transaction.marks": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "transaction.marks.*"
+ }
+ },
+ {
+ "transaction.marks.*.*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "transaction.marks.*.*"
+ }
+ },
+ {
+ "strings_as_keyword": {
+ "mapping": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "match_mapping_type": "string"
+ }
+ }
+ ],
+ "properties": {
+ "@timestamp": {
+ "type": "date"
+ },
+ "agent": {
+ "dynamic": "false",
+ "properties": {
+ "build": {
+ "properties": {
+ "original": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ephemeral_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hostname": {
+ "path": "agent.name",
+ "type": "alias"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "child": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "client": {
+ "dynamic": "false",
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "roles": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "cloud": {
+ "properties": {
+ "account": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "availability_zone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "image": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "instance": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "machine": {
+ "dynamic": "false",
+ "properties": {
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "project": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "provider": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "container": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "image": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "tag": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "labels": {
+ "type": "object"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "runtime": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "destination": {
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "roles": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "dll": {
+ "properties": {
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "pe": {
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "imphash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "dns": {
+ "properties": {
+ "answers": {
+ "properties": {
+ "class": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "data": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ttl": {
+ "type": "long"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "header_flags": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "op_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "question": {
+ "properties": {
+ "class": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subdomain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "resolved_ip": {
+ "type": "ip"
+ },
+ "response_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "docker": {
+ "properties": {
+ "container": {
+ "properties": {
+ "labels": {
+ "type": "object"
+ }
+ }
+ }
+ }
+ },
+ "ecs": {
+ "properties": {
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "error": {
+ "dynamic": "false",
+ "properties": {
+ "code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "culprit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "exception": {
+ "properties": {
+ "code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "handled": {
+ "type": "boolean"
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "module": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "grouping_key": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "log": {
+ "properties": {
+ "level": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "logger_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "param_message": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "stack_trace": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "index": false,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "event": {
+ "properties": {
+ "action": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "category": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "created": {
+ "type": "date"
+ },
+ "dataset": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "duration": {
+ "type": "long"
+ },
+ "end": {
+ "type": "date"
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ingested": {
+ "type": "date"
+ },
+ "kind": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "module": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original": {
+ "ignore_above": 1024,
+ "index": false,
+ "type": "keyword"
+ },
+ "outcome": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "provider": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reason": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "risk_score": {
+ "type": "float"
+ },
+ "risk_score_norm": {
+ "type": "float"
+ },
+ "sequence": {
+ "type": "long"
+ },
+ "severity": {
+ "type": "long"
+ },
+ "start": {
+ "type": "date"
+ },
+ "timezone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "url": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "experimental": {
+ "dynamic": "true",
+ "type": "object"
+ },
+ "fields": {
+ "type": "object"
+ },
+ "file": {
+ "properties": {
+ "accessed": {
+ "type": "date"
+ },
+ "attributes": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "created": {
+ "type": "date"
+ },
+ "ctime": {
+ "type": "date"
+ },
+ "device": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "directory": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "drive_letter": {
+ "ignore_above": 1,
+ "type": "keyword"
+ },
+ "extension": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "gid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "inode": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mime_type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mode": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mtime": {
+ "type": "date"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "owner": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "pe": {
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "imphash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "size": {
+ "type": "long"
+ },
+ "target_path": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "x509": {
+ "properties": {
+ "alternative_names": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "issuer": {
+ "properties": {
+ "common_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "distinguished_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "locality": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organization": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organizational_unit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "state_or_province": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "public_key_algorithm": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "public_key_curve": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "public_key_exponent": {
+ "index": false,
+ "type": "long"
+ },
+ "public_key_size": {
+ "type": "long"
+ },
+ "serial_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "signature_algorithm": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject": {
+ "properties": {
+ "common_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "distinguished_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "locality": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organization": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organizational_unit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "state_or_province": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "version_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "host": {
+ "dynamic": "false",
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "containerized": {
+ "type": "boolean"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hostname": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "os": {
+ "properties": {
+ "build": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "codename": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uptime": {
+ "type": "long"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "roles": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "http": {
+ "dynamic": "false",
+ "properties": {
+ "request": {
+ "properties": {
+ "body": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ },
+ "content": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "headers": {
+ "enabled": false,
+ "type": "object"
+ },
+ "method": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "referrer": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "response": {
+ "properties": {
+ "body": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ },
+ "content": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "finished": {
+ "type": "boolean"
+ },
+ "headers": {
+ "enabled": false,
+ "type": "object"
+ },
+ "status_code": {
+ "type": "long"
+ }
+ }
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "interface": {
+ "properties": {
+ "alias": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "kubernetes": {
+ "dynamic": "false",
+ "properties": {
+ "annotations": {
+ "properties": {
+ "*": {
+ "type": "object"
+ }
+ }
+ },
+ "container": {
+ "properties": {
+ "image": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "deployment": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "labels": {
+ "properties": {
+ "*": {
+ "type": "object"
+ }
+ }
+ },
+ "namespace": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "node": {
+ "properties": {
+ "hostname": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pod": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "replicaset": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "statefulset": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "labels": {
+ "dynamic": "true",
+ "properties": {
+ "city": {
+ "type": "keyword"
+ },
+ "country_code": {
+ "type": "keyword"
+ },
+ "foo": {
+ "type": "keyword"
+ },
+ "git_rev": {
+ "type": "keyword"
+ },
+ "in_eu": {
+ "type": "boolean"
+ },
+ "ip": {
+ "type": "keyword"
+ },
+ "lang": {
+ "type": "keyword"
+ },
+ "productId": {
+ "type": "keyword"
+ },
+ "u": {
+ "type": "keyword"
+ }
+ }
+ },
+ "log": {
+ "properties": {
+ "file": {
+ "properties": {
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "level": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "logger": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "origin": {
+ "properties": {
+ "file": {
+ "properties": {
+ "line": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "function": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "original": {
+ "ignore_above": 1024,
+ "index": false,
+ "type": "keyword"
+ },
+ "syslog": {
+ "properties": {
+ "facility": {
+ "properties": {
+ "code": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "priority": {
+ "type": "long"
+ },
+ "severity": {
+ "properties": {
+ "code": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "metricset": {
+ "properties": {
+ "period": {
+ "type": "long"
+ }
+ }
+ },
+ "network": {
+ "properties": {
+ "application": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "community_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "direction": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "forwarded_ip": {
+ "type": "ip"
+ },
+ "iana_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "inner": {
+ "properties": {
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "packets": {
+ "type": "long"
+ },
+ "protocol": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "transport": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "observer": {
+ "dynamic": "false",
+ "properties": {
+ "egress": {
+ "properties": {
+ "interface": {
+ "properties": {
+ "alias": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "zone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hostname": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ingress": {
+ "properties": {
+ "interface": {
+ "properties": {
+ "alias": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "zone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "listening": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "os": {
+ "properties": {
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "serial_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "vendor": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version_major": {
+ "type": "byte"
+ }
+ }
+ },
+ "organization": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "os": {
+ "properties": {
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "package": {
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "build_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "checksum": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "install_scope": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "installed": {
+ "type": "date"
+ },
+ "license": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "size": {
+ "type": "long"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "parent": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pe": {
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "imphash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "process": {
+ "dynamic": "false",
+ "properties": {
+ "args": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "args_count": {
+ "type": "long"
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "command_line": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "entity_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "executable": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "exit_code": {
+ "type": "long"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "parent": {
+ "properties": {
+ "args": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "args_count": {
+ "type": "long"
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "command_line": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "entity_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "executable": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "exit_code": {
+ "type": "long"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "pe": {
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "imphash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pgid": {
+ "type": "long"
+ },
+ "pid": {
+ "type": "long"
+ },
+ "ppid": {
+ "type": "long"
+ },
+ "start": {
+ "type": "date"
+ },
+ "thread": {
+ "properties": {
+ "id": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "title": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uptime": {
+ "type": "long"
+ },
+ "working_directory": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pe": {
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "imphash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pgid": {
+ "type": "long"
+ },
+ "pid": {
+ "type": "long"
+ },
+ "ppid": {
+ "type": "long"
+ },
+ "start": {
+ "type": "date"
+ },
+ "thread": {
+ "properties": {
+ "id": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "title": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uptime": {
+ "type": "long"
+ },
+ "working_directory": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "processor": {
+ "properties": {
+ "event": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "profile": {
+ "dynamic": "false",
+ "properties": {
+ "alloc_objects": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "alloc_space": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "cpu": {
+ "properties": {
+ "ns": {
+ "type": "long"
+ }
+ }
+ },
+ "duration": {
+ "type": "long"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "inuse_objects": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "inuse_space": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "samples": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "stack": {
+ "dynamic": "false",
+ "properties": {
+ "filename": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "function": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "line": {
+ "type": "long"
+ }
+ }
+ },
+ "top": {
+ "dynamic": "false",
+ "properties": {
+ "filename": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "function": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "line": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "registry": {
+ "properties": {
+ "data": {
+ "properties": {
+ "bytes": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "strings": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hive": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "key": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "value": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "related": {
+ "properties": {
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hosts": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "user": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "rule": {
+ "properties": {
+ "author": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "category": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "license": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ruleset": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uuid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "server": {
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "roles": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "service": {
+ "dynamic": "false",
+ "properties": {
+ "environment": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ephemeral_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "framework": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "language": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "node": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "runtime": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "state": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "source": {
+ "dynamic": "false",
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "roles": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "sourcemap": {
+ "dynamic": "false",
+ "properties": {
+ "bundle_filepath": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "service": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "span": {
+ "dynamic": "false",
+ "properties": {
+ "action": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "db": {
+ "dynamic": "false",
+ "properties": {
+ "link": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "rows_affected": {
+ "type": "long"
+ }
+ }
+ },
+ "destination": {
+ "dynamic": "false",
+ "properties": {
+ "service": {
+ "dynamic": "false",
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "resource": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "response_time": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "sum": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "duration": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "message": {
+ "dynamic": "false",
+ "properties": {
+ "age": {
+ "properties": {
+ "ms": {
+ "type": "long"
+ }
+ }
+ },
+ "queue": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "self_time": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "sum": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "start": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "subtype": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sync": {
+ "type": "boolean"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "system": {
+ "properties": {
+ "cpu": {
+ "properties": {
+ "total": {
+ "properties": {
+ "norm": {
+ "properties": {
+ "pct": {
+ "scaling_factor": 1000,
+ "type": "scaled_float"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "memory": {
+ "properties": {
+ "actual": {
+ "properties": {
+ "free": {
+ "type": "long"
+ }
+ }
+ },
+ "total": {
+ "type": "long"
+ }
+ }
+ },
+ "process": {
+ "properties": {
+ "cgroup": {
+ "properties": {
+ "memory": {
+ "properties": {
+ "mem": {
+ "properties": {
+ "limit": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "usage": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "cpu": {
+ "properties": {
+ "total": {
+ "properties": {
+ "norm": {
+ "properties": {
+ "pct": {
+ "scaling_factor": 1000,
+ "type": "scaled_float"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "memory": {
+ "properties": {
+ "rss": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "size": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "tags": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "threat": {
+ "properties": {
+ "framework": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "tactic": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "technique": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "timeseries": {
+ "properties": {
+ "instance": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "timestamp": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "tls": {
+ "properties": {
+ "cipher": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "client": {
+ "properties": {
+ "certificate": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "certificate_chain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "issuer": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ja3": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "server_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "supported_ciphers": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "x509": {
+ "properties": {
+ "alternative_names": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "issuer": {
+ "properties": {
+ "common_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "distinguished_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "locality": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organization": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organizational_unit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "state_or_province": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "public_key_algorithm": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "public_key_curve": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "public_key_exponent": {
+ "index": false,
+ "type": "long"
+ },
+ "public_key_size": {
+ "type": "long"
+ },
+ "serial_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "signature_algorithm": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject": {
+ "properties": {
+ "common_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "distinguished_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "locality": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organization": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organizational_unit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "state_or_province": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "version_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "curve": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "established": {
+ "type": "boolean"
+ },
+ "next_protocol": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "resumed": {
+ "type": "boolean"
+ },
+ "server": {
+ "properties": {
+ "certificate": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "certificate_chain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "issuer": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ja3s": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "subject": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "x509": {
+ "properties": {
+ "alternative_names": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "issuer": {
+ "properties": {
+ "common_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "distinguished_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "locality": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organization": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organizational_unit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "state_or_province": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "public_key_algorithm": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "public_key_curve": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "public_key_exponent": {
+ "index": false,
+ "type": "long"
+ },
+ "public_key_size": {
+ "type": "long"
+ },
+ "serial_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "signature_algorithm": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject": {
+ "properties": {
+ "common_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "distinguished_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "locality": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organization": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organizational_unit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "state_or_province": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "version_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version_protocol": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "trace": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "tracing": {
+ "properties": {
+ "span": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "trace": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "transaction": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "transaction": {
+ "dynamic": "false",
+ "properties": {
+ "breakdown": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "duration": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "histogram": {
+ "type": "histogram"
+ },
+ "sum": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "experience": {
+ "properties": {
+ "cls": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "fid": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "longtask": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "max": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "sum": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ }
+ }
+ },
+ "tbt": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ }
+ }
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "marks": {
+ "dynamic": "true",
+ "properties": {
+ "*": {
+ "properties": {
+ "*": {
+ "dynamic": "true",
+ "type": "object"
+ }
+ }
+ }
+ }
+ },
+ "message": {
+ "dynamic": "false",
+ "properties": {
+ "age": {
+ "properties": {
+ "ms": {
+ "type": "long"
+ }
+ }
+ },
+ "queue": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "result": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "root": {
+ "type": "boolean"
+ },
+ "sampled": {
+ "type": "boolean"
+ },
+ "self_time": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "sum": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "span_count": {
+ "properties": {
+ "dropped": {
+ "type": "long"
+ }
+ }
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "url": {
+ "dynamic": "false",
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "extension": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "fragment": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "password": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "port": {
+ "type": "long"
+ },
+ "query": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "scheme": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "username": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "user": {
+ "dynamic": "false",
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "roles": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "user_agent": {
+ "dynamic": "false",
+ "properties": {
+ "device": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "os": {
+ "properties": {
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "view spans": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "vulnerability": {
+ "properties": {
+ "category": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "classification": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "enumeration": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "report_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "scanner": {
+ "properties": {
+ "vendor": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "score": {
+ "properties": {
+ "base": {
+ "type": "float"
+ },
+ "environmental": {
+ "type": "float"
+ },
+ "temporal": {
+ "type": "float"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "severity": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "x509": {
+ "properties": {
+ "alternative_names": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "issuer": {
+ "properties": {
+ "common_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "distinguished_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "locality": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organization": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organizational_unit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "state_or_province": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "public_key_algorithm": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "public_key_curve": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "public_key_exponent": {
+ "index": false,
+ "type": "long"
+ },
+ "public_key_size": {
+ "type": "long"
+ },
+ "serial_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "signature_algorithm": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject": {
+ "properties": {
+ "common_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "distinguished_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "locality": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organization": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organizational_unit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "state_or_province": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "version_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "settings": {
+ "index": {
+ "codec": "best_compression",
+ "lifecycle": {
+ "name": "apm-rollover-30-days",
+ "rollover_alias": "apm-8.0.0-span"
+ },
+ "mapping": {
+ "total_fields": {
+ "limit": "2000"
+ }
+ },
+ "max_docvalue_fields_search": "200",
+ "number_of_replicas": "1",
+ "number_of_shards": "1",
+ "priority": "100",
+ "refresh_interval": "5s"
+ }
+ }
+ }
+}
+
+{
+ "type": "index",
+ "value": {
+ "aliases": {
+ "apm-8.0.0-transaction": {
+ "is_write_index": true
+ }
+ },
+ "index": "apm-8.0.0-transaction-2020.12.03-000001",
+ "mappings": {
+ "_meta": {
+ "beat": "apm",
+ "version": "8.0.0"
+ },
+ "date_detection": false,
+ "dynamic_templates": [
+ {
+ "labels": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "container.labels": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "container.labels.*"
+ }
+ },
+ {
+ "fields": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "fields.*"
+ }
+ },
+ {
+ "docker.container.labels": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "docker.container.labels.*"
+ }
+ },
+ {
+ "kubernetes.labels.*": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "path_match": "kubernetes.labels.*"
+ }
+ },
+ {
+ "kubernetes.annotations.*": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "path_match": "kubernetes.annotations.*"
+ }
+ },
+ {
+ "labels_string": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_boolean": {
+ "mapping": {
+ "type": "boolean"
+ },
+ "match_mapping_type": "boolean",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_string": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_boolean": {
+ "mapping": {
+ "type": "boolean"
+ },
+ "match_mapping_type": "boolean",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_string": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_boolean": {
+ "mapping": {
+ "type": "boolean"
+ },
+ "match_mapping_type": "boolean",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_string": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_boolean": {
+ "mapping": {
+ "type": "boolean"
+ },
+ "match_mapping_type": "boolean",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_string": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_boolean": {
+ "mapping": {
+ "type": "boolean"
+ },
+ "match_mapping_type": "boolean",
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "labels_*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "labels.*"
+ }
+ },
+ {
+ "transaction.marks": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "match_mapping_type": "string",
+ "path_match": "transaction.marks.*"
+ }
+ },
+ {
+ "transaction.marks.*.*": {
+ "mapping": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "path_match": "transaction.marks.*.*"
+ }
+ },
+ {
+ "strings_as_keyword": {
+ "mapping": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "match_mapping_type": "string"
+ }
+ }
+ ],
+ "properties": {
+ "@timestamp": {
+ "type": "date"
+ },
+ "agent": {
+ "dynamic": "false",
+ "properties": {
+ "build": {
+ "properties": {
+ "original": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ephemeral_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hostname": {
+ "path": "agent.name",
+ "type": "alias"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "child": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "client": {
+ "dynamic": "false",
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "roles": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "cloud": {
+ "properties": {
+ "account": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "availability_zone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "image": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "instance": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "machine": {
+ "dynamic": "false",
+ "properties": {
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "project": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "provider": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "container": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "image": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "tag": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "labels": {
+ "type": "object"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "runtime": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "destination": {
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "roles": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "dll": {
+ "properties": {
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "pe": {
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "imphash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "dns": {
+ "properties": {
+ "answers": {
+ "properties": {
+ "class": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "data": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ttl": {
+ "type": "long"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "header_flags": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "op_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "question": {
+ "properties": {
+ "class": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subdomain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "resolved_ip": {
+ "type": "ip"
+ },
+ "response_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "docker": {
+ "properties": {
+ "container": {
+ "properties": {
+ "labels": {
+ "type": "object"
+ }
+ }
+ }
+ }
+ },
+ "ecs": {
+ "properties": {
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "error": {
+ "dynamic": "false",
+ "properties": {
+ "code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "culprit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "exception": {
+ "properties": {
+ "code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "handled": {
+ "type": "boolean"
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "module": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "grouping_key": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "log": {
+ "properties": {
+ "level": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "logger_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "param_message": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "stack_trace": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "index": false,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "event": {
+ "properties": {
+ "action": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "category": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "created": {
+ "type": "date"
+ },
+ "dataset": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "duration": {
+ "type": "long"
+ },
+ "end": {
+ "type": "date"
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ingested": {
+ "type": "date"
+ },
+ "kind": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "module": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original": {
+ "ignore_above": 1024,
+ "index": false,
+ "type": "keyword"
+ },
+ "outcome": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "provider": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reason": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "risk_score": {
+ "type": "float"
+ },
+ "risk_score_norm": {
+ "type": "float"
+ },
+ "sequence": {
+ "type": "long"
+ },
+ "severity": {
+ "type": "long"
+ },
+ "start": {
+ "type": "date"
+ },
+ "timezone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "url": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "experimental": {
+ "dynamic": "true",
+ "type": "object"
+ },
+ "fields": {
+ "type": "object"
+ },
+ "file": {
+ "properties": {
+ "accessed": {
+ "type": "date"
+ },
+ "attributes": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "created": {
+ "type": "date"
+ },
+ "ctime": {
+ "type": "date"
+ },
+ "device": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "directory": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "drive_letter": {
+ "ignore_above": 1,
+ "type": "keyword"
+ },
+ "extension": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "gid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "inode": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mime_type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mode": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mtime": {
+ "type": "date"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "owner": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "pe": {
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "imphash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "size": {
+ "type": "long"
+ },
+ "target_path": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "x509": {
+ "properties": {
+ "alternative_names": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "issuer": {
+ "properties": {
+ "common_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "distinguished_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "locality": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organization": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organizational_unit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "state_or_province": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "public_key_algorithm": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "public_key_curve": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "public_key_exponent": {
+ "index": false,
+ "type": "long"
+ },
+ "public_key_size": {
+ "type": "long"
+ },
+ "serial_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "signature_algorithm": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject": {
+ "properties": {
+ "common_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "distinguished_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "locality": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organization": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organizational_unit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "state_or_province": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "version_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "host": {
+ "dynamic": "false",
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "containerized": {
+ "type": "boolean"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hostname": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "os": {
+ "properties": {
+ "build": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "codename": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uptime": {
+ "type": "long"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "roles": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "http": {
+ "dynamic": "false",
+ "properties": {
+ "request": {
+ "properties": {
+ "body": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ },
+ "content": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "headers": {
+ "enabled": false,
+ "type": "object"
+ },
+ "method": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "referrer": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "response": {
+ "properties": {
+ "body": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ },
+ "content": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "finished": {
+ "type": "boolean"
+ },
+ "headers": {
+ "enabled": false,
+ "type": "object"
+ },
+ "status_code": {
+ "type": "long"
+ }
+ }
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "interface": {
+ "properties": {
+ "alias": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "kubernetes": {
+ "dynamic": "false",
+ "properties": {
+ "annotations": {
+ "properties": {
+ "*": {
+ "type": "object"
+ }
+ }
+ },
+ "container": {
+ "properties": {
+ "image": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "deployment": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "labels": {
+ "properties": {
+ "*": {
+ "type": "object"
+ }
+ }
+ },
+ "namespace": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "node": {
+ "properties": {
+ "hostname": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pod": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "replicaset": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "statefulset": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "labels": {
+ "dynamic": "true",
+ "properties": {
+ "city": {
+ "type": "keyword"
+ },
+ "company": {
+ "type": "keyword"
+ },
+ "country_code": {
+ "type": "keyword"
+ },
+ "customer_email": {
+ "type": "keyword"
+ },
+ "customer_name": {
+ "type": "keyword"
+ },
+ "customer_tier": {
+ "type": "keyword"
+ },
+ "foo": {
+ "type": "keyword"
+ },
+ "git_rev": {
+ "type": "keyword"
+ },
+ "in_eu": {
+ "type": "boolean"
+ },
+ "ip": {
+ "type": "keyword"
+ },
+ "lang": {
+ "type": "keyword"
+ },
+ "lorem": {
+ "type": "keyword"
+ },
+ "multi-line": {
+ "type": "keyword"
+ },
+ "request_id": {
+ "type": "keyword"
+ },
+ "served_from_cache": {
+ "type": "keyword"
+ },
+ "this-is-a-very-long-tag-name-without-any-spaces": {
+ "type": "keyword"
+ },
+ "u": {
+ "type": "keyword"
+ }
+ }
+ },
+ "log": {
+ "properties": {
+ "file": {
+ "properties": {
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "level": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "logger": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "origin": {
+ "properties": {
+ "file": {
+ "properties": {
+ "line": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "function": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "original": {
+ "ignore_above": 1024,
+ "index": false,
+ "type": "keyword"
+ },
+ "syslog": {
+ "properties": {
+ "facility": {
+ "properties": {
+ "code": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "priority": {
+ "type": "long"
+ },
+ "severity": {
+ "properties": {
+ "code": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "message": {
+ "norms": false,
+ "type": "text"
+ },
+ "metricset": {
+ "properties": {
+ "period": {
+ "type": "long"
+ }
+ }
+ },
+ "network": {
+ "properties": {
+ "application": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "community_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "direction": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "forwarded_ip": {
+ "type": "ip"
+ },
+ "iana_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "inner": {
+ "properties": {
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "packets": {
+ "type": "long"
+ },
+ "protocol": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "transport": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "observer": {
+ "dynamic": "false",
+ "properties": {
+ "egress": {
+ "properties": {
+ "interface": {
+ "properties": {
+ "alias": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "zone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hostname": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ingress": {
+ "properties": {
+ "interface": {
+ "properties": {
+ "alias": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "zone": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "listening": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "os": {
+ "properties": {
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "serial_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "vendor": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version_major": {
+ "type": "byte"
+ }
+ }
+ },
+ "organization": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "os": {
+ "properties": {
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "package": {
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "build_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "checksum": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "install_scope": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "installed": {
+ "type": "date"
+ },
+ "license": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "size": {
+ "type": "long"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "parent": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pe": {
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "imphash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "process": {
+ "dynamic": "false",
+ "properties": {
+ "args": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "args_count": {
+ "type": "long"
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "command_line": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "entity_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "executable": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "exit_code": {
+ "type": "long"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "parent": {
+ "properties": {
+ "args": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "args_count": {
+ "type": "long"
+ },
+ "code_signature": {
+ "properties": {
+ "exists": {
+ "type": "boolean"
+ },
+ "status": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "trusted": {
+ "type": "boolean"
+ },
+ "valid": {
+ "type": "boolean"
+ }
+ }
+ },
+ "command_line": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "entity_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "executable": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "exit_code": {
+ "type": "long"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha512": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "pe": {
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "imphash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pgid": {
+ "type": "long"
+ },
+ "pid": {
+ "type": "long"
+ },
+ "ppid": {
+ "type": "long"
+ },
+ "start": {
+ "type": "date"
+ },
+ "thread": {
+ "properties": {
+ "id": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "title": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uptime": {
+ "type": "long"
+ },
+ "working_directory": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pe": {
+ "properties": {
+ "architecture": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "company": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "file_version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "imphash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original_file_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "product": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "pgid": {
+ "type": "long"
+ },
+ "pid": {
+ "type": "long"
+ },
+ "ppid": {
+ "type": "long"
+ },
+ "start": {
+ "type": "date"
+ },
+ "thread": {
+ "properties": {
+ "id": {
+ "type": "long"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "title": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uptime": {
+ "type": "long"
+ },
+ "working_directory": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "processor": {
+ "properties": {
+ "event": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "profile": {
+ "dynamic": "false",
+ "properties": {
+ "alloc_objects": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "alloc_space": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "cpu": {
+ "properties": {
+ "ns": {
+ "type": "long"
+ }
+ }
+ },
+ "duration": {
+ "type": "long"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "inuse_objects": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "inuse_space": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "samples": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "stack": {
+ "dynamic": "false",
+ "properties": {
+ "filename": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "function": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "line": {
+ "type": "long"
+ }
+ }
+ },
+ "top": {
+ "dynamic": "false",
+ "properties": {
+ "filename": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "function": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "line": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "registry": {
+ "properties": {
+ "data": {
+ "properties": {
+ "bytes": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "strings": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hive": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "key": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "value": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "related": {
+ "properties": {
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hosts": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "user": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "rule": {
+ "properties": {
+ "author": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "category": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "license": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ruleset": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "uuid": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "server": {
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "roles": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "service": {
+ "dynamic": "false",
+ "properties": {
+ "environment": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ephemeral_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "framework": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "language": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "node": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "runtime": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "state": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "source": {
+ "dynamic": "false",
+ "properties": {
+ "address": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "as": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "organization": {
+ "properties": {
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "bytes": {
+ "type": "long"
+ },
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "geo": {
+ "properties": {
+ "city_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "continent_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "location": {
+ "type": "geo_point"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_iso_code": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "region_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "ip": {
+ "type": "ip"
+ },
+ "mac": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "nat": {
+ "properties": {
+ "ip": {
+ "type": "ip"
+ },
+ "port": {
+ "type": "long"
+ }
+ }
+ },
+ "packets": {
+ "type": "long"
+ },
+ "port": {
+ "type": "long"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "user": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "roles": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "sourcemap": {
+ "dynamic": "false",
+ "properties": {
+ "bundle_filepath": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "service": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "span": {
+ "dynamic": "false",
+ "properties": {
+ "action": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "db": {
+ "dynamic": "false",
+ "properties": {
+ "link": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "rows_affected": {
+ "type": "long"
+ }
+ }
+ },
+ "destination": {
+ "dynamic": "false",
+ "properties": {
+ "service": {
+ "dynamic": "false",
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "resource": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "response_time": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "sum": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "duration": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "message": {
+ "dynamic": "false",
+ "properties": {
+ "age": {
+ "properties": {
+ "ms": {
+ "type": "long"
+ }
+ }
+ },
+ "queue": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "self_time": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "sum": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "start": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "subtype": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sync": {
+ "type": "boolean"
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "system": {
+ "properties": {
+ "cpu": {
+ "properties": {
+ "total": {
+ "properties": {
+ "norm": {
+ "properties": {
+ "pct": {
+ "scaling_factor": 1000,
+ "type": "scaled_float"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "memory": {
+ "properties": {
+ "actual": {
+ "properties": {
+ "free": {
+ "type": "long"
+ }
+ }
+ },
+ "total": {
+ "type": "long"
+ }
+ }
+ },
+ "process": {
+ "properties": {
+ "cgroup": {
+ "properties": {
+ "memory": {
+ "properties": {
+ "mem": {
+ "properties": {
+ "limit": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "usage": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "cpu": {
+ "properties": {
+ "total": {
+ "properties": {
+ "norm": {
+ "properties": {
+ "pct": {
+ "scaling_factor": 1000,
+ "type": "scaled_float"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "memory": {
+ "properties": {
+ "rss": {
+ "properties": {
+ "bytes": {
+ "type": "long"
+ }
+ }
+ },
+ "size": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "tags": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "threat": {
+ "properties": {
+ "framework": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "tactic": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "technique": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "timeseries": {
+ "properties": {
+ "instance": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "timestamp": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "tls": {
+ "properties": {
+ "cipher": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "client": {
+ "properties": {
+ "certificate": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "certificate_chain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "issuer": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ja3": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "server_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "supported_ciphers": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "x509": {
+ "properties": {
+ "alternative_names": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "issuer": {
+ "properties": {
+ "common_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "distinguished_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "locality": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organization": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organizational_unit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "state_or_province": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "public_key_algorithm": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "public_key_curve": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "public_key_exponent": {
+ "index": false,
+ "type": "long"
+ },
+ "public_key_size": {
+ "type": "long"
+ },
+ "serial_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "signature_algorithm": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject": {
+ "properties": {
+ "common_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "distinguished_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "locality": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organization": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organizational_unit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "state_or_province": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "version_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "curve": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "established": {
+ "type": "boolean"
+ },
+ "next_protocol": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "resumed": {
+ "type": "boolean"
+ },
+ "server": {
+ "properties": {
+ "certificate": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "certificate_chain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "hash": {
+ "properties": {
+ "md5": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha1": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "sha256": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "issuer": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "ja3s": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "subject": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "x509": {
+ "properties": {
+ "alternative_names": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "issuer": {
+ "properties": {
+ "common_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "distinguished_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "locality": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organization": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organizational_unit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "state_or_province": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "public_key_algorithm": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "public_key_curve": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "public_key_exponent": {
+ "index": false,
+ "type": "long"
+ },
+ "public_key_size": {
+ "type": "long"
+ },
+ "serial_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "signature_algorithm": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject": {
+ "properties": {
+ "common_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "distinguished_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "locality": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organization": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organizational_unit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "state_or_province": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "version_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version_protocol": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "trace": {
+ "dynamic": "false",
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "tracing": {
+ "properties": {
+ "span": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "trace": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "transaction": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "transaction": {
+ "dynamic": "false",
+ "properties": {
+ "breakdown": {
+ "properties": {
+ "count": {
+ "type": "long"
+ }
+ }
+ },
+ "duration": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "histogram": {
+ "type": "histogram"
+ },
+ "sum": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "us": {
+ "type": "long"
+ }
+ }
+ },
+ "experience": {
+ "properties": {
+ "cls": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "fid": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "longtask": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "max": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "sum": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ }
+ }
+ },
+ "tbt": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ }
+ }
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "marks": {
+ "dynamic": "true",
+ "properties": {
+ "*": {
+ "properties": {
+ "*": {
+ "dynamic": "true",
+ "type": "object"
+ }
+ }
+ },
+ "agent": {
+ "properties": {
+ "domComplete": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "domInteractive": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "firstContentfulPaint": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "largestContentfulPaint": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "timeToFirstByte": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ }
+ }
+ },
+ "navigationTiming": {
+ "properties": {
+ "connectEnd": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "connectStart": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "domComplete": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "domContentLoadedEventEnd": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "domContentLoadedEventStart": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "domInteractive": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "domLoading": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "domainLookupEnd": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "domainLookupStart": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "fetchStart": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "loadEventEnd": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "loadEventStart": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "requestStart": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "responseEnd": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ },
+ "responseStart": {
+ "scaling_factor": 1000000,
+ "type": "scaled_float"
+ }
+ }
+ }
+ }
+ },
+ "message": {
+ "dynamic": "false",
+ "properties": {
+ "age": {
+ "properties": {
+ "ms": {
+ "type": "long"
+ }
+ }
+ },
+ "queue": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "result": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "root": {
+ "type": "boolean"
+ },
+ "sampled": {
+ "type": "boolean"
+ },
+ "self_time": {
+ "properties": {
+ "count": {
+ "type": "long"
+ },
+ "sum": {
+ "properties": {
+ "us": {
+ "type": "long"
+ }
+ }
+ }
+ }
+ },
+ "span_count": {
+ "properties": {
+ "dropped": {
+ "type": "long"
+ }
+ }
+ },
+ "type": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "url": {
+ "dynamic": "false",
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "extension": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "fragment": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "password": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "path": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "port": {
+ "type": "long"
+ },
+ "query": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "registered_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "scheme": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "top_level_domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "username": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "user": {
+ "dynamic": "false",
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "email": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full_name": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "group": {
+ "properties": {
+ "domain": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "hash": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "roles": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "user_agent": {
+ "dynamic": "false",
+ "properties": {
+ "device": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "original": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "os": {
+ "properties": {
+ "family": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "full": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "kernel": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "platform": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "view spans": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "vlan": {
+ "properties": {
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "vulnerability": {
+ "properties": {
+ "category": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "classification": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "description": {
+ "fields": {
+ "text": {
+ "norms": false,
+ "type": "text"
+ }
+ },
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "enumeration": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "reference": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "report_id": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "scanner": {
+ "properties": {
+ "vendor": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "score": {
+ "properties": {
+ "base": {
+ "type": "float"
+ },
+ "environmental": {
+ "type": "float"
+ },
+ "temporal": {
+ "type": "float"
+ },
+ "version": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "severity": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "x509": {
+ "properties": {
+ "alternative_names": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "issuer": {
+ "properties": {
+ "common_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "distinguished_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "locality": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organization": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organizational_unit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "state_or_province": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "not_after": {
+ "type": "date"
+ },
+ "not_before": {
+ "type": "date"
+ },
+ "public_key_algorithm": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "public_key_curve": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "public_key_exponent": {
+ "index": false,
+ "type": "long"
+ },
+ "public_key_size": {
+ "type": "long"
+ },
+ "serial_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "signature_algorithm": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "subject": {
+ "properties": {
+ "common_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "country": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "distinguished_name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "locality": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organization": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "organizational_unit": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "state_or_province": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ },
+ "version_number": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "settings": {
+ "index": {
+ "codec": "best_compression",
+ "lifecycle": {
+ "name": "apm-rollover-30-days",
+ "rollover_alias": "apm-8.0.0-transaction"
+ },
+ "mapping": {
+ "total_fields": {
+ "limit": "2000"
+ }
+ },
+ "max_docvalue_fields_search": "200",
+ "number_of_replicas": "1",
+ "number_of_shards": "1",
+ "priority": "100",
+ "refresh_interval": "5s"
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/fixtures/es_archiver/archives_metadata.ts b/x-pack/plugins/apm/ftr_e2e/cypress/fixtures/es_archiver/archives_metadata.ts
new file mode 100644
index 000000000000..75a71d8fe81b
--- /dev/null
+++ b/x-pack/plugins/apm/ftr_e2e/cypress/fixtures/es_archiver/archives_metadata.ts
@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+/* eslint-disable import/no-default-export*/
+export default {
+ 'apm_8.0.0': {
+ start: '2020-12-08T13:57:56.135Z',
+ end: '2020-12-08T14:27:56.135Z',
+ },
+};
diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/integration/home.spec.ts b/x-pack/plugins/apm/ftr_e2e/cypress/integration/home.spec.ts
new file mode 100644
index 000000000000..2d92d003fef7
--- /dev/null
+++ b/x-pack/plugins/apm/ftr_e2e/cypress/integration/home.spec.ts
@@ -0,0 +1,20 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+describe('Home page', () => {
+ it('Redirects to service page with rangeFrom and rangeTo added to the URL', () => {
+ const endDate = new Date(Cypress.env('END_DATE'));
+ cy.clock(endDate);
+
+ cy.visit('/app/apm');
+
+ cy.url().should(
+ 'include',
+ 'app/apm/services?rangeFrom=now-15m&rangeTo=now'
+ );
+ cy.get('.euiTabs .euiTab-isSelected').contains('Services');
+ });
+});
diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/plugins/index.js b/x-pack/plugins/apm/ftr_e2e/cypress/plugins/index.js
new file mode 100644
index 000000000000..5b08694f4ef4
--- /dev/null
+++ b/x-pack/plugins/apm/ftr_e2e/cypress/plugins/index.js
@@ -0,0 +1,27 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+///
+// ***********************************************************
+// This example plugins/index.js can be used to load plugins
+//
+// You can change the location of this file or turn off loading
+// the plugins file with the 'pluginsFile' configuration option.
+//
+// You can read more here:
+// https://on.cypress.io/plugins-guide
+// ***********************************************************
+
+// This function is called when a project is opened or re-opened (e.g. due to
+// the project's config changing)
+
+/**
+ * @type {Cypress.PluginConfig}
+ */
+module.exports = () => {
+ // `on` is used to hook into various events Cypress emits
+ // `config` is the resolved Cypress config
+};
diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/support/commands.js b/x-pack/plugins/apm/ftr_e2e/cypress/support/commands.js
new file mode 100644
index 000000000000..37cfbc685ce7
--- /dev/null
+++ b/x-pack/plugins/apm/ftr_e2e/cypress/support/commands.js
@@ -0,0 +1,31 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+// ***********************************************
+// This example commands.js shows you how to
+// create various custom commands and overwrite
+// existing commands.
+//
+// For more comprehensive examples of custom
+// commands please read more here:
+// https://on.cypress.io/custom-commands
+// ***********************************************
+//
+//
+// -- This is a parent command --
+// Cypress.Commands.add("login", (email, password) => { ... })
+//
+//
+// -- This is a child command --
+// Cypress.Commands.add("drag", { prevSubject: 'element'}, (subject, options) => { ... })
+//
+//
+// -- This is a dual command --
+// Cypress.Commands.add("dismiss", { prevSubject: 'optional'}, (subject, options) => { ... })
+//
+//
+// -- This will overwrite an existing command --
+// Cypress.Commands.overwrite("visit", (originalFn, url, options) => { ... })
diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/support/index.js b/x-pack/plugins/apm/ftr_e2e/cypress/support/index.js
new file mode 100644
index 000000000000..b20865149d02
--- /dev/null
+++ b/x-pack/plugins/apm/ftr_e2e/cypress/support/index.js
@@ -0,0 +1,26 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+// ***********************************************************
+// This example support/index.js is processed and
+// loaded automatically before your test files.
+//
+// This is a great place to put global configuration and
+// behavior that modifies Cypress.
+//
+// You can change the location of this file or turn off
+// automatically serving support files with the
+// 'supportFile' configuration option.
+//
+// You can read more here:
+// https://on.cypress.io/configuration
+// ***********************************************************
+
+// Import commands.js using ES2015 syntax:
+import './commands';
+
+// Alternatively you can use CommonJS syntax:
+// require('./commands')
diff --git a/x-pack/plugins/apm/ftr_e2e/cypress_open.ts b/x-pack/plugins/apm/ftr_e2e/cypress_open.ts
new file mode 100644
index 000000000000..3cca5126c484
--- /dev/null
+++ b/x-pack/plugins/apm/ftr_e2e/cypress_open.ts
@@ -0,0 +1,19 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { FtrConfigProviderContext } from '@kbn/test/types/ftr';
+import { cypressOpenTests } from './cypress_start';
+
+async function openE2ETests({ readConfigFile }: FtrConfigProviderContext) {
+ const cypressConfig = await readConfigFile(require.resolve('./config.ts'));
+ return {
+ ...cypressConfig.getAll(),
+ testRunner: cypressOpenTests,
+ };
+}
+
+// eslint-disable-next-line import/no-default-export
+export default openE2ETests;
diff --git a/x-pack/plugins/apm/ftr_e2e/cypress_run.ts b/x-pack/plugins/apm/ftr_e2e/cypress_run.ts
new file mode 100644
index 000000000000..10b23ecad18e
--- /dev/null
+++ b/x-pack/plugins/apm/ftr_e2e/cypress_run.ts
@@ -0,0 +1,19 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { FtrConfigProviderContext } from '@kbn/test/types/ftr';
+import { cypressRunTests } from './cypress_start';
+
+async function runE2ETests({ readConfigFile }: FtrConfigProviderContext) {
+ const cypressConfig = await readConfigFile(require.resolve('./config.ts'));
+ return {
+ ...cypressConfig.getAll(),
+ testRunner: cypressRunTests,
+ };
+}
+
+// eslint-disable-next-line import/no-default-export
+export default runE2ETests;
diff --git a/x-pack/plugins/apm/ftr_e2e/cypress_start.ts b/x-pack/plugins/apm/ftr_e2e/cypress_start.ts
new file mode 100644
index 000000000000..1e46644e1caf
--- /dev/null
+++ b/x-pack/plugins/apm/ftr_e2e/cypress_start.ts
@@ -0,0 +1,39 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import Url from 'url';
+import cypress from 'cypress';
+import { FtrProviderContext } from './ftr_provider_context';
+import archives_metadata from './cypress/fixtures/es_archiver/archives_metadata';
+
+export async function cypressRunTests({ getService }: FtrProviderContext) {
+ await cypressStart(getService, cypress.run);
+}
+
+export async function cypressOpenTests({ getService }: FtrProviderContext) {
+ await cypressStart(getService, cypress.open);
+}
+
+async function cypressStart(
+ getService: FtrProviderContext['getService'],
+ cypressExecution: typeof cypress.run | typeof cypress.open
+) {
+ const config = getService('config');
+ const esArchiver = getService('esArchiver');
+
+ const archiveName = 'apm_8.0.0';
+ // Load apm data on ES
+ await esArchiver.load(archiveName);
+ const { start, end } = archives_metadata[archiveName];
+
+ await cypressExecution({
+ config: { baseUrl: Url.format(config.get('servers.kibana')) },
+ env: {
+ START_DATE: start,
+ END_DATE: end,
+ },
+ });
+}
diff --git a/x-pack/plugins/apm/ftr_e2e/ftr_provider_context.d.ts b/x-pack/plugins/apm/ftr_e2e/ftr_provider_context.d.ts
new file mode 100644
index 000000000000..e3add3748f56
--- /dev/null
+++ b/x-pack/plugins/apm/ftr_e2e/ftr_provider_context.d.ts
@@ -0,0 +1,11 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { GenericFtrProviderContext } from '@kbn/test/types/ftr';
+
+import { services } from './services';
+
+export type FtrProviderContext = GenericFtrProviderContext;
diff --git a/x-pack/plugins/apm/ftr_e2e/services.ts b/x-pack/plugins/apm/ftr_e2e/services.ts
new file mode 100644
index 000000000000..d8d69587be86
--- /dev/null
+++ b/x-pack/plugins/apm/ftr_e2e/services.ts
@@ -0,0 +1,7 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+export * from '../../../test/common/services';
diff --git a/x-pack/plugins/apm/ftr_e2e/tsconfig.json b/x-pack/plugins/apm/ftr_e2e/tsconfig.json
new file mode 100644
index 000000000000..168801f78260
--- /dev/null
+++ b/x-pack/plugins/apm/ftr_e2e/tsconfig.json
@@ -0,0 +1,15 @@
+{
+ "extends": "../../../../tsconfig.base.json",
+ "exclude": [
+ "tmp"
+ ],
+ "include": [
+ "./**/*"
+ ],
+ "compilerOptions": {
+ "types": [
+ "cypress",
+ "node"
+ ]
+ }
+}
\ No newline at end of file
diff --git a/x-pack/plugins/apm/scripts/create-functional-tests-archive/index.ts b/x-pack/plugins/apm/scripts/create-functional-tests-archive/index.ts
index 1bd3d8f2dffd..3fd8e5516c2e 100644
--- a/x-pack/plugins/apm/scripts/create-functional-tests-archive/index.ts
+++ b/x-pack/plugins/apm/scripts/create-functional-tests-archive/index.ts
@@ -121,8 +121,6 @@ async function run() {
};
const root = path.join(__dirname, '../../../../..');
- const commonDir = path.join(root, 'x-pack/test/apm_api_integration/common');
- const archivesDir = path.join(commonDir, 'fixtures/es_archiver');
const options = parseIndexUrl(esUrl);
@@ -154,14 +152,14 @@ async function run() {
) ?? [];
// create the archive
-
+ const tmpDir = path.join(__dirname, 'tmp/');
execSync(
`node scripts/es_archiver save ${archiveName} ${indicesWithDocs
.filter((index) => !index.startsWith('.kibana'))
.concat('.kibana')
.join(
','
- )} --dir=${archivesDir} --kibana-url=${kibanaUrl} --es-url=${esUrl} --query='${JSON.stringify(
+ )} --dir=${tmpDir} --kibana-url=${kibanaUrl} --es-url=${esUrl} --query='${JSON.stringify(
query
)}'`,
{
@@ -173,7 +171,7 @@ async function run() {
const currentConfig = {};
// get the current metadata and extend/override metadata for the new archive
- const configFilePath = path.join(commonDir, 'archives_metadata.ts');
+ const configFilePath = path.join(tmpDir, 'archives_metadata.ts');
try {
Object.assign(currentConfig, (await import(configFilePath)).default);
@@ -191,16 +189,35 @@ async function run() {
fs.writeFileSync(
configFilePath,
- `export default ${JSON.stringify(newConfig, null, 2)}`,
+ `
+ /* eslint-disable import/no-default-export*/
+ export default ${JSON.stringify(newConfig, null, 2)}`,
{ encoding: 'utf-8' }
);
// run ESLint on the generated metadata files
-
execSync('node scripts/eslint **/*/archives_metadata.ts --fix', {
cwd: root,
stdio: 'inherit',
});
+
+ const esArchiverDir = 'fixtures/es_archiver/';
+
+ const apiIntegrationDir = path.join(
+ root,
+ 'x-pack/test/apm_api_integration/common',
+ esArchiverDir
+ );
+ const e2eDir = path.join(__dirname, '../../ftr_e2e/cypress', esArchiverDir);
+
+ // Copy generated files to e2e test folder
+ execSync(`cp -r ${tmpDir} ${e2eDir}`);
+
+ // Copy generated files to API integration test folder
+ execSync(`cp -r ${tmpDir} ${apiIntegrationDir}`);
+
+ // Delete tmp folder
+ execSync(`rm -rf ${tmpDir}`);
}
run()
diff --git a/x-pack/plugins/apm/scripts/ftr_e2e/cypress_open.js b/x-pack/plugins/apm/scripts/ftr_e2e/cypress_open.js
new file mode 100644
index 000000000000..7b3987799655
--- /dev/null
+++ b/x-pack/plugins/apm/scripts/ftr_e2e/cypress_open.js
@@ -0,0 +1,14 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+const childProcess = require('child_process');
+const path = require('path');
+
+const e2eDir = path.join(__dirname, '../../ftr_e2e');
+
+childProcess.execSync(
+ `node ../../../../scripts/functional_tests --config ./cypress_open.ts`,
+ { cwd: e2eDir, stdio: 'inherit' }
+);
diff --git a/x-pack/plugins/apm/scripts/ftr_e2e/cypress_run.js b/x-pack/plugins/apm/scripts/ftr_e2e/cypress_run.js
new file mode 100644
index 000000000000..6411430beac8
--- /dev/null
+++ b/x-pack/plugins/apm/scripts/ftr_e2e/cypress_run.js
@@ -0,0 +1,14 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+const childProcess = require('child_process');
+const path = require('path');
+
+const e2eDir = path.join(__dirname, '../../ftr_e2e');
+
+childProcess.execSync(
+ `node ../../../../scripts/functional_tests --config ./cypress_run.ts`,
+ { cwd: e2eDir, stdio: 'inherit' }
+);
diff --git a/x-pack/test/apm_api_integration/basic/tests/alerts/chart_preview.ts b/x-pack/test/apm_api_integration/basic/tests/alerts/chart_preview.ts
index 3119de47a863..46c0dbeb8940 100644
--- a/x-pack/test/apm_api_integration/basic/tests/alerts/chart_preview.ts
+++ b/x-pack/test/apm_api_integration/basic/tests/alerts/chart_preview.ts
@@ -6,7 +6,7 @@
import expect from '@kbn/expect';
import { format } from 'url';
-import archives from '../../../common/archives_metadata';
+import archives from '../../../common/fixtures/es_archiver/archives_metadata';
import { FtrProviderContext } from '../../../common/ftr_provider_context';
export default function ApiTest({ getService }: FtrProviderContext) {
diff --git a/x-pack/test/apm_api_integration/basic/tests/observability_overview/observability_overview.ts b/x-pack/test/apm_api_integration/basic/tests/observability_overview/observability_overview.ts
index 268bbec6b092..f7c459029c7f 100644
--- a/x-pack/test/apm_api_integration/basic/tests/observability_overview/observability_overview.ts
+++ b/x-pack/test/apm_api_integration/basic/tests/observability_overview/observability_overview.ts
@@ -4,7 +4,7 @@
* you may not use this file except in compliance with the Elastic License.
*/
import expect from '@kbn/expect';
-import archives_metadata from '../../../common/archives_metadata';
+import archives_metadata from '../../../common/fixtures/es_archiver/archives_metadata';
import { FtrProviderContext } from '../../../common/ftr_provider_context';
export default function ApiTest({ getService }: FtrProviderContext) {
diff --git a/x-pack/test/apm_api_integration/basic/tests/service_maps/service_maps.ts b/x-pack/test/apm_api_integration/basic/tests/service_maps/service_maps.ts
index 3820a7665105..f44b1561f2a5 100644
--- a/x-pack/test/apm_api_integration/basic/tests/service_maps/service_maps.ts
+++ b/x-pack/test/apm_api_integration/basic/tests/service_maps/service_maps.ts
@@ -5,7 +5,7 @@
*/
import expect from '@kbn/expect';
-import archives_metadata from '../../../common/archives_metadata';
+import archives_metadata from '../../../common/fixtures/es_archiver/archives_metadata';
import { FtrProviderContext } from '../../../common/ftr_provider_context';
export default function serviceMapsApiTests({ getService }: FtrProviderContext) {
diff --git a/x-pack/test/apm_api_integration/basic/tests/service_overview/dependencies/index.ts b/x-pack/test/apm_api_integration/basic/tests/service_overview/dependencies/index.ts
index 3349580f5906..aeb5d1256796 100644
--- a/x-pack/test/apm_api_integration/basic/tests/service_overview/dependencies/index.ts
+++ b/x-pack/test/apm_api_integration/basic/tests/service_overview/dependencies/index.ts
@@ -13,7 +13,7 @@ import { isFiniteNumber } from '../../../../../../plugins/apm/common/utils/is_fi
import { APIReturnType } from '../../../../../../plugins/apm/public/services/rest/createCallApmApi';
import { ENVIRONMENT_ALL } from '../../../../../../plugins/apm/common/environment_filter_values';
import { FtrProviderContext } from '../../../../../common/ftr_provider_context';
-import archives from '../../../../common/archives_metadata';
+import archives from '../../../../common/fixtures/es_archiver/archives_metadata';
import { apmDependenciesMapping, createServiceDependencyDocs } from './es_utils';
const round = (num: Maybe): string => (isFiniteNumber(num) ? num.toPrecision(4) : '');
diff --git a/x-pack/test/apm_api_integration/basic/tests/service_overview/error_groups.ts b/x-pack/test/apm_api_integration/basic/tests/service_overview/error_groups.ts
index eb89f435082a..7d1c05960f3e 100644
--- a/x-pack/test/apm_api_integration/basic/tests/service_overview/error_groups.ts
+++ b/x-pack/test/apm_api_integration/basic/tests/service_overview/error_groups.ts
@@ -8,7 +8,7 @@ import expect from '@kbn/expect';
import qs from 'querystring';
import { pick, uniqBy } from 'lodash';
import { FtrProviderContext } from '../../../../common/ftr_provider_context';
-import archives from '../../../common/archives_metadata';
+import archives from '../../../common/fixtures/es_archiver/archives_metadata';
export default function ApiTest({ getService }: FtrProviderContext) {
const supertest = getService('supertest');
diff --git a/x-pack/test/apm_api_integration/basic/tests/service_overview/instances.ts b/x-pack/test/apm_api_integration/basic/tests/service_overview/instances.ts
index 04fe1d501c86..2227a8c09a6c 100644
--- a/x-pack/test/apm_api_integration/basic/tests/service_overview/instances.ts
+++ b/x-pack/test/apm_api_integration/basic/tests/service_overview/instances.ts
@@ -10,7 +10,7 @@ import { pick, sortBy } from 'lodash';
import { isFiniteNumber } from '../../../../../plugins/apm/common/utils/is_finite_number';
import { APIReturnType } from '../../../../../plugins/apm/public/services/rest/createCallApmApi';
import { FtrProviderContext } from '../../../../common/ftr_provider_context';
-import archives from '../../../common/archives_metadata';
+import archives from '../../../common/fixtures/es_archiver/archives_metadata';
export default function ApiTest({ getService }: FtrProviderContext) {
const supertest = getService('supertest');
diff --git a/x-pack/test/apm_api_integration/basic/tests/services/agent_name.ts b/x-pack/test/apm_api_integration/basic/tests/services/agent_name.ts
index ee835fde680e..cea8fb5da242 100644
--- a/x-pack/test/apm_api_integration/basic/tests/services/agent_name.ts
+++ b/x-pack/test/apm_api_integration/basic/tests/services/agent_name.ts
@@ -6,7 +6,7 @@
import expect from '@kbn/expect';
import { FtrProviderContext } from '../../../../common/ftr_provider_context';
-import archives from '../../../common/archives_metadata';
+import archives from '../../../common/fixtures/es_archiver/archives_metadata';
export default function ApiTest({ getService }: FtrProviderContext) {
const supertest = getService('supertest');
diff --git a/x-pack/test/apm_api_integration/basic/tests/services/service_details.ts b/x-pack/test/apm_api_integration/basic/tests/services/service_details.ts
index 283fa6d17c15..54bd16e6f78c 100644
--- a/x-pack/test/apm_api_integration/basic/tests/services/service_details.ts
+++ b/x-pack/test/apm_api_integration/basic/tests/services/service_details.ts
@@ -7,7 +7,7 @@
import expect from '@kbn/expect';
import url from 'url';
import { FtrProviderContext } from '../../../../common/ftr_provider_context';
-import archives from '../../../common/archives_metadata';
+import archives from '../../../common/fixtures/es_archiver/archives_metadata';
export default function ApiTest({ getService }: FtrProviderContext) {
const supertest = getService('supertest');
diff --git a/x-pack/test/apm_api_integration/basic/tests/services/service_icons.ts b/x-pack/test/apm_api_integration/basic/tests/services/service_icons.ts
index 3b8fcccca693..4b79de14551d 100644
--- a/x-pack/test/apm_api_integration/basic/tests/services/service_icons.ts
+++ b/x-pack/test/apm_api_integration/basic/tests/services/service_icons.ts
@@ -7,7 +7,7 @@
import expect from '@kbn/expect';
import url from 'url';
import { FtrProviderContext } from '../../../../common/ftr_provider_context';
-import archives from '../../../common/archives_metadata';
+import archives from '../../../common/fixtures/es_archiver/archives_metadata';
export default function ApiTest({ getService }: FtrProviderContext) {
const supertest = getService('supertest');
diff --git a/x-pack/test/apm_api_integration/basic/tests/services/throughput.ts b/x-pack/test/apm_api_integration/basic/tests/services/throughput.ts
index 94ad26f69c49..07a1442d751b 100644
--- a/x-pack/test/apm_api_integration/basic/tests/services/throughput.ts
+++ b/x-pack/test/apm_api_integration/basic/tests/services/throughput.ts
@@ -6,7 +6,7 @@
import expect from '@kbn/expect';
import qs from 'querystring';
import { first, last } from 'lodash';
-import archives_metadata from '../../../common/archives_metadata';
+import archives_metadata from '../../../common/fixtures/es_archiver/archives_metadata';
import { FtrProviderContext } from '../../../common/ftr_provider_context';
export default function ApiTest({ getService }: FtrProviderContext) {
diff --git a/x-pack/test/apm_api_integration/basic/tests/services/top_services.ts b/x-pack/test/apm_api_integration/basic/tests/services/top_services.ts
index b16067767333..98bfe84cf56e 100644
--- a/x-pack/test/apm_api_integration/basic/tests/services/top_services.ts
+++ b/x-pack/test/apm_api_integration/basic/tests/services/top_services.ts
@@ -8,7 +8,7 @@ import expect from '@kbn/expect';
import { isEmpty, pick, sortBy } from 'lodash';
import { APIReturnType } from '../../../../../plugins/apm/public/services/rest/createCallApmApi';
import { FtrProviderContext } from '../../../common/ftr_provider_context';
-import archives_metadata from '../../../common/archives_metadata';
+import archives_metadata from '../../../common/fixtures/es_archiver/archives_metadata';
export default function ApiTest({ getService }: FtrProviderContext) {
const supertest = getService('supertest');
diff --git a/x-pack/test/apm_api_integration/basic/tests/services/transaction_types.ts b/x-pack/test/apm_api_integration/basic/tests/services/transaction_types.ts
index 40b6db6997f8..fcfe1660d58e 100644
--- a/x-pack/test/apm_api_integration/basic/tests/services/transaction_types.ts
+++ b/x-pack/test/apm_api_integration/basic/tests/services/transaction_types.ts
@@ -5,7 +5,7 @@
*/
import expect from '@kbn/expect';
-import archives_metadata from '../../../common/archives_metadata';
+import archives_metadata from '../../../common/fixtures/es_archiver/archives_metadata';
import { FtrProviderContext } from '../../../../common/ftr_provider_context';
export default function ApiTest({ getService }: FtrProviderContext) {
diff --git a/x-pack/test/apm_api_integration/basic/tests/traces/top_traces.ts b/x-pack/test/apm_api_integration/basic/tests/traces/top_traces.ts
index 73659c3d4c58..2ce3ba383829 100644
--- a/x-pack/test/apm_api_integration/basic/tests/traces/top_traces.ts
+++ b/x-pack/test/apm_api_integration/basic/tests/traces/top_traces.ts
@@ -5,7 +5,7 @@
*/
import expect from '@kbn/expect';
import { sortBy } from 'lodash';
-import archives_metadata from '../../../common/archives_metadata';
+import archives_metadata from '../../../common/fixtures/es_archiver/archives_metadata';
import { FtrProviderContext } from '../../../../common/ftr_provider_context';
export default function ApiTest({ getService }: FtrProviderContext) {
diff --git a/x-pack/test/apm_api_integration/basic/tests/transactions/breakdown.ts b/x-pack/test/apm_api_integration/basic/tests/transactions/breakdown.ts
index f5a668ac8454..947defca05d9 100644
--- a/x-pack/test/apm_api_integration/basic/tests/transactions/breakdown.ts
+++ b/x-pack/test/apm_api_integration/basic/tests/transactions/breakdown.ts
@@ -4,7 +4,7 @@
* you may not use this file except in compliance with the Elastic License.
*/
import expect from '@kbn/expect';
-import archives_metadata from '../../../common/archives_metadata';
+import archives_metadata from '../../../common/fixtures/es_archiver/archives_metadata';
import { FtrProviderContext } from '../../../common/ftr_provider_context';
export default function ApiTest({ getService }: FtrProviderContext) {
diff --git a/x-pack/test/apm_api_integration/basic/tests/transactions/distribution.ts b/x-pack/test/apm_api_integration/basic/tests/transactions/distribution.ts
index 924f8a318721..890b6af728d5 100644
--- a/x-pack/test/apm_api_integration/basic/tests/transactions/distribution.ts
+++ b/x-pack/test/apm_api_integration/basic/tests/transactions/distribution.ts
@@ -6,7 +6,7 @@
import expect from '@kbn/expect';
import qs from 'querystring';
import { isEmpty } from 'lodash';
-import archives_metadata from '../../../common/archives_metadata';
+import archives_metadata from '../../../common/fixtures/es_archiver/archives_metadata';
import { FtrProviderContext } from '../../../common/ftr_provider_context';
export default function ApiTest({ getService }: FtrProviderContext) {
diff --git a/x-pack/test/apm_api_integration/basic/tests/transactions/error_rate.ts b/x-pack/test/apm_api_integration/basic/tests/transactions/error_rate.ts
index e90d23aadcbb..22d9a7eba7fb 100644
--- a/x-pack/test/apm_api_integration/basic/tests/transactions/error_rate.ts
+++ b/x-pack/test/apm_api_integration/basic/tests/transactions/error_rate.ts
@@ -6,7 +6,7 @@
import expect from '@kbn/expect';
import { first, last } from 'lodash';
import { format } from 'url';
-import archives_metadata from '../../../common/archives_metadata';
+import archives_metadata from '../../../common/fixtures/es_archiver/archives_metadata';
import { FtrProviderContext } from '../../../common/ftr_provider_context';
export default function ApiTest({ getService }: FtrProviderContext) {
diff --git a/x-pack/test/apm_api_integration/basic/tests/transactions/latency.ts b/x-pack/test/apm_api_integration/basic/tests/transactions/latency.ts
index c657d3707241..3088f4fd481d 100644
--- a/x-pack/test/apm_api_integration/basic/tests/transactions/latency.ts
+++ b/x-pack/test/apm_api_integration/basic/tests/transactions/latency.ts
@@ -4,7 +4,7 @@
* you may not use this file except in compliance with the Elastic License.
*/
import expect from '@kbn/expect';
-import archives_metadata from '../../../common/archives_metadata';
+import archives_metadata from '../../../common/fixtures/es_archiver/archives_metadata';
import { PromiseReturnType } from '../../../../../plugins/observability/typings/common';
import { FtrProviderContext } from '../../../../common/ftr_provider_context';
diff --git a/x-pack/test/apm_api_integration/basic/tests/transactions/throughput.ts b/x-pack/test/apm_api_integration/basic/tests/transactions/throughput.ts
index 5a7daf8d4290..1013f3a19d71 100644
--- a/x-pack/test/apm_api_integration/basic/tests/transactions/throughput.ts
+++ b/x-pack/test/apm_api_integration/basic/tests/transactions/throughput.ts
@@ -5,7 +5,7 @@
*/
import expect from '@kbn/expect';
import url from 'url';
-import archives_metadata from '../../../common/archives_metadata';
+import archives_metadata from '../../../common/fixtures/es_archiver/archives_metadata';
import { PromiseReturnType } from '../../../../../plugins/observability/typings/common';
import { FtrProviderContext } from '../../../../common/ftr_provider_context';
diff --git a/x-pack/test/apm_api_integration/basic/tests/transactions/top_transaction_groups.ts b/x-pack/test/apm_api_integration/basic/tests/transactions/top_transaction_groups.ts
index a544021c58de..dac36ae8b330 100644
--- a/x-pack/test/apm_api_integration/basic/tests/transactions/top_transaction_groups.ts
+++ b/x-pack/test/apm_api_integration/basic/tests/transactions/top_transaction_groups.ts
@@ -5,7 +5,7 @@
*/
import expect from '@kbn/expect';
import { sortBy } from 'lodash';
-import archives_metadata from '../../../common/archives_metadata';
+import archives_metadata from '../../../common/fixtures/es_archiver/archives_metadata';
import { FtrProviderContext } from '../../../../common/ftr_provider_context';
function sortTransactionGroups(items: any[]) {
diff --git a/x-pack/test/apm_api_integration/basic/tests/transactions/transactions_groups_overview.ts b/x-pack/test/apm_api_integration/basic/tests/transactions/transactions_groups_overview.ts
index a95b5143c9ed..be978b2a8261 100644
--- a/x-pack/test/apm_api_integration/basic/tests/transactions/transactions_groups_overview.ts
+++ b/x-pack/test/apm_api_integration/basic/tests/transactions/transactions_groups_overview.ts
@@ -8,7 +8,7 @@ import expect from '@kbn/expect';
import { pick, uniqBy, sortBy } from 'lodash';
import url from 'url';
import { FtrProviderContext } from '../../../../common/ftr_provider_context';
-import archives from '../../../common/archives_metadata';
+import archives from '../../../common/fixtures/es_archiver/archives_metadata';
export default function ApiTest({ getService }: FtrProviderContext) {
const supertest = getService('supertest');
diff --git a/x-pack/test/apm_api_integration/common/archives_metadata.ts b/x-pack/test/apm_api_integration/common/fixtures/es_archiver/archives_metadata.ts
similarity index 100%
rename from x-pack/test/apm_api_integration/common/archives_metadata.ts
rename to x-pack/test/apm_api_integration/common/fixtures/es_archiver/archives_metadata.ts
diff --git a/x-pack/test/apm_api_integration/trial/tests/correlations/slow_transactions.ts b/x-pack/test/apm_api_integration/trial/tests/correlations/slow_transactions.ts
index 5217a4be40da..9a868373292f 100644
--- a/x-pack/test/apm_api_integration/trial/tests/correlations/slow_transactions.ts
+++ b/x-pack/test/apm_api_integration/trial/tests/correlations/slow_transactions.ts
@@ -7,7 +7,7 @@
import expect from '@kbn/expect';
import { format } from 'url';
import { APIReturnType } from '../../../../../plugins/apm/public/services/rest/createCallApmApi';
-import archives_metadata from '../../../common/archives_metadata';
+import archives_metadata from '../../../common/fixtures/es_archiver/archives_metadata';
import { FtrProviderContext } from '../../../common/ftr_provider_context';
export default function ApiTest({ getService }: FtrProviderContext) {
diff --git a/x-pack/test/apm_api_integration/trial/tests/service_maps/service_maps.ts b/x-pack/test/apm_api_integration/trial/tests/service_maps/service_maps.ts
index 4dd376f8d778..02acd34ad566 100644
--- a/x-pack/test/apm_api_integration/trial/tests/service_maps/service_maps.ts
+++ b/x-pack/test/apm_api_integration/trial/tests/service_maps/service_maps.ts
@@ -7,7 +7,7 @@
import querystring from 'querystring';
import expect from '@kbn/expect';
import { isEmpty, uniq } from 'lodash';
-import archives_metadata from '../../../common/archives_metadata';
+import archives_metadata from '../../../common/fixtures/es_archiver/archives_metadata';
import { PromiseReturnType } from '../../../../../plugins/observability/typings/common';
import { FtrProviderContext } from '../../../common/ftr_provider_context';
diff --git a/x-pack/test/apm_api_integration/trial/tests/services/top_services.ts b/x-pack/test/apm_api_integration/trial/tests/services/top_services.ts
index 92f9a96136f1..e37d98b41b7a 100644
--- a/x-pack/test/apm_api_integration/trial/tests/services/top_services.ts
+++ b/x-pack/test/apm_api_integration/trial/tests/services/top_services.ts
@@ -9,7 +9,7 @@ import { sortBy } from 'lodash';
import { APIReturnType } from '../../../../../plugins/apm/public/services/rest/createCallApmApi';
import { PromiseReturnType } from '../../../../../plugins/observability/typings/common';
import { FtrProviderContext } from '../../../common/ftr_provider_context';
-import archives_metadata from '../../../common/archives_metadata';
+import archives_metadata from '../../../common/fixtures/es_archiver/archives_metadata';
export default function ApiTest({ getService }: FtrProviderContext) {
const supertest = getService('supertest');
diff --git a/x-pack/test/apm_api_integration/trial/tests/transactions/latency.ts b/x-pack/test/apm_api_integration/trial/tests/transactions/latency.ts
index a841dc763526..e0b9559be720 100644
--- a/x-pack/test/apm_api_integration/trial/tests/transactions/latency.ts
+++ b/x-pack/test/apm_api_integration/trial/tests/transactions/latency.ts
@@ -7,7 +7,7 @@
import expect from '@kbn/expect';
import { PromiseReturnType } from '../../../../../plugins/observability/typings/common';
import { FtrProviderContext } from '../../../common/ftr_provider_context';
-import archives_metadata from '../../../common/archives_metadata';
+import archives_metadata from '../../../common/fixtures/es_archiver/archives_metadata';
export default function ApiTest({ getService }: FtrProviderContext) {
const supertest = getService('supertest');
diff --git a/x-pack/tsconfig.json b/x-pack/tsconfig.json
index 56444ed80bc9..c68d93903e70 100644
--- a/x-pack/tsconfig.json
+++ b/x-pack/tsconfig.json
@@ -1,8 +1,14 @@
{
"extends": "../tsconfig.base.json",
- "include": ["mocks.ts", "typings/**/*", "plugins/**/*", "tasks/**/*"],
+ "include": [
+ "mocks.ts",
+ "typings/**/*",
+ "plugins/**/*",
+ "tasks/**/*"
+ ],
"exclude": [
"plugins/apm/e2e/cypress/**/*",
+ "plugins/apm/ftr_e2e/**/*",
"plugins/apm/scripts/**/*",
"plugins/console_extensions/**/*",
"plugins/data_enhanced/**/*",
@@ -32,58 +38,161 @@
"incremental": false
},
"references": [
- { "path": "../src/core/tsconfig.json" },
- { "path": "../src/plugins/telemetry_management_section/tsconfig.json" },
- { "path": "../src/plugins/management/tsconfig.json" },
- { "path": "../src/plugins/bfetch/tsconfig.json" },
- { "path": "../src/plugins/charts/tsconfig.json" },
- { "path": "../src/plugins/console/tsconfig.json" },
- { "path": "../src/plugins/dashboard/tsconfig.json" },
- { "path": "../src/plugins/discover/tsconfig.json" },
- { "path": "../src/plugins/data/tsconfig.json" },
- { "path": "../src/plugins/dev_tools/tsconfig.json" },
- { "path": "../src/plugins/embeddable/tsconfig.json" },
- { "path": "../src/plugins/es_ui_shared/tsconfig.json" },
- { "path": "../src/plugins/expressions/tsconfig.json" },
- { "path": "../src/plugins/home/tsconfig.json" },
- { "path": "../src/plugins/inspector/tsconfig.json" },
- { "path": "../src/plugins/kibana_legacy/tsconfig.json" },
- { "path": "../src/plugins/kibana_react/tsconfig.json" },
- { "path": "../src/plugins/kibana_usage_collection/tsconfig.json" },
- { "path": "../src/plugins/kibana_utils/tsconfig.json" },
- { "path": "../src/plugins/navigation/tsconfig.json" },
- { "path": "../src/plugins/newsfeed/tsconfig.json" },
- { "path": "../src/plugins/saved_objects/tsconfig.json" },
- { "path": "../src/plugins/saved_objects_management/tsconfig.json" },
- { "path": "../src/plugins/saved_objects_tagging_oss/tsconfig.json" },
- { "path": "../src/plugins/presentation_util/tsconfig.json" },
- { "path": "../src/plugins/security_oss/tsconfig.json" },
- { "path": "../src/plugins/share/tsconfig.json" },
- { "path": "../src/plugins/telemetry/tsconfig.json" },
- { "path": "../src/plugins/telemetry_collection_manager/tsconfig.json" },
- { "path": "../src/plugins/url_forwarding/tsconfig.json" },
- { "path": "../src/plugins/ui_actions/tsconfig.json" },
- { "path": "../src/plugins/url_forwarding/tsconfig.json" },
- { "path": "../src/plugins/usage_collection/tsconfig.json" },
-
- { "path": "./plugins/console_extensions/tsconfig.json" },
- { "path": "./plugins/data_enhanced/tsconfig.json" },
- { "path": "./plugins/discover_enhanced/tsconfig.json" },
- { "path": "./plugins/global_search/tsconfig.json" },
- { "path": "./plugins/global_search_providers/tsconfig.json" },
- { "path": "./plugins/features/tsconfig.json" },
- { "path": "./plugins/graph/tsconfig.json" },
- { "path": "./plugins/embeddable_enhanced/tsconfig.json" },
- { "path": "./plugins/event_log/tsconfig.json"},
- { "path": "./plugins/licensing/tsconfig.json" },
- { "path": "./plugins/searchprofiler/tsconfig.json" },
- { "path": "./plugins/task_manager/tsconfig.json" },
- { "path": "./plugins/telemetry_collection_xpack/tsconfig.json" },
- { "path": "./plugins/ui_actions_enhanced/tsconfig.json" },
- { "path": "./plugins/vis_type_timeseries_enhanced/tsconfig.json" },
- { "path": "./plugins/translations/tsconfig.json" },
- { "path": "./plugins/spaces/tsconfig.json" },
- { "path": "./plugins/security/tsconfig.json" },
- { "path": "./plugins/encrypted_saved_objects/tsconfig.json" }
+ {
+ "path": "../src/core/tsconfig.json"
+ },
+ {
+ "path": "../src/plugins/telemetry_management_section/tsconfig.json"
+ },
+ {
+ "path": "../src/plugins/management/tsconfig.json"
+ },
+ {
+ "path": "../src/plugins/bfetch/tsconfig.json"
+ },
+ {
+ "path": "../src/plugins/charts/tsconfig.json"
+ },
+ {
+ "path": "../src/plugins/console/tsconfig.json"
+ },
+ {
+ "path": "../src/plugins/dashboard/tsconfig.json"
+ },
+ {
+ "path": "../src/plugins/discover/tsconfig.json"
+ },
+ {
+ "path": "../src/plugins/data/tsconfig.json"
+ },
+ {
+ "path": "../src/plugins/dev_tools/tsconfig.json"
+ },
+ {
+ "path": "../src/plugins/embeddable/tsconfig.json"
+ },
+ {
+ "path": "../src/plugins/es_ui_shared/tsconfig.json"
+ },
+ {
+ "path": "../src/plugins/expressions/tsconfig.json"
+ },
+ {
+ "path": "../src/plugins/home/tsconfig.json"
+ },
+ {
+ "path": "../src/plugins/inspector/tsconfig.json"
+ },
+ {
+ "path": "../src/plugins/kibana_legacy/tsconfig.json"
+ },
+ {
+ "path": "../src/plugins/kibana_react/tsconfig.json"
+ },
+ {
+ "path": "../src/plugins/kibana_usage_collection/tsconfig.json"
+ },
+ {
+ "path": "../src/plugins/kibana_utils/tsconfig.json"
+ },
+ {
+ "path": "../src/plugins/navigation/tsconfig.json"
+ },
+ {
+ "path": "../src/plugins/newsfeed/tsconfig.json"
+ },
+ {
+ "path": "../src/plugins/saved_objects/tsconfig.json"
+ },
+ {
+ "path": "../src/plugins/saved_objects_management/tsconfig.json"
+ },
+ {
+ "path": "../src/plugins/saved_objects_tagging_oss/tsconfig.json"
+ },
+ {
+ "path": "../src/plugins/presentation_util/tsconfig.json"
+ },
+ {
+ "path": "../src/plugins/security_oss/tsconfig.json"
+ },
+ {
+ "path": "../src/plugins/share/tsconfig.json"
+ },
+ {
+ "path": "../src/plugins/telemetry/tsconfig.json"
+ },
+ {
+ "path": "../src/plugins/telemetry_collection_manager/tsconfig.json"
+ },
+ {
+ "path": "../src/plugins/url_forwarding/tsconfig.json"
+ },
+ {
+ "path": "../src/plugins/ui_actions/tsconfig.json"
+ },
+ {
+ "path": "../src/plugins/url_forwarding/tsconfig.json"
+ },
+ {
+ "path": "../src/plugins/usage_collection/tsconfig.json"
+ },
+ {
+ "path": "./plugins/console_extensions/tsconfig.json"
+ },
+ {
+ "path": "./plugins/data_enhanced/tsconfig.json"
+ },
+ {
+ "path": "./plugins/discover_enhanced/tsconfig.json"
+ },
+ {
+ "path": "./plugins/global_search/tsconfig.json"
+ },
+ {
+ "path": "./plugins/global_search_providers/tsconfig.json"
+ },
+ {
+ "path": "./plugins/features/tsconfig.json"
+ },
+ {
+ "path": "./plugins/graph/tsconfig.json"
+ },
+ {
+ "path": "./plugins/embeddable_enhanced/tsconfig.json"
+ },
+ {
+ "path": "./plugins/event_log/tsconfig.json"
+ },
+ {
+ "path": "./plugins/licensing/tsconfig.json"
+ },
+ {
+ "path": "./plugins/searchprofiler/tsconfig.json"
+ },
+ {
+ "path": "./plugins/task_manager/tsconfig.json"
+ },
+ {
+ "path": "./plugins/telemetry_collection_xpack/tsconfig.json"
+ },
+ {
+ "path": "./plugins/ui_actions_enhanced/tsconfig.json"
+ },
+ {
+ "path": "./plugins/vis_type_timeseries_enhanced/tsconfig.json"
+ },
+ {
+ "path": "./plugins/translations/tsconfig.json"
+ },
+ {
+ "path": "./plugins/spaces/tsconfig.json"
+ },
+ {
+ "path": "./plugins/security/tsconfig.json"
+ },
+ {
+ "path": "./plugins/encrypted_saved_objects/tsconfig.json"
+ }
]
-}
+}
\ No newline at end of file