METRON-1393: Fix bro Elasticsearch template (mmiklavc via mmiklavc) closes apache/metron#893
Project: http://git-wip-us.apache.org/repos/asf/metron/repo Commit: http://git-wip-us.apache.org/repos/asf/metron/commit/6f869ae5 Tree: http://git-wip-us.apache.org/repos/asf/metron/tree/6f869ae5 Diff: http://git-wip-us.apache.org/repos/asf/metron/diff/6f869ae5 Branch: refs/heads/feature/METRON-1211-extensions-parsers-gradual Commit: 6f869ae55addc884e6734bef72c854db478b6ee4 Parents: c559ed7 Author: mmiklavc <[email protected]> Authored: Wed Jan 10 10:55:48 2018 -0700 Committer: Michael Miklavcic <[email protected]> Committed: Wed Jan 10 10:55:48 2018 -0700 ---------------------------------------------------------------------- .../CURRENT/package/files/bro_index.template | 75 ++++++++++---------- 1 file changed, 38 insertions(+), 37 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/metron/blob/6f869ae5/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/files/bro_index.template ---------------------------------------------------------------------- diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/files/bro_index.template b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/files/bro_index.template index 01d4f7b..30f2591 100644 --- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/files/bro_index.template +++ b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/files/bro_index.template @@ -241,12 +241,10 @@ "type": "integer" }, "info_msg": { - "type": "string", - "index": "not_analyzed" + "type": "keyword" }, "tags": { - "type": "string", - "index": "not_analyzed" + "type": "keyword" }, "username": { "type": "keyword" @@ -255,26 +253,31 @@ "type": "keyword" }, "proxied": { - "type": "string", - "index": "not_analyzed" + "type": "keyword" }, "orig_fuids": { - "type": "string" + "type": "text", + "fielddata": "true" }, "orig_filenames": { - "type": "string" + "type": "text", + "fielddata": "true" }, "orig_mime_types": { - "type": "string" + "type": "text", + "fielddata": "true" }, "resp_fuids": { - "type": "string" + "type": "text", + "fielddata": "true" }, "resp_filenames": { - "type": "string" + "type": "text", + "fielddata": "true" }, "resp_mime_types": { - "type": "string" + "type": "text", + "fielddata": "true" }, /* * DNS log support @@ -298,8 +301,7 @@ "type": "long" }, "rtt": { - "type": "string", - "index": "not_analyzed" + "type": "keyword" }, "query": { "type": "keyword" @@ -342,7 +344,8 @@ "fielddata": "true" }, "TTLs": { - "type": "string" + "type": "text", + "fielddata": "true" }, "rejected": { "type": "boolean" @@ -555,8 +558,7 @@ "type": "keyword" }, "extracted": { - "type": "string", - "index": "not_analyzed" + "type": "keyword" }, "extracted_cutoff": { "type": "boolean" @@ -640,7 +642,8 @@ "analyzer": "simple" }, "cc": { - "type": "string", + "type": "text", + "fielddata": "true", "analyzer": "simple" }, "reply_to": { @@ -708,8 +711,7 @@ "type": "boolean" }, "server_appdata": { - "type": "string", - "index": "not_analyzed" + "type": "keyword" }, "client_appdata": { "type": "boolean" @@ -724,26 +726,24 @@ "type": "boolean" }, "cert_chain_fuids": { - "type": "string" + "type": "text", + "fielddata": "true" }, "client_cert_chain_fuids": { - "type": "string" + "type": "text", + "fielddata": "true" }, "issuer": { - "type": "string", - "index": "not_analyzed" + "type": "keyword" }, "client_subject": { - "type": "string", - "index": "not_analyzed" + "type": "keyword" }, "client_issuer": { - "type": "string", - "index": "not_analyzed" + "type": "keyword" }, "validation_status": { - "type": "string", - "index": "not_analyzed" + "type": "keyword" }, /* * Weird log support @@ -837,13 +837,16 @@ "type": "boolean" }, "remote_location:country_code": { - "type": "string" + "type": "text", + "fielddata": "true" }, "remote_location:region": { - "type": "string" + "type": "text", + "fielddata": "true" }, "remote_location:city": { - "type": "string" + "type": "text", + "fielddata": "true" }, "remote_location:latitude": { "type": "double" @@ -986,15 +989,13 @@ "type": "keyword" }, "reply_msg": { - "type": "string", - "index": "not_analyzed" + "type": "keyword" }, "result": { "type": "keyword" }, "ttl": { - "type": "string", - "index": "not_analyzed" + "type": "keyword" }, /* * X509 log support
