From 54a6a944aa362a2eb8739f82e307873a49dfce1a Mon Sep 17 00:00:00 2001 From: t3chn0m4g3 Date: Tue, 25 Aug 2020 12:25:59 +0000 Subject: [PATCH] prep for ipphoney --- docker/elk/logstash/dist/logstash.conf | 1 + docker/elk/logstash/dist/update.sh | 38 +++++++++++++++++++++++++- 2 files changed, 38 insertions(+), 1 deletion(-) diff --git a/docker/elk/logstash/dist/logstash.conf b/docker/elk/logstash/dist/logstash.conf index 530e38fd..2e486f34 100644 --- a/docker/elk/logstash/dist/logstash.conf +++ b/docker/elk/logstash/dist/logstash.conf @@ -429,6 +429,7 @@ filter { } mutate { rename => { + "query" => "ipp_query" "content_type" => "http.http_content_type" "dst_port" => "dest_port" "dst_ip" => "dest_ip" diff --git a/docker/elk/logstash/dist/update.sh b/docker/elk/logstash/dist/update.sh index 29e0df5e..fb4555ed 100644 --- a/docker/elk/logstash/dist/update.sh +++ b/docker/elk/logstash/dist/update.sh @@ -56,6 +56,42 @@ curl -s -XPUT "http://elasticsearch:9200/_template/logstash" -H 'Content-Type: a "index.query": { "default_field": "*" } - } + }, + "mappings" : { + "dynamic_templates" : [ { + "message_field" : { + "path_match" : "message", + "match_mapping_type" : "string", + "mapping" : { + "type" : "text", + "norms" : false + } + } + }, { + "string_fields" : { + "match" : "*", + "match_mapping_type" : "string", + "mapping" : { + "type" : "text", "norms" : false, + "fields" : { + "keyword" : { "type": "keyword", "ignore_above": 256 } + } + } + } + } ], + "properties" : { + "@timestamp": { "type": "date"}, + "@version": { "type": "keyword"}, + "geoip" : { + "dynamic": true, + "properties" : { + "ip": { "type": "ip" }, + "location" : { "type" : "geo_point" }, + "latitude" : { "type" : "half_float" }, + "longitude" : { "type" : "half_float" } + } + } + } + } }' echo