Add index template for CADF audit messages
Change-Id: Ia4289468a6022e0bfeea166d807385aa170d3888
diff --git a/elasticsearch/files/es_template_audit.json b/elasticsearch/files/es_template_audit.json
new file mode 100644
index 0000000..359a25f
--- /dev/null
+++ b/elasticsearch/files/es_template_audit.json
@@ -0,0 +1,56 @@
+{
+ "mappings": {
+ "message": {
+ "properties": {
+ "Payload": {
+ "type": "string"
+ },
+ "Logger": {
+ "index": "not_analyzed",
+ "type": "string"
+ },
+ "Hostname": {
+ "index": "not_analyzed",
+ "type": "string"
+ },
+ "Pid": {
+ "index": "not_analyzed",
+ "type": "long"
+ },
+ "Severity": {
+ "index": "not_analyzed",
+ "type": "long"
+ },
+ "Type": {
+ "index": "not_analyzed",
+ "type": "string"
+ },
+ "severity_label": {
+ "index": "not_analyzed",
+ "type": "string"
+ },
+ "environment_label": {
+ "index": "not_analyzed",
+ "type": "string"
+ },
+ "action": {
+ "index": "not_analyzed",
+ "type": "string"
+ },
+ "event_type": {
+ "index": "not_analyzed",
+ "type": "string"
+ },
+ "outcome": {
+ "index": "not_analyzed",
+ "type": "string"
+ },
+ "notification_type": {
+ "index": "not_analyzed",
+ "type": "string"
+ }
+ }
+ }
+ },
+ "template": "audit-*"
+}
diff --git a/metadata/service/client.yml b/metadata/service/client.yml
index fc57c7c..3527091 100644
--- a/metadata/service/client.yml
+++ b/metadata/service/client.yml
@@ -8,6 +8,9 @@
log:
enabled: true
template: elasticsearch/files/es_template_log.json
+ audit:
+ enabled: true
+ template: elasticsearch/files/es_template_audit.json
notification:
enabled: true
template: elasticsearch/files/es_template_notification.json