-
Notifications
You must be signed in to change notification settings - Fork 1
/
07-elasticsearch.txt
84 lines (80 loc) · 2.09 KB
/
07-elasticsearch.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
https://www.elastic.co/
docker run -tid --name elasticsearch -h elasticsearch --network host -e "discovery.type=single-node" -e "ES_JAVA_OPTS=-Xms512m -Xmx512m" -e "cluster.name=kav" docker.elastic.co/elasticsearch/elasticsearch-oss:6.6.0
curl localhost:9200/_cat/health
curl localhost:9200/_cat/indices
curl -s -XPUT localhost:9200/_template/default -H'Content-Type: application/json' -d '
{
"order" : 0,
"version" : 0,
"index_patterns" : "*",
"settings" : {
"index" : {
"refresh_interval" : "1s",
"number_of_shards" : 3,
"number_of_replicas" : 0
}
}, "mappings" : {
"_default_" : {
"dynamic_templates" : [ {
"message_field" : {
"path_match" : "message",
"match_mapping_type" : "string",
"mapping" : {
"type" : "text",
"norms" : false
}
}
}, {
"string_fields" : {
"match" : "*",
"match_mapping_type" : "string",
"mapping" : {
"type" : "text", "norms" : false,
"fields" : {
"keyword" : { "type": "keyword", "ignore_above": 256 }
}
}
}
} ],
"properties" : {
"@timestamp": { "type": "date"},
"@version": { "type": "keyword"},
"geoip" : {
"dynamic": true,
"properties" : {
"ip": { "type": "ip" },
"location" : { "type" : "geo_point" },
"latitude" : { "type" : "half_float" },
"longitude" : { "type" : "half_float" }
}
}
}
}
}
}
'
curl -s -XPUT localhost:9200/_template/suricata -H 'Content-Type: application/json' -d '
{
"order": 10,
"version": 0,
"index_patterns": "suricata-*",
"mappings":{
"doc": {
"properties": {
"src_ip": {
"type": "ip",
"fields": {
"keyword" : { "type": "keyword", "ignore_above": 256 }
}
},
"dest_ip": {
"type": "ip",
"fields": {
"keyword" : { "type": "keyword", "ignore_above": 256 }
}
}
}
}
}
}
'