{ "order": 0, "index_patterns": "netflow-*", "mappings": { "_meta": { "version": "8.0.0" }, "dynamic_templates": [ { "application_id": { "path_match": "netflow.application_id", "mapping": { "type": "integer" } } }, { "bgp_ipv4_next_hop": { "path_match": "netflow.bgp_ipv4_next_hop", "mapping": { "type": "ip" } } }, { "bgp_ipv6_next_hop": { "path_match": "netflow.bgp_ipv6_next_hop", "mapping": { "type": "ip" } } }, { "conn_id": { "path_match": "netflow.conn_id", "mapping": { "type": "integer" } } }, { "dst_as": { "path_match": "netflow.dst_as", "mapping": { "type": "integer" } } }, { "dst_tos": { "path_match": "netflow.dst_tos", "mapping": { "type": "integer" } } }, { "dst_vlan": { "path_match": "netflow.dst_vlan", "mapping": { "type": "integer" } } }, { "engine_id": { "path_match": "netflow.engine_id", "mapping": { "type": "integer" } } }, { "engine_type": { "path_match": "netflow.engine_type", "mapping": { "type": "integer" } } }, { "event_time_msec": { "path_match": "netflow.event_time_msec", "mapping": { "type": "long" } } }, { "flow_active_timeout": { "path_match": "netflow.flow_active_timeout", "mapping": { "type": "integer" } } }, { "flow_end_reason": { "path_match": "netflow.flow_end_reason", "mapping": { "type": "integer" } } }, { "flow_inactive_timeout": { "path_match": "netflow.flow_inactive_timeout", "mapping": { "type": "integer" } } }, { "flow_records": { "path_match": "netflow.flow_records", "mapping": { "type": "integer" } } }, { "flow_sampler_id": { "path_match": "netflow.flow_sampler_id", "mapping": { "type": "integer" } } }, { "flow_sampler_mode": { "path_match": "netflow.flow_sampler_mode", "mapping": { "type": "integer" } } }, { "flow_sampler_random_interval": { "path_match": "netflow.flow_sampler_random_interval", "mapping": { "type": "integer" } } }, { "flow_start_msec": { "path_match": "netflow.flow_start_msec", "mapping": { "type": "long" } } }, { "flows": { "path_match": "netflow.flows", "mapping": { "type": "integer" } } }, { "flowset_id": { "path_match": "netflow.flowset_id", "mapping": { "type": "integer" } } }, { "fw_event": { "path_match": "netflow.fw_event", "mapping": { "type": "integer" } } }, { "fw_ext_event": { "path_match": "netflow.fw_ext_event", "mapping": { "type": "integer" } } }, { "fwd_flow_delta_bytes": { "path_match": "netflow.fwd_flow_delta_bytes", "mapping": { "type": "long" } } }, { "icmp_code": { "path_match": "netflow.icmp_code", "mapping": { "type": "integer" } } }, { "icmp_code_ipv6": { "path_match": "netflow.icmp_code_ipv6", "mapping": { "type": "integer" } } }, { "icmp_type": { "path_match": "netflow.icmp_type", "mapping": { "type": "integer" } } }, { "icmp_type_ipv6": { "path_match": "netflow.icmp_type_ipv6", "mapping": { "type": "integer" } } }, { "if_desc": { "path_match": "netflow.if_desc", "mapping": { "type": "keyword", "norms": false } } }, { "if_name": { "path_match": "netflow.if_name", "mapping": { "type": "keyword", "norms": false } } }, { "in_bytes": { "path_match": "netflow.in_bytes", "mapping": { "type": "long" } } }, { "in_dst_mac": { "path_match": "netflow.in_dst_mac", "mapping": { "type": "keyword", "norms": false } } }, { "in_permanent_bytes": { "path_match": "netflow.in_permanent_bytes", "mapping": { "type": "long" } } }, { "in_permanent_pkts": { "path_match": "netflow.in_permanent_pkts", "mapping": { "type": "long" } } }, { "in_pkts": { "path_match": "netflow.in_pkts", "mapping": { "type": "long" } } }, { "in_src_mac": { "path_match": "netflow.in_src_mac", "mapping": { "type": "keyword", "norms": false } } }, { "ip_protocol_version": { "path_match": "netflow.ip_protocol_version", "mapping": { "type": "integer" } } }, { "ipv4_dst_addr": { "path_match": "netflow.ipv4_dst_addr", "mapping": { "type": "ip" } } }, { "ipv4_dst_prefix": { "path_match": "netflow.ipv4_dst_prefix", "mapping": { "type": "ip" } } }, { "ipv4_ident": { "path_match": "netflow.ipv4_ident", "mapping": { "type": "integer" } } }, { "ipv4_next_hop": { "path_match": "netflow.ipv4_next_hop", "mapping": { "type": "ip" } } }, { "ipv4_src_addr": { "path_match": "netflow.ipv4_src_addr", "mapping": { "type": "ip" } } }, { "ipv4_src_prefix": { "path_match": "netflow.ipv4_src_prefix", "mapping": { "type": "ip" } } }, { "ipv6_dst_addr": { "path_match": "netflow.ipv6_dst_addr", "mapping": { "type": "ip" } } }, { "ipv6_dst_mask": { "path_match": "netflow.ipv6_dst_mask", "mapping": { "type": "integer" } } }, { "ipv6_flow_label": { "path_match": "netflow.ipv6_flow_label", "mapping": { "type": "integer" } } }, { "ipv6_next_hop": { "path_match": "netflow.ipv6_next_hop", "mapping": { "type": "ip" } } }, { "ipv6_option_headers": { "path_match": "netflow.ipv6_option_headers", "mapping": { "type": "integer" } } }, { "ipv6_src_addr": { "path_match": "netflow.ipv6_src_addr", "mapping": { "type": "ip" } } }, { "ipv6_src_mask": { "path_match": "netflow.ipv6_src_mask", "mapping": { "type": "integer" } } }, { "l4_dst_port": { "path_match": "netflow.l4_dst_port", "mapping": { "type": "integer" } } }, { "l4_src_port": { "path_match": "netflow.l4_src_port", "mapping": { "type": "integer" } } }, { "max_pkt_length": { "path_match": "netflow.max_pkt_length", "mapping": { "type": "integer" } } }, { "max_ttl": { "path_match": "netflow.max_ttl", "mapping": { "type": "integer" } } }, { "min_pkt_length": { "path_match": "netflow.min_pkt_length", "mapping": { "type": "integer" } } }, { "min_ttl": { "path_match": "netflow.min_ttl", "mapping": { "type": "integer" } } }, { "mpls_label_stack_octets.bottom_of_stack": { "path_match": "netflow.mpls_label_stack_octets.bottom_of_stack", "mapping": { "type": "integer" } } }, { "mpls_label_stack_octets.experimental": { "path_match": "netflow.mpls_label_stack_octets.experimental", "mapping": { "type": "integer" } } }, { "mpls_label_stack_octets.label": { "path_match": "netflow.mpls_label_stack_octets.label", "mapping": { "type": "integer" } } }, { "mpls_label_stack_octets.ttl": { "path_match": "netflow.mpls_label_stack_octets.ttl", "mapping": { "type": "integer" } } }, { "mpls_top_label_ip_addr": { "path_match": "netflow.mpls_top_label_ip_addr", "mapping": { "type": "ip" } } }, { "mpls_top_label_type": { "path_match": "netflow.mpls_top_label_type", "mapping": { "type": "integer" } } }, { "mul_dst_bytes": { "path_match": "netflow.mul_dst_bytes", "mapping": { "type": "long" } } }, { "mul_dst_pkts": { "path_match": "netflow.mul_dst_pkts", "mapping": { "type": "long" } } }, { "mul_igmp_type": { "path_match": "netflow.mul_igmp_type", "mapping": { "type": "integer" } } }, { "out_bytes": { "path_match": "netflow.out_bytes", "mapping": { "type": "long" } } }, { "out_dst_mac": { "path_match": "netflow.out_dst_mac", "mapping": { "type": "keyword", "norms": false } } }, { "out_pkts": { "path_match": "netflow.out_pkts", "mapping": { "type": "long" } } }, { "out_src_mac": { "path_match": "netflow.out_src_mac", "mapping": { "type": "keyword", "norms": false } } }, { "rev_flow_delta_bytes": { "path_match": "netflow.rev_flow_delta_bytes", "mapping": { "type": "long" } } }, { "sampler_name": { "path_match": "netflow.sampler_name", "mapping": { "type": "keyword", "norms": false } } }, { "sampling_algorithm": { "path_match": "netflow.sampling_algorithm", "mapping": { "type": "integer" } } }, { "src_as": { "path_match": "netflow.src_as", "mapping": { "type": "integer" } } }, { "src_mask": { "path_match": "netflow.src_mask", "mapping": { "type": "integer" } } }, { "src_tos": { "path_match": "netflow.src_tos", "mapping": { "type": "integer" } } }, { "src_vlan": { "path_match": "netflow.src_vlan", "mapping": { "type": "integer" } } }, { "tcp_dst_port": { "path_match": "netflow.tcp_dst_port", "mapping": { "type": "integer" } } }, { "tcp_src_port": { "path_match": "netflow.tcp_src_port", "mapping": { "type": "integer" } } }, { "total_bytes_exp": { "path_match": "netflow.total_bytes_exp", "mapping": { "type": "long" } } }, { "total_flows_exp": { "path_match": "netflow.total_flows_exp", "mapping": { "type": "long" } } }, { "total_pkts_exp": { "path_match": "netflow.total_pkts_exp", "mapping": { "type": "long" } } }, { "udp_dst_port": { "path_match": "netflow.udp_dst_port", "mapping": { "type": "integer" } } }, { "udp_src_port": { "path_match": "netflow.udp_src_port", "mapping": { "type": "integer" } } }, { "username": { "path_match": "netflow.username", "mapping": { "type": "keyword", "norms": false } } }, { "xlate_dst_addr_ipv4": { "path_match": "netflow.xlate_dst_addr_ipv4", "mapping": { "type": "ip" } } }, { "xlate_dst_addr_ipv6": { "path_match": "netflow.xlate_dst_addr_ipv6", "mapping": { "type": "ip" } } }, { "xlate_dst_port": { "path_match": "netflow.xlate_dst_port", "mapping": { "type": "integer" } } }, { "xlate_src_addr_ipv4": { "path_match": "netflow.xlate_src_addr_ipv4", "mapping": { "type": "ip" } } }, { "xlate_src_addr_ipv6": { "path_match": "netflow.xlate_src_addr_ipv6", "mapping": { "type": "ip" } } }, { "xlate_src_port": { "path_match": "netflow.xlate_src_port", "mapping": { "type": "integer" } } }, { "string_fields": { "mapping": { "norms": false, "type": "keyword" }, "match_mapping_type": "string", "match": "*" } } ], "properties": { "@version": { "type": "keyword" }, "@timestamp": { "type": "date" }, "geoip": { "dynamic": true, "properties": { "asn": { "type": "keyword", "norms": false }, "as_org": { "type": "keyword", "norms": false }, "autonomous_system": { "type": "keyword", "norms": false }, "city_name": { "type": "keyword", "norms": false }, "continent_code": { "type": "keyword", "norms": false }, "country_code2": { "type": "keyword", "norms": false }, "country_code3": { "type": "keyword", "norms": false }, "country_name": { "type": "keyword", "norms": false }, "dma_code": { "type": "integer" }, "ip": { "type": "ip" }, "latitude": { "type": "float" }, "location": { "type": "geo_point" }, "longitude": { "type": "float" }, "postal_code": { "type": "keyword", "norms": false }, "region_code": { "type": "keyword", "norms": false }, "region_name": { "type": "keyword", "norms": false }, "timezone": { "type": "keyword", "norms": false } } }, "geoip_dst": { "dynamic": true, "properties": { "asn": { "type": "keyword", "norms": false }, "as_org": { "type": "keyword", "norms": false }, "autonomous_system": { "type": "keyword", "norms": false }, "city_name": { "type": "keyword", "norms": false }, "continent_code": { "type": "keyword", "norms": false }, "country_code2": { "type": "keyword", "norms": false }, "country_code3": { "type": "keyword", "norms": false }, "country_name": { "type": "keyword", "norms": false }, "dma_code": { "type": "integer" }, "ip": { "type": "ip" }, "latitude": { "type": "float" }, "location": { "type": "geo_point" }, "longitude": { "type": "float" }, "postal_code": { "type": "keyword", "norms": false }, "region_code": { "type": "keyword", "norms": false }, "region_name": { "type": "keyword", "norms": false }, "timezone": { "type": "keyword", "norms": false } } }, "geoip_src": { "dynamic": true, "properties": { "asn": { "type": "keyword", "norms": false }, "as_org": { "type": "keyword", "norms": false }, "autonomous_system": { "type": "keyword", "norms": false }, "city_name": { "type": "keyword", "norms": false }, "continent_code": { "type": "keyword", "norms": false }, "country_code2": { "type": "keyword", "norms": false }, "country_code3": { "type": "keyword", "norms": false }, "country_name": { "type": "keyword", "norms": false }, "dma_code": { "type": "integer" }, "ip": { "type": "ip" }, "latitude": { "type": "float" }, "location": { "type": "geo_point" }, "longitude": { "type": "float" }, "postal_code": { "type": "keyword", "norms": false }, "region_code": { "type": "keyword", "norms": false }, "region_name": { "type": "keyword", "norms": false }, "timezone": { "type": "keyword", "norms": false } } }, "netflow": { "dynamic": true, "type": "object", "properties": { "bytes": { "type": "long" }, "direction": { "type": "keyword", "norms": false }, "dst_addr": { "type": "ip" }, "dst_mask_len": { "type": "integer" }, "dst_port": { "type": "keyword", "norms": false }, "dst_port_name": { "type": "keyword", "norms": false }, "first_switched": { "type": "date" }, "flow_seq_num": { "type": "long" }, "input_snmp": { "type": "keyword", "norms": false }, "ip_version": { "type": "keyword", "norms": false }, "last_switched": { "type": "date" }, "next_hop": { "type": "ip" }, "output_snmp": { "type": "keyword", "norms": false }, "packets": { "type": "long" }, "protocol": { "type": "keyword", "norms": false }, "protocol_name": { "type": "keyword", "norms": false }, "sampling_interval": { "type": "integer" }, "src_addr": { "type": "ip" }, "src_mask_len": { "type": "integer" }, "src_port": { "type": "keyword", "norms": false }, "src_port_name": { "type": "keyword", "norms": false }, "tcp_flags": { "type": "integer" }, "tcp_flags_label": { "type": "keyword", "norms": false }, "tos": { "type": "keyword", "norms": false }, "version": { "type": "keyword", "norms": false }, "vlan": { "type": "keyword", "norms": false } } } } }, "aliases": { } }