templates/sns-auth.template.json

{
  "index_patterns": "stormshield-sns-auth-*",
  "settings": {
    "index.number_of_shards": 1,
    "index.number_of_replicas": 0,
    "index.refresh_interval": "30s"
  },
  "mappings": {
    "_doc": {
      "properties": {
        "agentid":            {"type": "keyword"},
        "confid":             {"type": "keyword"},
        "datechange":         {"type": "long"},
        "domain":             {"type": "keyword"},
        "duration":           {"type": "double"},
        "error":              {"type": "long"},
        "fw":                 {"type": "keyword"},
        "internal_product":   {"type": "keyword"},
        "logtype":            {"type": "keyword"},
        "method":             {"type": "keyword"},
        "msg":                {"type": "keyword"},
        "ruleid":             {"type": "long"},
        "rulename":           {"type": "keyword"},
        "src":                {"type": "keyword"},
        "src_geoip":          {"type": "object", "properties": {
          "area_code":        {"type": "long"},
          "city_name":        {"type": "keyword"},
          "continent_code":   {"type": "keyword"},
          "country_code2":    {"type": "keyword"},
          "country_code3":    {"type": "keyword"},
          "country_name":     {"type": "keyword"},
          "dma_code":         {"type": "long"},
          "ip":               {"type": "keyword"},
          "latitude":         {"type": "long"},
          "location":         {"type": "geo_point"},
          "longitude":        {"type": "long"},
          "postal_code":      {"type": "keyword"},
          "real_region_name": {"type": "keyword"},
          "region_code":      {"type": "keyword"},
          "region_name":      {"type": "keyword"},
          "timezone":         {"type": "keyword"}
        }},
        "srcname":            {"type": "keyword"},
        "startime":           {"type": "keyword"},
        "type":               {"type": "keyword"},
        "tz":                 {"type": "keyword"},
        "user":               {"type": "keyword"}
      }
    }
  }
}