{ "mappings": { "_default_": { "_all": { "norms": false }, "_meta": { "version": "5.5.2" }, "date_detection": false, "dynamic_templates": [ { "strings_as_keyword": { "mapping": { "ignore_above": 1024, "type": "keyword" }, "match_mapping_type": "string" } } ], "properties": { "@timestamp": { "type": "date" }, "activity_id": { "ignore_above": 1024, "type": "keyword" }, "beat": { "properties": { "hostname": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "version": { "ignore_above": 1024, "type": "keyword" } } }, "computer_name": { "ignore_above": 1024, "type": "keyword" }, "event_id": { "type": "long" }, "keywords": { "ignore_above": 1024, "type": "keyword" }, "level": { "ignore_above": 1024, "type": "keyword" }, "log_name": { "ignore_above": 1024, "type": "keyword" }, "message": { "norms": false, "type": "text" }, "message_error": { "ignore_above": 1024, "type": "keyword" }, "meta": { "properties": { "cloud": { "properties": { "availability_zone": { "ignore_above": 1024, "type": "keyword" }, "instance_id": { "ignore_above": 1024, "type": "keyword" }, "machine_type": { "ignore_above": 1024, "type": "keyword" }, "project_id": { "ignore_above": 1024, "type": "keyword" }, "provider": { "ignore_above": 1024, "type": "keyword" }, "region": { "ignore_above": 1024, "type": "keyword" } } } } }, "opcode": { "ignore_above": 1024, "type": "keyword" }, "process_id": { "type": "long" }, "provider_guid": { "ignore_above": 1024, "type": "keyword" }, "record_number": { "ignore_above": 1024, "type": "keyword" }, "related_activity_id": { "ignore_above": 1024, "type": "keyword" }, "source_name": { "ignore_above": 1024, "type": "keyword" }, "tags": { "ignore_above": 1024, "type": "keyword" }, "task": { "ignore_above": 1024, "type": "keyword" }, "thread_id": { "type": "long" }, "type": { "ignore_above": 1024, "type": "keyword" }, "user": { "properties": { "domain": { "ignore_above": 1024, "type": "keyword" }, "identifier": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "type": { "ignore_above": 1024, "type": "keyword" } } }, "version": { "type": "long" }, "xml": { "norms": false, "type": "text" } } } }, "order": 0, "settings": { "index.mapping.total_fields.limit": 10000, "index.refresh_interval": "5s" }, "template": "winlogbeat-*" }