template elasticsearch6备注

最新推荐文章于 2024-04-03 11:05:37 发布

xlj3

最新推荐文章于 2024-04-03 11:05:37 发布

阅读量769

点赞数

分类专栏： elasticsearch

本文链接：https://blog.csdn.net/luman1991/article/details/79987838

版权

elasticsearch 专栏收录该内容

5 篇文章 0 订阅

订阅专栏

###install.sh脚本

ES_TEMPLATE_DIR=/home/xlj/elasticsearch-6.2.3/config/template_event.json

if test -f $ES_TEMPLATE_DIR ; then
echo "generate event template ..."
curl -H "Content-Type: application/json" -XPUT http://192.168.101.198:9201/_template/template_event -d "$(cat $ES_TEMPLATE_DIR)"
echo "generate event template done ..."
fi

###具体内容template_event.json

{

"order": 0,
"template": "event*",
"settings": {
"index": {
"number_of_shards": "10",
"number_of_replicas": "1"
}
},
"mappings": {
"event": {
"_all": {
"enabled": false
},
"properties": {
"@timestamp": {
"type": "date"
},
"@version": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"Reason": {
"type": "keyword"
},
"access_name": {
"type": "keyword"
},
"access_path": {
"type": "keyword"
},
"act": {
"type": "keyword"
},
"action": {
"type": "keyword"
},
"addr": {
"type": "keyword"
},
"addr_type": {
"type": "keyword"
},
"alarm_sample": {
"type": "keyword"
},
"alarm_sip": {
"type": "keyword"
},
"alarm_state": {
"type": "keyword"
},
"app_protocol": {
"type": "keyword"
},
"app_type": {
"type": "keyword"
},
"attack_confidence": {
"type": "keyword"
},
"attack_signature": {
"type": "keyword"
},
"attackment_md5": {
"type": "keyword"
},
"attackment_mime_type": {
"type": "keyword"
},
"attackment_name": {
"type": "keyword"
},
"backdoor_class": {
"type": "keyword"
},
"backdoor_hash": {
"type": "keyword"
},
"backdoor_name": {
"type": "keyword"
},
"browser": {
"type": "keyword"
},
"bytes": {
"type": "keyword"
},
"cast_type": {
"type": "keyword"
},
"cert": {
"type": "keyword"
},
"client_os": {
"type": "keyword"
},
"cmd": {
"type": "keyword"
},
"cname": {
"type": "keyword"
},
"cnnvd": {
"type": "keyword"
},
"cnvd": {
"type": "keyword"
},
"collect_type": {
"type": "keyword"
},
"collector_address": {
"type": "ip"
},
"cookie": {
"type": "keyword"
},
"count": {
"type": "keyword"
},
"cpu": {
"type": "long"
},
"cve": {
"type": "keyword"
},
"cvss": {
"type": "keyword"
},
"data": {
"type": "keyword"
},
"db_name": {
"type": "keyword"
},
"db_type": {
"type": "keyword"
},
"dev": {
"type": "keyword"
},
"dev_address": {
"type": "ip"
},
"dev_asset_id": {
"type": "keyword"
},
"dev_asset_type_id": {
"type": "keyword"
},
"dev_name": {
"type": "keyword"
},
"dev_type": {
"type": "keyword"
},
"dns_type": {
"type": "keyword"
},
"down_payload": {
"type": "keyword"
},
"downlink_length": {
"type": "keyword"
},
"dproc": {
"type": "keyword"
},
"dst_address": {
"type": "ip"
},
"dst_as": {
"type": "long"
},
"dst_asset_business_id": {
"type": "keyword"
},
"dst_asset_department_id": {
"type": "keyword"
},
"dst_asset_domain_id": {
"type": "keyword"
},
"dst_asset_id": {
"type": "keyword"
},
"dst_asset_location_id": {
"type": "keyword"
},
"dst_asset_type_id": {
"type": "keyword"
},
"dst_city": {
"type": "keyword"
},
"dst_country": {
"type": "keyword"
},
"dst_country_code": {
"type": "keyword"
},
"dst_domain": {
"type": "long"
},
"dst_filepath": {
"type": "keyword"
},
"dst_geo": {
"type": "geo_point"
},
"dst_lat": {
"type": "keyword"
},
"dst_lng": {
"type": "keyword"
},
"dst_mac": {
"type": "keyword"
},
"dst_mask": {
"type": "keyword"
},
"dst_name": {
"type": "keyword"
},
"dst_nat_address": {
"type": "ip"
},
"dst_nat_port": {
"type": "long"
},
"dst_port": {
"type": "long"
},
"dst_province": {
"type": "keyword"
},
"dst_sec_domain": {
"type": "keyword"
},
"dst_url": {
"type": "keyword"
},
"duration": {
"type": "long"
},
"duration_time": {
"type": "long"
},
"employee_account": {
"type": "keyword"
},
"employee_city": {
"type": "keyword"
},
"employee_company": {
"type": "keyword"
},
"employee_department": {
"type": "keyword"
},
"employee_name": {
"type": "keyword"
},
"employee_number": {
"type": "keyword"
},
"employee_role": {
"type": "keyword"
},
"employee_work_city": {
"type": "keyword"
},
"employee_work_num": {
"type": "keyword"
},
"end_time": {
"type": "date"
},
"event_content": {
"type": "keyword"
},
"event_digest": {
"type": "keyword"
},
"event_level": {
"type": "long"
},
"event_name": {
"type": "keyword"
},
"event_sub_type": {
"type": "text"
},
"event_type": {
"type": "keyword"
},
"event_uuid": {
"type": "keyword"
},
"file_dir": {
"type": "keyword"
},
"file_md5": {
"type": "keyword"
},
"file_type": {
"type": "keyword"
},
"filename": {
"type": "keyword"
},
"first_time": {
"type": "date"
},
"group_name": {
"type": "keyword"
},
"host_md5": {
"type": "keyword"
},
"host_name": {
"type": "keyword"
},
"id": {
"type": "keyword"
},
"identity_verification": {
"type": "keyword"
},
"in_if": {
"type": "keyword"
},
"index_type": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"input": {
"type": "keyword"
},
"ioc": {
"type": "keyword"
},
"kafka": {
"properties": {
"consumer_group": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"key": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"offset": {
"type": "long"
},
"partition": {
"type": "long"
},
"topic": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
},
"login_date": {
"type": "date"
},
"login_type": {
"type": "long"
},
"mail_subject": {
"type": "keyword"
},
"malcode_class": {
"type": "keyword"
},
"malcode_hash": {
"type": "keyword"
},
"malcode_name": {
"type": "keyword"
},
"maldns_class": {
"type": "keyword"
},
"maldomain_class": {
"type": "keyword"
},
"malip_class": {
"type": "keyword"
},
"malurl_class": {
"type": "keyword"
},
"malware_confidence": {
"type": "keyword"
},
"malware_detection_engine": {
"type": "keyword"
},
"malware_file_length": {
"type": "keyword"
},
"malware_file_md5_hash": {
"type": "keyword"
},
"malware_file_name": {
"type": "keyword"
},
"malware_virus_name": {
"type": "keyword"
},
"mem": {
"type": "long"
},
"merge_count": {
"type": "long"
},
"method": {
"type": "keyword"
},
"mid": {
"type": "keyword"
},
"mime_type": {
"type": "keyword"
},
"module_name": {
"type": "keyword"
},
"monitor_value": {
"type": "long"
},
"monitoring_value": {
"type": "long"
},
"msg": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"net_protocol": {
"type": "keyword"
},
"next_hop": {
"type": "ip"
},
"nid": {
"type": "keyword"
},
"normal_id": {
"type": "keyword"
},
"occur_time": {
"type": "date"
},
"operating_system": {
"type": "keyword"
},
"operation": {
"type": "keyword"
},
"operation_object": {
"type": "keyword"
},
"origin": {
"type": "keyword"
},
"original_level": {
"type": "keyword"
},
"original_log": {
"type": "keyword"
},
"original_type": {
"type": "keyword"
},
"out_if": {
"type": "keyword"
},
"output": {
"type": "keyword"
},
"owasp": {
"type": "keyword"
},
"pol": {
"type": "keyword"
},
"pri": {
"type": "long"
},
"process_md5": {
"type": "keyword"
},
"process_name": {
"type": "keyword"
},
"process_path": {
"type": "keyword"
},
"product": {
"type": "keyword"
},
"program_name": {
"type": "keyword"
},
"protocol": {
"type": "keyword"
},
"pt": {
"type": "keyword"
},
"pt_subtype": {
"type": "keyword"
},
"receive_byte": {
"type": "long"
},
"receive_file_size": {
"type": "long"
},
"receive_mail": {
"type": "keyword"
},
"receive_package": {
"type": "long"
},
"receive_time": {
"type": "date"
},
"recept_time": {
"type": "long"
},
"referer": {
"type": "keyword"
},
"reliability": {
"type": "long"
},
"reply_code": {
"type": "keyword"
},
"request_Method": {
"type": "keyword"
},
"request_arg": {
"type": "keyword"
},
"request_cookie": {
"type": "keyword"
},
"request_msg": {
"type": "keyword"
},
"request_time": {
"type": "date"
},
"response": {
"type": "keyword"
},
"result": {
"type": "keyword"
},
"ret": {
"type": "keyword"
},
"ret_code": {
"type": "keyword"
},
"rule_desc": {
"type": "keyword"
},
"rule_id": {
"type": "keyword"
},
"rule_name": {
"type": "keyword"
},
"rule_state": {
"type": "keyword"
},
"rule_type": {
"type": "keyword"
},
"sa_da": {
"type": "keyword"
},
"sa_sp_ap_da_dp": {
"type": "keyword"
},
"send_byte": {
"type": "long"
},
"send_file_size": {
"type": "long"
},
"send_mail": {
"type": "keyword"
},
"send_package": {
"type": "long"
},
"seq": {
"type": "keyword"
},
"serial_num": {
"type": "keyword"
},
"server_name": {
"type": "keyword"
},
"server_os": {
"type": "keyword"
},
"service_name": {
"type": "keyword"
},
"service_type": {
"type": "keyword"
},
"session": {
"type": "keyword"
},
"session_id": {
"type": "keyword"
},
"sign": {
"type": "keyword"
},
"sql_info": {
"type": "keyword"
},
"src_address": {
"type": "ip"
},
"src_as": {
"type": "long"
},
"src_asset_business_id": {
"type": "keyword"
},
"src_asset_department_id": {
"type": "keyword"
},
"src_asset_domain_id": {
"type": "keyword"
},
"src_asset_id": {
"type": "keyword"
},
"src_asset_location_id": {
"type": "keyword"
},
"src_asset_type_id": {
"type": "keyword"
},
"src_city": {
"type": "keyword"
},
"src_country": {
"type": "keyword"
},
"src_country_code": {
"type": "keyword"
},
"src_domain": {
"type": "long"
},
"src_filepath": {
"type": "keyword"
},
"src_geo": {
"type": "geo_point"
},
"src_lat": {
"type": "keyword"
},
"src_lng": {
"type": "keyword"
},
"src_mac": {
"type": "keyword"
},
"src_mask": {
"type": "keyword"
},
"src_name": {
"type": "keyword"
},
"src_nat_address": {
"type": "ip"
},
"src_nat_port": {
"type": "long"
},
"src_port": {
"type": "long"
},
"src_province": {
"type": "keyword"
},
"src_sec_domain": {
"type": "keyword"
},
"src_url": {
"type": "keyword"
},
"standby_address1": {
"type": "ip"
},
"standby_address2": {
"type": "ip"
},
"standby_address3": {
"type": "ip"
},
"standby_address4": {
"type": "ip"
},
"standby_address5": {
"type": "ip"
},
"standby_char1": {
"type": "keyword"
},
"standby_char10": {
"type": "keyword"
},
"standby_char2": {
"type": "keyword"
},
"standby_char3": {
"type": "keyword"
},
"standby_char4": {
"type": "keyword"
},
"standby_char5": {
"type": "keyword"
},
"standby_char6": {
"type": "keyword"
},
"standby_char7": {
"type": "keyword"
},
"standby_char8": {
"type": "keyword"
},
"standby_char9": {
"type": "keyword"
},
"standby_double1": {
"type": "long"
},
"standby_double2": {
"type": "long"
},
"standby_double3": {
"type": "long"
},
"standby_double4": {
"type": "long"
},
"standby_double5": {
"type": "long"
},
"standby_number1": {
"type": "long"
},
"standby_number10": {
"type": "long"
},
"standby_number2": {
"type": "long"
},
"standby_number3": {
"type": "long"
},
"standby_number4": {
"type": "long"
},
"standby_number5": {
"type": "long"
},
"standby_number6": {
"type": "long"
},
"standby_number7": {
"type": "long"
},
"standby_number8": {
"type": "long"
},
"standby_number9": {
"type": "long"
},
"standby_time1": {
"type": "date"
},
"standby_time2": {
"type": "date"
},
"standby_time3": {
"type": "date"
},
"standby_time4": {
"type": "date"
},
"standby_time5": {
"type": "date"
},
"status": {
"type": "keyword"
},
"status_code": {
"type": "long"
},
"stream_direction": {
"type": "keyword"
},
"subtype": {
"type": "keyword"
},
"system": {
"type": "keyword"
},
"systype": {
"type": "keyword"
},
"tcp_byte": {
"type": "keyword"
},
"tcp_flags": {
"type": "keyword"
},
"threat_info": {
"type": "keyword"
},
"threat_rule_id": {
"type": "keyword"
},
"ti_ip": {
"type": "keyword"
},
"ti_ua": {
"type": "keyword"
},
"time": {
"type": "keyword"
},
"tos": {
"type": "keyword"
},
"trail": {
"type": "keyword"
},
"tran_protocol": {
"type": "long"
},
"trans_protocol": {
"type": "long"
},
"trojans_class": {
"type": "keyword"
},
"trojans_hash": {
"type": "keyword"
},
"trojans_name": {
"type": "keyword"
},
"type": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"udp_byte": {
"type": "keyword"
},
"up_payload": {
"type": "keyword"
},
"update_time": {
"type": "keyword"
},
"uplink_length": {
"type": "keyword"
},
"uri_md5": {
"type": "keyword"
},
"url": {
"type": "keyword"
},
"usb_number": {
"type": "keyword"
},
"usb_type": {
"type": "keyword"
},
"user_account": {
"type": "keyword"
},
"user_agent": {
"type": "keyword"
},
"user_focus": {
"type": "keyword"
},
"user_name": {
"type": "keyword"
},
"uuid": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"vendor": {
"type": "keyword"
},
"version": {
"type": "keyword"
},
"virus_class": {
"type": "keyword"
},
"virus_hash": {
"type": "keyword"
},
"virus_name": {
"type": "keyword"
},
"virus_path": {
"type": "keyword"
},
"virus_type": {
"type": "keyword"
},
"visitor_mark": {
"type": "keyword"
},
"vul_class": {
"type": "keyword"
},
"vul_hash": {
"type": "keyword"
},
"vul_name": {
"type": "keyword"
},
"work_site": {
"type": "keyword"
},
"worm_class": {
"type": "keyword"
},
"worm_hash": {
"type": "keyword"
},
"worm_name": {
"type": "keyword"
},
"xff": {
"type": "keyword"
}
}
}
},
"aliases": {}
}

xlj3

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
template elasticsearch6备注

###install.sh脚本ES_TEMPLATE_DIR=/home/xlj/elasticsearch-6.2.3/config/template_event.jsonif test -f $ES_TEMPLATE_DIR ; then echo "generate event template ..." curl -H "Content-Type: application/json" ...
复制链接

扫一扫