elastic-mgmt | osearch-mgmt | elastic-mgmt-users | osearch-mgmt-users | elastic-mgmt-mapping
it is important to have a few fields as type ip
and some others as geo_point
here’s our sample: https://pub.nethence.com/bin/logging/logs-template-mapping.json
dest_ip dest_port flow.age flow.bytes_toclient flow.bytes_toserver flow.dest_ip flow.dest_port flow.pkts_toclient flow.pkts_toserver flow.src_ip flow.src_port src_ip src_port
destination.geo.location destination.geo.name destination.ip geo.location source.geo.location source.geo.name source.ip
destination.bytes source.bytes
check the index template
echo $endpoint echo $user echo $passwd template=logs-template curl -sk "$endpoint/_index_template/$template?pretty" -u $user:$passwd
https://www.elastic.co/guide/en/elasticsearch/reference/7.17/indices-get-template.html
https://www.elastic.co/guide/en/elasticsearch/reference/7.17/index-templates.html
https://www.elastic.co/guide/en/elasticsearch/reference/7.17/indices-get-settings.html
https://www.elastic.co/guide/en/elasticsearch/reference/7.17/mapping-settings-limit.html