infosecn1nja
/
HELK
mirror of https://github.com/infosecn1nja/HELK.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

use global ordinals on high cardinality fields

keyword-vs-text-changes
neu5ron 2019-05-20 17:25:36 -04:00
parent ce483b4b83
commit a9fc554625
1 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
docker/helk-logstash/output_templates/50-logs-winevent-all.json
View File

@ -1,7 +1,7 @@
{ {
"order": 50, "order": 50,
"index_patterns": [ "logs-endpoint-winevent-*" ], "index_patterns": [ "logs-endpoint-winevent-*" ],
"version": 2018080101, "version": 2019052001,
"settings": { "settings": {
"analysis": { "analysis": {
"analyzer": { "analyzer": {
@ -75,7 +75,8 @@
"fields": { "fields": {
"keyword": { "keyword": {
"ignore_above": 7500, "ignore_above": 7500,
"type": "keyword" "type": "keyword",
"eager_global_ordinals": true
} }
} }
}, },
@ -86,7 +87,8 @@
"fields": { "fields": {
"keyword": { "keyword": {
"ignore_above": 7500, "ignore_above": 7500,
"type": "keyword" "type": "keyword",
"eager_global_ordinals": true
} }
} }
}, },
@ -108,7 +110,8 @@
"fields": { "fields": {
"keyword": { "keyword": {
"ignore_above": 7500, "ignore_above": 7500,
"type": "keyword" "type": "keyword",
"eager_global_ordinals": true
} }
} }
}, },
@ -130,7 +133,8 @@
"fields": { "fields": {
"keyword": { "keyword": {
"ignore_above": 7500, "ignore_above": 7500,
"type": "keyword" "type": "keyword",
"eager_global_ordinals": true
} }
} }
}, },
@ -141,7 +145,8 @@
"fields": { "fields": {
"keyword": { "keyword": {
"ignore_above": 7500, "ignore_above": 7500,
"type": "keyword" "type": "keyword",
"eager_global_ordinals": true
} }
} }
}, },
@ -152,7 +157,8 @@
"fields": { "fields": {
"keyword": { "keyword": {
"ignore_above": 7500, "ignore_above": 7500,
"type": "keyword" "type": "keyword",
"eager_global_ordinals": true
} }
} }
} }