{ "template": { "settings": { "index": { "lifecycle": { "name": "iml-event-signal", "rollover_alias": "waf-detections" }, "search": { "slowlog": { "threshold": { "fetch": { "warn": "1s", "trace": "200ms", "debug": "500ms", "info": "800ms" }, "query": { "warn": "3s", "trace": "500ms", "debug": "1s", "info": "2s" } } } }, "refresh_interval": "10s", "indexing": { "slowlog": { "threshold": { "index": { "warn": "2s", "trace": "500ms", "debug": "800ms", "info": "1s" } } } }, "number_of_shards": "3", "translog": { "flush_threshold_size": "1024mb", "sync_interval": "60s", "durability": "async" }, "merge": { "scheduler": { "max_thread_count": "1" } }, "sort": { "field": [ "id.digit", "attack_time" ], "order": [ "desc", "desc" ] }, "analysis": { "analyzer": { "ngramTokenizerAnalyzer": { "filter": [ "lowercase" ], "type": "custom", "tokenizer": "ngram_tokenizer" }, "ngramTokenizerAnalyzerCustomSymbolPunctuation": { "filter": [ "lowercase" ], "type": "custom", "tokenizer": "ngram_tokenizer_custom_symbol_punctuation" } }, "tokenizer": { "ngram_tokenizer": { "token_chars": [ "letter", "digit" ], "min_gram": "1", "type": "ngram", "max_gram": "1" }, "ngram_tokenizer_custom_symbol_punctuation": { "token_chars": [ "letter", "digit", "symbol", "punctuation" ], "min_gram": "1", "type": "ngram", "max_gram": "1" } } }, "number_of_replicas": "1" } }, "mappings": { "dynamic": false, "_source": { "enabled": true, "includes": [], "excludes": [] }, "_routing": { "required": false }, "dynamic_templates": [], "properties": { "id": { "eager_global_ordinals": false, "index_phrases": false, "fielddata": false, "norms": true, "analyzer": "ngramTokenizerAnalyzer", "index": true, "store": false, "type": "text", "fields": { "digit": { "coerce": true, "index": true, "ignore_malformed": false, "store": false, "type": "long", "doc_values": true }, "keyword": { "eager_global_ordinals": false, "norms": false, "ignore_above": 32, "index": true, "store": false, "type": "keyword", "split_queries_on_whitespace": false, "index_options": "docs", "doc_values": true } }, "index_options": "positions" }, "attacked_url": { "eager_global_ordinals": false, "index_phrases": false, "fielddata": false, "norms": true, "analyzer": "ngramTokenizerAnalyzerCustomSymbolPunctuation", "index": true, "store": false, "type": "text", "fields": { "keyword": { "eager_global_ordinals": false, "norms": false, "ignore_above": 32, "index": true, "store": false, "type": "keyword", "split_queries_on_whitespace": false, "index_options": "docs", "doc_values": true } }, "index_options": "positions" }, "attack_ip": { "eager_global_ordinals": false, "index_phrases": false, "fielddata": false, "norms": true, "analyzer": "ngramTokenizerAnalyzerCustomSymbolPunctuation", "index": true, "store": false, "type": "text", "fields": { "keyword": { "eager_global_ordinals": false, "norms": false, "ignore_above": 32, "index": true, "store": false, "type": "keyword", "split_queries_on_whitespace": false, "index_options": "docs", "doc_values": true }, "ip": { "type": "ip" } }, "index_options": "positions" }, "attacked_app": { "eager_global_ordinals": false, "index_phrases": false, "fielddata": false, "norms": true, "analyzer": "ngramTokenizerAnalyzerCustomSymbolPunctuation", "index": true, "store": false, "type": "text", "fields": { "keyword": { "eager_global_ordinals": false, "norms": false, "ignore_above": 32, "index": true, "store": false, "type": "keyword", "split_queries_on_whitespace": false, "index_options": "docs", "doc_values": true } }, "index_options": "positions" }, "attack_type": { "type": "keyword" }, "cluster_key": { "type": "keyword" }, "attack_time": { "coerce": true, "index": true, "ignore_malformed": false, "store": false, "type": "long", "doc_values": true }, "action": { "type": "keyword" }, "created_at": { "type": "long" }, "service_id": { "type": "long" } } } }, "index_patterns": [ "waf-detections-*" ], "composed_of": [] }