ramackri commented on code in PR #986:
URL: https://github.com/apache/ranger/pull/986#discussion_r3317267402
##########
dev-support/ranger-docker/scripts/opensearch/ranger_es_schema.json:
##########
@@ -0,0 +1,133 @@
+{
+ "properties": {
+ "_expire_at_": {
+ "type": "date",
+ "store": true,
+ "doc_values": true
+ },
+ "_ttl_": {
+ "type": "text",
+ "store": true
+ },
+ "_version_": {
+ "type": "long",
+ "store": true,
+ "index": false
+ },
+ "access": {
+ "type": "keyword"
+ },
+ "action": {
+ "type": "keyword"
+ },
+ "agent": {
+ "type": "keyword"
+ },
+ "agentHost": {
+ "type": "keyword"
+ },
+ "cliIP": {
+ "type": "keyword"
+ },
+ "cliType": {
+ "type": "keyword"
+ },
+ "cluster": {
+ "type": "keyword"
+ },
+ "reqContext": {
+ "type": "keyword"
+ },
+ "enforcer": {
+ "type": "keyword"
+ },
+ "event_count": {
+ "type": "long",
+ "doc_values": true
+ },
+ "event_dur_ms": {
+ "type": "long",
+ "doc_values": true
+ },
+ "evtTime": {
+ "type": "date",
+ "doc_values": true
+ },
+ "id": {
+ "type": "keyword",
+ "store": true
+ },
+ "logType": {
+ "type": "keyword"
+ },
+ "policy": {
+ "type": "long",
+ "doc_values": true
+ },
+ "proxyUsers": {
+ "type": "keyword"
+ },
+ "reason": {
+ "type": "text"
+ },
+ "repo": {
+ "type": "keyword"
+ },
+ "repoType": {
+ "type": "integer",
+ "doc_values": true
+ },
+ "req_caller_id": {
+ "type": "keyword"
+ },
+ "req_self_id": {
+ "type": "keyword"
+ },
+ "reqData": {
+ "type": "text"
+ },
+ "reqUser": {
+ "type": "keyword"
+ },
+ "resType": {
+ "type": "keyword"
+ },
+ "resource": {
+ "type": "keyword"
+ },
+ "result": {
+ "type": "integer"
+ },
+ "seq_num": {
+ "type": "long",
+ "doc_values": true
+ },
+ "sess": {
+ "type": "keyword"
+ },
+ "tags": {
+ "type": "keyword"
+ },
+ "tags_str": {
+ "type": "text"
+ },
+ "datasets": {
+ "type": "keyword"
+ },
+ "projects": {
+ "type": "keyword"
+ },
+ "datasetIds": {
+ "type": "long"
+ },
+ "text": {
+ "type": "text"
+ },
+ "zoneName": {
+ "type": "keyword"
+ },
+ "policyVersion": {
+ "type": "long"
+ }
+ }
+}
Review Comment:
AuditEventDocMapper indexes additionalInfo (line 93–94) but this schema has
no additionalInfo property. Relying on dynamic mapping may cause type conflicts
vs
security-admin/contrib/elasticsearch_for_audit_setup/conf/ranger_es_schema.json.
Align docker schema with contrib schema for Admin audit UI search.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
