{ "app-000001": { "mappings": { "_doc": { "_meta": { "version": "2020.01.23.0" }, "dynamic_templates": [ { "aushape_generic_nested_fields": { "path_match": "aushape.data.*.*.*", "mapping": { "index": true, "type": "text" } } }, { "aushape_generic_fields": { "path_match": "aushape.data.*.*", "mapping": { "index": true, "type": "text" } } }, { "aushape_generic_records": { "path_match": "aushape.data.*", "mapping": { "type": "object" } } }, { "message_field": { "match": "message", "match_mapping_type": "string", "mapping": { "index": true, "norms": false, "type": "text" } } }, { "string_fields": { "match": "*", "match_mapping_type": "string", "mapping": { "fields": { "raw": { "ignore_above": 256, "index": false, "type": "keyword" } }, "index": true, "norms": true, "type": "text" } } } ], "date_detection": false, "properties": { "@timestamp": { "type": "date", "fields": { "raw": { "type": "keyword", "ignore_above": 256 } }, "format": "yyyy-MM-dd HH:mm:ss,SSSZ||yyyy-MM-dd'T'HH:mm:ss.SSSSSSZ||yyyy-MM-dd'T'HH:mm:ssZ||dateOptionalTime" }, "aushape": { "properties": { "data": { "properties": { "avc": { "type": "nested" }, "execve": { "type": "text" }, "netfilter_cfg": { "type": "nested" }, "obj_pid": { "type": "nested" }, "path": { "type": "nested" } } }, "error": { "type": "text" }, "node": { "type": "keyword" }, "serial": { "type": "long" }, "text": { "type": "text" }, "trimmed": { "type": "keyword" } } }, "docker": { "properties": { "command": { "type": "keyword" }, "container_id": { "type": "keyword" }, "container_id_short": { "type": "keyword" }, "container_image": { "type": "keyword" }, "container_name": { "type": "text", "fields": { "raw": { "type": "keyword", "ignore_above": 256 } } }, "operation": { "type": "keyword" }, "pid": { "type": "keyword" }, "reason": { "type": "keyword" }, "result": { "type": "keyword" }, "sauid": { "type": "keyword" }, "user": { "type": "keyword" } } }, "file": { "type": "text", "fields": { "raw": { "type": "keyword", "ignore_above": 256 } } }, "geoip": { "dynamic": "true", "properties": { "location": { "type": "geo_point" } } }, "hostname": { "type": "keyword" }, "ipaddr4": { "type": "ip", "fields": { "raw": { "type": "keyword", "ignore_above": 256 } } }, "ipaddr6": { "type": "ip" }, "kubernetes": { "properties": { "container_image": { "type": "text", "fields": { "raw": { "type": "keyword", "index": false, "ignore_above": 256 } } }, "container_image_id": { "type": "text", "fields": { "raw": { "type": "keyword", "index": false, "ignore_above": 256 } } }, "container_name": { "type": "text", "fields": { "raw": { "type": "keyword", "ignore_above": 256 } } }, "event": { "properties": { "count": { "type": "integer" }, "firstTimestamp": { "type": "date", "format": "yyyy-MM-dd HH:mm:ss,SSSZ||yyyy-MM-dd'T'HH:mm:ss.SSSSSSZ||yyyy-MM-dd'T'HH:mm:ssZ||dateOptionalTime" }, "involvedObject": { "properties": { "apiVersion": { "type": "keyword" }, "kind": { "type": "keyword" }, "name": { "type": "keyword" }, "namespace": { "type": "keyword" }, "resourceVersion": { "type": "keyword" }, "uid": { "type": "keyword" } } }, "metadata": { "properties": { "name": { "type": "keyword" }, "namespace": { "type": "keyword" }, "resourceVersion": { "type": "integer" }, "selfLink": { "type": "keyword" }, "uid": { "type": "keyword" } } }, "reason": { "type": "keyword" }, "source_component": { "type": "keyword" }, "type": { "type": "keyword" }, "verb": { "type": "keyword" } } }, "flat_labels": { "type": "text", "fields": { "raw": { "type": "keyword", "index": false, "ignore_above": 256 } } }, "host": { "type": "keyword", "norms": true }, "labels": { "properties": { "component": { "type": "keyword" }, "deployment": { "type": "keyword" }, "deploymentconfig": { "type": "keyword", "fields": { "raw": { "type": "keyword", "ignore_above": 64 } } }, "provider": { "type": "keyword" } } }, "master_url": { "type": "keyword" }, "namespace_id": { "type": "keyword", "norms": true }, "namespace_labels": { "properties": { "openshift_io/cluster-monitoring": { "type": "text", "fields": { "raw": { "type": "keyword", "index": false, "ignore_above": 256 } } } } }, "namespace_name": { "type": "keyword", "norms": true }, "pod_id": { "type": "keyword", "norms": true }, "pod_name": { "type": "keyword", "norms": true } } }, "level": { "type": "keyword" }, "message": { "type": "text", "norms": false }, "namespace_name": { "type": "keyword", "doc_values": false }, "namespace_uuid": { "type": "keyword" }, "offset": { "type": "long" }, "ovirt": { "properties": { "class": { "type": "keyword" }, "cluster_name": { "type": "keyword" }, "correlationid": { "type": "keyword" }, "engine_fqdn": { "type": "keyword" }, "entity": { "type": "keyword" }, "host_id": { "type": "keyword" }, "module_lineno": { "type": "keyword" }, "thread": { "type": "keyword" } } }, "pid": { "type": "keyword" }, "pipeline_metadata": { "properties": { "@version": { "type": "keyword" }, "collector": { "properties": { "hostname": { "type": "keyword" }, "inputname": { "type": "keyword" }, "ipaddr4": { "type": "ip", "fields": { "raw": { "type": "keyword", "ignore_above": 256 } } }, "ipaddr6": { "type": "ip" }, "name": { "type": "keyword" }, "original_raw_message": { "type": "text", "fields": { "raw": { "type": "keyword", "ignore_above": 256 } } }, "received_at": { "type": "date", "format": "yyyy-MM-dd'T'HH:mm:ss.SSSSSSZ||yyyy-MM-dd'T'HH:mm:ssZ||dateOptionalTime" }, "version": { "type": "keyword" } } }, "normalizer": { "properties": { "hostname": { "type": "keyword" }, "inputname": { "type": "keyword" }, "ipaddr4": { "type": "ip", "fields": { "raw": { "type": "keyword", "ignore_above": 256 } } }, "ipaddr6": { "type": "ip" }, "name": { "type": "keyword" }, "original_raw_message": { "type": "text", "fields": { "raw": { "type": "keyword", "ignore_above": 256 } } }, "received_at": { "type": "date", "format": "yyyy-MM-dd'T'HH:mm:ss.SSSSSSZ||yyyy-MM-dd'T'HH:mm:ssZ||dateOptionalTime" }, "version": { "type": "keyword" } } }, "trace": { "type": "text", "analyzer": "whitespace" } } }, "rsyslog": { "properties": { "appname": { "type": "keyword" }, "facility": { "type": "keyword" }, "msgid": { "type": "long" }, "protocol-version": { "type": "keyword" }, "structured-data": { "type": "keyword" } } }, "service": { "type": "keyword" }, "systemd": { "properties": { "k": { "properties": { "KERNEL_DEVICE": { "type": "keyword" }, "KERNEL_SUBSYSTEM": { "type": "keyword" }, "UDEV_DEVLINK": { "type": "keyword" }, "UDEV_DEVNODE": { "type": "keyword" }, "UDEV_SYSNAME": { "type": "keyword" } } }, "t": { "properties": { "AUDIT_LOGINUID": { "type": "keyword" }, "AUDIT_SESSION": { "type": "keyword" }, "BOOT_ID": { "type": "keyword" }, "CAP_EFFECTIVE": { "type": "keyword" }, "CMDLINE": { "type": "keyword" }, "COMM": { "type": "keyword" }, "EXE": { "type": "keyword" }, "GID": { "type": "keyword" }, "HOSTNAME": { "type": "keyword" }, "LINE_BREAK": { "type": "keyword" }, "MACHINE_ID": { "type": "keyword" }, "PID": { "type": "keyword" }, "SELINUX_CONTEXT": { "type": "keyword" }, "SOURCE_REALTIME_TIMESTAMP": { "type": "keyword" }, "STREAM_ID": { "type": "keyword" }, "SYSTEMD_CGROUP": { "type": "keyword" }, "SYSTEMD_INVOCATION_ID": { "type": "keyword" }, "SYSTEMD_OWNER_UID": { "type": "keyword" }, "SYSTEMD_SESSION": { "type": "keyword" }, "SYSTEMD_SLICE": { "type": "keyword" }, "SYSTEMD_UNIT": { "type": "keyword" }, "SYSTEMD_USER_UNIT": { "type": "keyword" }, "TRANSPORT": { "type": "keyword" }, "UID": { "type": "keyword" } } }, "u": { "properties": { "CODE_FILE": { "type": "keyword" }, "CODE_FUNCTION": { "type": "keyword" }, "CODE_LINE": { "type": "keyword" }, "ERRNO": { "type": "keyword" }, "MESSAGE_ID": { "type": "keyword" }, "RESULT": { "type": "keyword" }, "SYSLOG_FACILITY": { "type": "keyword" }, "SYSLOG_IDENTIFIER": { "type": "keyword" }, "SYSLOG_PID": { "type": "keyword" }, "UNIT": { "type": "keyword" } } } } }, "tags": { "type": "text", "analyzer": "whitespace" }, "tlog": { "properties": { "id": { "type": "long" }, "in_bin": { "type": "short" }, "in_txt": { "type": "text" }, "out_bin": { "type": "short" }, "out_txt": { "type": "text" }, "pos": { "type": "long" }, "session": { "type": "long" }, "term": { "type": "keyword" }, "timing": { "type": "keyword" }, "user": { "type": "keyword" }, "ver": { "type": "long" } } }, "viaq_index_name": { "type": "keyword" }, "viaq_msg_id": { "type": "keyword" } } } } } }