From ad7817f3eae23957590c94d01441e5fffb7aa042 Mon Sep 17 00:00:00 2001
From: neu5ron <therealneu5ron@gmail.com>
Date: Fri, 22 Feb 2019 03:01:30 -0500
Subject: [PATCH] not ip index management for pipeline we had, but hand't set
 elasticsearch template - now we do

---
 .../output_templates/90-logs-not-ip.json      | 26 +++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 docker/helk-logstash/output_templates/90-logs-not-ip.json

diff --git a/docker/helk-logstash/output_templates/90-logs-not-ip.json b/docker/helk-logstash/output_templates/90-logs-not-ip.json
new file mode 100644
index 0000000..9c218a8
--- /dev/null
+++ b/docker/helk-logstash/output_templates/90-logs-not-ip.json
@@ -0,0 +1,26 @@
+{
+  "order": 90,
+  "index_patterns": [ "logs-*" ],
+  "version": 2018080101,
+  "mappings": {
+    "doc": {
+      "properties": {
+        "not_ip_dst": {
+          "type": "keyword"
+        },
+        "not_ip_dst_nat": {
+          "type": "keyword"
+        },
+        "not_ip_log": {
+          "type": "keyword"
+        },
+        "not_ip_src": {
+          "type": "keyword"
+        },
+        "not_ip_src_nat": {
+          "type": "keyword"
+        }
+      }
+    }
+  }
+}