diff options
Diffstat (limited to '')
| -rw-r--r-- | contrib/elastic/rspamd_template.json | 149 |
1 files changed, 149 insertions, 0 deletions
diff --git a/contrib/elastic/rspamd_template.json b/contrib/elastic/rspamd_template.json new file mode 100644 index 0000000..ebd87fa --- /dev/null +++ b/contrib/elastic/rspamd_template.json @@ -0,0 +1,149 @@ +{ + "mappings": { + "_meta": { + "version": "5.5.3" + }, + "date_detection": false, + "dynamic_templates": [ + { + "strings_as_keyword": { + "mapping": { + "ignore_above": 1024, + "type": "keyword" + }, + "match_mapping_type": "string" + } + } + ], + "properties": { + "@timestamp": { + "type": "date" + }, + "meta": { + "properties": { + "cloud": { + "properties": { + "availability_zone": { + "ignore_above": 1024, + "type": "keyword" + }, + "instance_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "machine_type": { + "ignore_above": 1024, + "type": "keyword" + }, + "project_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "provider": { + "ignore_above": 1024, + "type": "keyword" + }, + "region": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "rspamd_meta": { + "properties": { + "action": { + "ignore_above": 1024, + "type": "keyword" + }, + "direction": { + "ignore_above": 1024, + "type": "keyword" + }, + "asn": { + "properties": { + "asn": { + "type": "long" + }, + "country_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "ipnet": { + "ignore_above": 1024, + "type": "keyword" + }, + "registrant": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "from": { + "ignore_above": 1024, + "type": "keyword" + }, + "is_local": { + "type": "boolean" + }, + "webmail": { + "type": "boolean" + }, + "sender_ip": { + "ignore_above": 1024, + "type": "keyword" + }, + "geoip": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + } + } + }, + "ip": { + "ignore_above": 1024, + "type": "keyword" + }, + "qid": { + "ignore_above": 1024, + "type": "keyword" + }, + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "score": { + "type": "float" + }, + "user": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "tags": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "order": 0, + "settings": { + "index.mapping.total_fields.limit": 10000, + "index.refresh_interval": "5s" + }, + "index_patterns" : ["rspamd-*", "*-rspamd-*"] +} |