From a08a36bd516651a366c72d425ee8df0cb1f31fe3 Mon Sep 17 00:00:00 2001 From: gtech99 Date: Fri, 23 Aug 2024 20:17:05 -0400 Subject: [PATCH] Create index-template-map_es8.json (#54) Template for Elastic Search 8 --- index-template-map_es8.json | 434 ++++++++++++++++++++++++++++++++++++ 1 file changed, 434 insertions(+) create mode 100644 index-template-map_es8.json diff --git a/index-template-map_es8.json b/index-template-map_es8.json new file mode 100644 index 0000000..4207c8d --- /dev/null +++ b/index-template-map_es8.json @@ -0,0 +1,434 @@ +{ + "priority": 500, + "index_patterns": [ + "smtp-*" + ], + "template": { + "settings": {}, + "mappings": { + "dynamic_templates": [ + { + "fail_results": { + "mapping": { + "index": "true", + "type": "keyword" + }, + "match": "fail" + } + }, + { + "pass_results": { + "mapping": { + "index": "true", + "type": "keyword" + }, + "match": "pass" + } + }, + { + "skip_results": { + "mapping": { + "index": "true", + "type": "keyword" + }, + "match": "skip" + } + }, + { + "msg_results": { + "mapping": { + "index": "true", + "type": "keyword" + }, + "match": "msg" + } + }, + { + "err_results": { + "mapping": { + "index": "true", + "type": "keyword" + }, + "match": "err" + } + }, + { + "ip_addrs": { + "mapping": { + "index": "true", + "type": "keyword", + "fields": { + "partial": { + "type": "keyword", + "index": "true" + } + } + }, + "match": "ip" + } + }, + { + "hostnames": { + "mapping": { + "index": "true", + "type": "keyword" + }, + "match": "host" + } + } + ], + "properties": { + "queue/archive": { + "type": "nested", + "properties": { + "recipients": { + "index": "true", + "type": "keyword", + "fields": { + "partial": { + "type": "keyword" + } + } + } + } + }, + "helo": { + "properties": { + "ips": { + "index": "true", + "type": "keyword", + "fields": { + "partial": { + "type": "text", + "index": true + } + } + } + } + }, + "karma": { + "properties": { + "score": { + "type": "double" + }, + "bad": { + "type": "double" + }, + "total_connects": { + "type": "double" + }, + "neighbors": { + "type": "double" + }, + "history": { + "type": "double" + }, + "good": { + "type": "double" + }, + "connect": { + "type": "double" + }, + "connections": { + "type": "double" + } + } + }, + "fcrdns": { + "properties": { + "ptr_names": { + "index": "true", + "type": "keyword" + }, + "fcrdns": { + "index": "true", + "type": "keyword" + }, + "other_ips": { + "index": "true", + "type": "keyword" + } + } + }, + "geoip": { + "properties": { + "ll": { + "type": "geo_point" + }, + "distance": { + "type": "float" + }, + "org": { + "index": "true", + "type": "keyword" + } + } + }, + "spamassassin": { + "properties": { + "headers": { + "properties": { + "Status": { + "index": "true", + "type": "keyword" + }, + "report": { + "index": "true", + "type": "keyword" + } + } + }, + "score": { + "type": "double" + }, + "reqd": { + "type": "double" + }, + "tests": { + "index": "true", + "type": "keyword" + }, + "line0": { + "index": "true", + "type": "keyword" + } + } + }, + "p0f": { + "properties": { + "os_flavor": { + "index": "true", + "type": "keyword" + } + } + }, + "rspamd": { + "properties": { + "emails": { + "index": "true", + "type": "keyword" + }, + "urls": { + "index": "true", + "type": "keyword" + }, + "messages": { + "index": "true", + "type": "keyword" + }, + "action": { + "index": "true", + "type": "keyword" + } + } + }, + "spf": { + "properties": { + "domain": { + "index": "true", + "type": "keyword" + } + } + }, + "asn": { + "properties": { + "org": { + "index": "true", + "type": "keyword" + }, + "asn_bad": { + "type": "double" + }, + "asn_connections": { + "type": "double" + }, + "asn_score": { + "type": "double" + }, + "asn_good": { + "type": "double" + } + } + }, + "count": { + "properties": { + "msg": { + "properties": { + "reject": { + "type": "long" + }, + "tempfail": { + "type": "long" + }, + "accept": { + "type": "long" + } + } + }, + "rcpt": { + "properties": { + "reject": { + "type": "long" + }, + "tempfail": { + "type": "long" + }, + "accept": { + "type": "long" + } + } + }, + "errors": { + "type": "long" + }, + "trans": { + "type": "long" + } + } + }, + "early": { + "type": "boolean" + }, + "message": { + "properties": { + "envelope": { + "properties": { + "sender": { + "index": "true", + "type": "keyword", + "fields": { + "partial": { + "type": "text", + "index": true + } + } + }, + "recipient": { + "type": "nested", + "properties": { + "address": { + "index": "true", + "type": "keyword", + "fields": { + "partial": { + "type": "text", + "index": true + } + } + }, + "action": { + "index": "true", + "type": "keyword", + "fields": { + "partial": { + "type": "text", + "index": true + } + } + } + } + } + } + }, + "bytes": { + "type": "double" + }, + "header": { + "properties": { + "Date": { + "index": "true", + "type": "keyword" + }, + "Resent-from": { + "index": "true", + "type": "keyword" + }, + "Sender": { + "index": "true", + "type": "keyword", + "fields": { + "partial": { + "type": "keyword" + } + } + }, + "Subject": { + "index": "true", + "type": "text", + "fields": { + "partial": { + "type": "text", + "index": true + } + } + }, + "Message-id": { + "index": "true", + "type": "keyword" + }, + "From": { + "index": "true", + "type": "keyword", + "fields": { + "partial": { + "type": "text", + "index": true + } + } + }, + "To": { + "index": "true", + "type": "keyword", + "fields": { + "partial": { + "type": "text", + "index": true + } + } + }, + "Reply-to": { + "index": "true", + "type": "keyword" + }, + "Resent-header": { + "index": "true", + "type": "keyword" + } + } + }, + "body": { + "properties": { + "attachment": { + "properties": { + "file": { + "type": "text", + "index": true + }, + "ctype": { + "type": "text", + "index": true + }, + "bytes": { + "type": "float" + }, + "md5": { + "index": "true", + "type": "keyword" + } + } + } + } + }, + "queue": { + "properties": {} + } + } + }, + "bytes": { + "type": "float" + } + } + }, + "aliases": {} + } +}