--- /dev/null
+{%- from "elasticsearch/map.jinja" import server with context %}
+{
+ "settings" : {
+ "number_of_shards" : {{ server.get('index', {}).get('shards', 5) }},
+ "number_of_replicas" : {{ server.get('index', {}).get('replicas', 1) }}
+ },
+ "mappings": {
+ "message": {
+ "properties": {
+ "Payload": {
+ "type": "text"
+ },
+ "Logger": {
+ "index": false,
+ "type": "text",
+ "fields": {
+ "keyword": {
+ "type": "keyword",
+ "ignore_above": 256
+ }
+ }
+ },
+ "Hostname": {
+ "index": false,
+ "type": "text",
+ "fields": {
+ "keyword": {
+ "type": "keyword",
+ "ignore_above": 256
+ }
+ }
+ },
+ "Pid": {
+ "index": false,
+ "type": "long"
+ },
+ "Severity": {
+ "index": false,
+ "type": "long"
+ },
+ "Type": {
+ "index": false,
+ "type": "text",
+ "fields": {
+ "keyword": {
+ "type": "keyword",
+ "ignore_above": 256
+ }
+ }
+ },
+ "severity_label": {
+ "index": false,
+ "type": "text",
+ "fields": {
+ "keyword": {
+ "type": "keyword",
+ "ignore_above": 256
+ }
+ }
+ },
+ "environment_label": {
+ "index": false,
+ "type": "text",
+ "fields": {
+ "keyword": {
+ "type": "keyword",
+ "ignore_above": 256
+ }
+ }
+ },
+ "region": {
+ "index": false,
+ "type": "text",
+ "fields": {
+ "keyword": {
+ "type": "keyword",
+ "ignore_above": 256
+ }
+ }
+ },
+ "action": {
+ "index": false,
+ "type": "text",
+ "fields": {
+ "keyword": {
+ "type": "keyword",
+ "ignore_above": 256
+ }
+ }
+ },
+ "event_type": {
+ "index": false,
+ "type": "text",
+ "fields": {
+ "keyword": {
+ "type": "keyword",
+ "ignore_above": 256
+ }
+ }
+ },
+ "outcome": {
+ "index": false,
+ "type": "text",
+ "fields": {
+ "keyword": {
+ "type": "keyword",
+ "ignore_above": 256
+ }
+ }
+ },
+ "notification_type": {
+ "index": false,
+ "type": "text",
+ "fields": {
+ "keyword": {
+ "type": "keyword",
+ "ignore_above": 256
+ }
+ }
+ }
+ }
+ }
+ },
+ "template": "audit-*"
+}