waf_detection_index_template.json

{
    "template": {
      "settings": {
        "index": {
          "lifecycle": {
            "name": "iml-event-signal",
            "rollover_alias": "waf-detections"
          },
          "search": {
            "slowlog": {
              "threshold": {
                "fetch": {
                  "warn": "1s",
                  "trace": "200ms",
                  "debug": "500ms",
                  "info": "800ms"
                },
                "query": {
                  "warn": "3s",
                  "trace": "500ms",
                  "debug": "1s",
                  "info": "2s"
                }
              }
            }
          },
          "refresh_interval": "10s",
          "indexing": {
            "slowlog": {
              "threshold": {
                "index": {
                  "warn": "2s",
                  "trace": "500ms",
                  "debug": "800ms",
                  "info": "1s"
                }
              }
            }
          },
          "number_of_shards": "3",
          "translog": {
            "flush_threshold_size": "1024mb",
            "sync_interval": "60s",
            "durability": "async"
          },
          "merge": {
            "scheduler": {
              "max_thread_count": "1"
            }
          },
          "sort": {
            "field": [
              "id.digit",
              "attack_time"
            ],
            "order": [
              "desc",
              "desc"
            ]
          },
          "analysis": {
            "analyzer": {
              "ngramTokenizerAnalyzer": {
                "filter": [
                  "lowercase"
                ],
                "type": "custom",
                "tokenizer": "ngram_tokenizer"
              },
              "ngramTokenizerAnalyzerCustomSymbolPunctuation": {
                "filter": [
                  "lowercase"
                ],
                "type": "custom",
                "tokenizer": "ngram_tokenizer_custom_symbol_punctuation"
              }
            },
            "tokenizer": {
              "ngram_tokenizer": {
                "token_chars": [
                  "letter",
                  "digit"
                ],
                "min_gram": "1",
                "type": "ngram",
                "max_gram": "1"
              },
              "ngram_tokenizer_custom_symbol_punctuation": {
                "token_chars": [
                  "letter",
                  "digit",
                  "symbol",
                  "punctuation"
                ],
                "min_gram": "1",
                "type": "ngram",
                "max_gram": "1"
              }
            }
          },
          "number_of_replicas": "1"
        }
      },
      "mappings": {
        "dynamic": false,
        "_source": {
          "enabled": true,
          "includes": [],
          "excludes": []
        },
        "_routing": {
          "required": false
        },
        "dynamic_templates": [],
        "properties": {
          "id": {
            "eager_global_ordinals": false,
            "index_phrases": false,
            "fielddata": false,
            "norms": true,
            "analyzer": "ngramTokenizerAnalyzer",
            "index": true,
            "store": false,
            "type": "text",
            "fields": {
              "digit": {
                "coerce": true,
                "index": true,
                "ignore_malformed": false,
                "store": false,
                "type": "long",
                "doc_values": true
              },
              "keyword": {
                "eager_global_ordinals": false,
                "norms": false,
                "ignore_above": 32,
                "index": true,
                "store": false,
                "type": "keyword",
                "split_queries_on_whitespace": false,
                "index_options": "docs",
                "doc_values": true
              }
            },
            "index_options": "positions"
          },
          "attacked_url": {
            "eager_global_ordinals": false,
            "index_phrases": false,
            "fielddata": false,
            "norms": true,
            "analyzer": "ngramTokenizerAnalyzerCustomSymbolPunctuation",
            "index": true,
            "store": false,
            "type": "text",
            "fields": {
              "keyword": {
                "eager_global_ordinals": false,
                "norms": false,
                "ignore_above": 32,
                "index": true,
                "store": false,
                "type": "keyword",
                "split_queries_on_whitespace": false,
                "index_options": "docs",
                "doc_values": true
              }
            },
            "index_options": "positions"
          },
          "attack_ip": {
            "eager_global_ordinals": false,
            "index_phrases": false,
            "fielddata": false,
            "norms": true,
            "analyzer": "ngramTokenizerAnalyzerCustomSymbolPunctuation",
            "index": true,
            "store": false,
            "type": "text",
            "fields": {
              "keyword": {
                "eager_global_ordinals": false,
                "norms": false,
                "ignore_above": 32,
                "index": true,
                "store": false,
                "type": "keyword",
                "split_queries_on_whitespace": false,
                "index_options": "docs",
                "doc_values": true
              },
              "ip": {
                "type": "ip"
              }
            },
            "index_options": "positions"
          },
          "attacked_app": {
            "eager_global_ordinals": false,
            "index_phrases": false,
            "fielddata": false,
            "norms": true,
            "analyzer": "ngramTokenizerAnalyzerCustomSymbolPunctuation",
            "index": true,
            "store": false,
            "type": "text",
            "fields": {
              "keyword": {
                "eager_global_ordinals": false,
                "norms": false,
                "ignore_above": 32,
                "index": true,
                "store": false,
                "type": "keyword",
                "split_queries_on_whitespace": false,
                "index_options": "docs",
                "doc_values": true
              }
            },
            "index_options": "positions"
          },
          "attack_type": {
            "type": "keyword"
          },
          "cluster_key": {
            "type": "keyword"
          },
          "attack_time": {
            "coerce": true,
            "index": true,
            "ignore_malformed": false,
            "store": false,
            "type": "long",
            "doc_values": true
          },
          "action": {
            "type": "keyword"
          },
          "created_at": {
            "type": "long"
          },
          "service_id": {
            "type": "long"
          }
        }
      }
    },
    "index_patterns": [
      "waf-detections-*"
    ],
    "composed_of": []
  }