es 新建索引
新建索引后
dac_db_test/test/_mappings post
{
“test”: {
“properties”: {
“server_name”: {
“type”: “keyword”,
“fields”: {
“keyword”: {
“ignore_above”: 256,
“type”: “keyword”
}
}
},
“suspicious_url”: {
“type”: “keyword”,
“fields”: {
“keyword”: {
“ignore_above”: 256,
“type”: “keyword”
}
}
},
“che_result_static”: {
“type”: “keyword”,
“fields”: {
“keyword”: {
“ignore_above”: 256,
“type”: “keyword”
}
}
},
“src_ip_city”: {
“type”: “keyword”,
“fields”: {
“keyword”: {
“ignore_above”: 256,
“type”: “keyword”
}
}
},
“user_name”: {
“type”: “keyword”,
“fields”: {
“keyword”: {
“ignore_above”: 256,
“type”: “keyword”
}
}
},
“file_direct”: {
“type”: “keyword”,
“fields”: {
“keyword”: {
“ignore_above”: 256,
“type”: “keyword”
}
}
},
“threat_score”: {
“type”: “keyword”,
“fields”: {
“keyword”: {
“ignore_above”: 256,
“type”: “keyword”
}
}
},
“dst_ip”: {
“type”: “keyword”,
“fields”: {
“keyword”: {
“ignore_above”: 256,
“type”: “keyword”
}
}
},
“src_ip”: {
“type”: “keyword”,
“fields”: {
“keyword”: {
“ignore_above”: 256,
“type”: “keyword”
}
}
},
“dst_ip_city”: {
“type”: “keyword”,
“fields”: {
“keyword”: {
“ignore_above”: 256,
“type”: “keyword”
}
}
},
“log_type”: {
“type”: “keyword”,
“fields”: {
“keyword”: {
“ignore_above”: 256,
“type”: “keyword”
}
}
},
“protocol”: {
“type”: “keyword”,
“fields”: {
“keyword”: {
“ignore_above”: 256,
“type”: “keyword”
}
}
},
“file_type”: {
“type”: “keyword”,
“fields”: {
“keyword”: {
“ignore_above”: 256,
“type”: “keyword”
}
}
},
“categories”: {
“type”: “keyword”,
“fields”: {
“keyword”: {
“ignore_above”: 256,
“type”: “keyword”
}
}
},
“suspicious_addr”: {
“type”: “keyword”,
“fields”: {
“keyword”: {
“ignore_above”: 256,
“type”: “keyword”
}
}
},
“suspicious_domain”: {
“type”: “keyword”,
“fields”: {
“keyword”: {
“ignore_above”: 256,
“type”: “keyword”
}
}
},
“file_name”: {
“type”: “keyword”,
“fields”: {
“keyword”: {
“ignore_above”: 256,
“type”: “keyword”
}
}
},
“end_time”: {
“type”: “long”
},
“dst_ip_country”: {
“type”: “keyword”,
“fields”: {
“keyword”: {
“ignore_above”: 256,
“type”: “keyword”
}
}
},
“file_size”: {
“type”: “long”
},
“src_port”: {
“type”: “long”
},
“start_time”: {
“type”: “long”
},
“dst_port”: {
“type”: “long”
},
“organizations”: {
“type”: “keyword”,
“fields”: {
“keyword”: {
“ignore_above”: 256,
“type”: “keyword”
}
}
},
“callback”: {
“type”: “keyword”,
“fields”: {
“keyword”: {
“ignore_above”: 256,
“type”: “keyword”
}
}
},
“event_level”: {
“type”: “long”
},
“dev_ip”: {
“type”: “keyword”,
“fields”: {
“keyword”: {
“ignore_above”: 256,
“type”: “keyword”
}
}
},
“src_ip_country”: {
“type”: “keyword”,
“fields”: {
“keyword”: {
“ignore_above”: 256,
“type”: “keyword”
}
}
},
“family”: {
“type”: “keyword”,
“fields”: {
“keyword”: {
“ignore_above”: 256,
“type”: “keyword”
}
}
},
“ioc”: {
“type”: “keyword”,
“fields”: {
“keyword”: {
“ignore_above”: 256,
“type”: “keyword”
}
}
},
“match_tag”: {
“type”: “keyword”,
“fields”: {
“keyword”: {
“ignore_above”: 256,
“type”: “keyword”
}
}
},
“md5”: {
“type”: “keyword”,
“fields”: {
“keyword”: {
“ignore_above”: 256,
“type”: “keyword”
}
}
}
}
}
}