diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md index b6d2272293..1b475bad56 100644 --- a/CHANGELOG.next.md +++ b/CHANGELOG.next.md @@ -20,6 +20,7 @@ Thanks, you're awesome :-) --> * Added `event.category` "session". #1049 * Added usage documentation for `user` fields. #1066 * Added `user` fields at `user.effective.*`, `user.target.*` and `user.changes.*`. #1066 +* Migrated subset of `keyword` fields to `wildcard`. #1098, #1185 * Added `os.type`. #1111 #### Improvements diff --git a/generated/elasticsearch/component/agent.json b/generated/elasticsearch/component/agent.json index 5c52341b38..9b21a79f47 100644 --- a/generated/elasticsearch/component/agent.json +++ b/generated/elasticsearch/component/agent.json @@ -11,8 +11,7 @@ "build": { "properties": { "original": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" } } }, diff --git a/generated/elasticsearch/component/client.json b/generated/elasticsearch/component/client.json index 4986a862f0..36b619f240 100644 --- a/generated/elasticsearch/component/client.json +++ b/generated/elasticsearch/component/client.json @@ -26,8 +26,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" } } } @@ -37,8 +36,7 @@ "type": "long" }, "domain": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "geo": { "properties": { @@ -62,8 +60,7 @@ "type": "geo_point" }, "name": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "region_iso_code": { "ignore_above": 1024, @@ -99,8 +96,7 @@ "type": "long" }, "registered_domain": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "subdomain": { "ignore_above": 1024, @@ -117,8 +113,7 @@ "type": "keyword" }, "email": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "full_name": { "fields": { @@ -127,8 +122,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "group": { "properties": { @@ -161,8 +155,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "roles": { "ignore_above": 1024, diff --git a/generated/elasticsearch/component/destination.json b/generated/elasticsearch/component/destination.json index 48beef4e76..0755d65042 100644 --- a/generated/elasticsearch/component/destination.json +++ b/generated/elasticsearch/component/destination.json @@ -26,8 +26,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" } } } @@ -37,8 +36,7 @@ "type": "long" }, "domain": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "geo": { "properties": { @@ -62,8 +60,7 @@ "type": "geo_point" }, "name": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "region_iso_code": { "ignore_above": 1024, @@ -99,8 +96,7 @@ "type": "long" }, "registered_domain": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "subdomain": { "ignore_above": 1024, @@ -117,8 +113,7 @@ "type": "keyword" }, "email": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "full_name": { "fields": { @@ -127,8 +122,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "group": { "properties": { @@ -161,8 +155,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "roles": { "ignore_above": 1024, diff --git a/generated/elasticsearch/component/dll.json b/generated/elasticsearch/component/dll.json index b13e8cbcb2..204cf3ef43 100644 --- a/generated/elasticsearch/component/dll.json +++ b/generated/elasticsearch/component/dll.json @@ -80,8 +80,7 @@ "type": "keyword" }, "original_file_name": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "product": { "ignore_above": 1024, diff --git a/generated/elasticsearch/component/dns.json b/generated/elasticsearch/component/dns.json index 0544bfe1e0..5c508f403d 100644 --- a/generated/elasticsearch/component/dns.json +++ b/generated/elasticsearch/component/dns.json @@ -15,8 +15,7 @@ "type": "keyword" }, "data": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "name": { "ignore_above": 1024, @@ -51,8 +50,7 @@ "type": "keyword" }, "name": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "registered_domain": { "ignore_above": 1024, diff --git a/generated/elasticsearch/component/error.json b/generated/elasticsearch/component/error.json index edf50187ef..052f2b8934 100644 --- a/generated/elasticsearch/component/error.json +++ b/generated/elasticsearch/component/error.json @@ -21,20 +21,16 @@ "type": "text" }, "stack_trace": { - "doc_values": false, "fields": { "text": { "norms": false, "type": "text" } }, - "ignore_above": 1024, - "index": false, - "type": "keyword" + "type": "wildcard" }, "type": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" } } } diff --git a/generated/elasticsearch/component/file.json b/generated/elasticsearch/component/file.json index 9959b20f6f..9b12c8f0b4 100644 --- a/generated/elasticsearch/component/file.json +++ b/generated/elasticsearch/component/file.json @@ -47,8 +47,7 @@ "type": "keyword" }, "directory": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "drive_letter": { "ignore_above": 1, @@ -116,8 +115,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "pe": { "properties": { @@ -142,8 +140,7 @@ "type": "keyword" }, "original_file_name": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "product": { "ignore_above": 1024, @@ -161,8 +158,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "type": { "ignore_above": 1024, @@ -189,8 +185,7 @@ "type": "keyword" }, "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "locality": { "ignore_above": 1024, @@ -251,8 +246,7 @@ "type": "keyword" }, "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "locality": { "ignore_above": 1024, diff --git a/generated/elasticsearch/component/host.json b/generated/elasticsearch/component/host.json index c9be5fc226..7406941ede 100644 --- a/generated/elasticsearch/component/host.json +++ b/generated/elasticsearch/component/host.json @@ -38,8 +38,7 @@ "type": "geo_point" }, "name": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "region_iso_code": { "ignore_above": 1024, @@ -52,8 +51,7 @@ } }, "hostname": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "id": { "ignore_above": 1024, @@ -83,8 +81,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "kernel": { "ignore_above": 1024, @@ -97,8 +94,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "platform": { "ignore_above": 1024, @@ -128,8 +124,7 @@ "type": "keyword" }, "email": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "full_name": { "fields": { @@ -138,8 +133,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "group": { "properties": { @@ -172,8 +166,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "roles": { "ignore_above": 1024, diff --git a/generated/elasticsearch/component/http.json b/generated/elasticsearch/component/http.json index 0e9794b9ec..21dbb95038 100644 --- a/generated/elasticsearch/component/http.json +++ b/generated/elasticsearch/component/http.json @@ -22,8 +22,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" } } }, @@ -39,8 +38,7 @@ "type": "keyword" }, "referrer": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" } } }, @@ -58,8 +56,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" } } }, diff --git a/generated/elasticsearch/component/log.json b/generated/elasticsearch/component/log.json index adfb238775..22b6611dcd 100644 --- a/generated/elasticsearch/component/log.json +++ b/generated/elasticsearch/component/log.json @@ -11,8 +11,7 @@ "file": { "properties": { "path": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" } } }, @@ -21,8 +20,7 @@ "type": "keyword" }, "logger": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "origin": { "properties": { diff --git a/generated/elasticsearch/component/observer.json b/generated/elasticsearch/component/observer.json index 23f5042f7b..d361b49d08 100644 --- a/generated/elasticsearch/component/observer.json +++ b/generated/elasticsearch/component/observer.json @@ -67,8 +67,7 @@ "type": "geo_point" }, "name": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "region_iso_code": { "ignore_above": 1024, @@ -145,8 +144,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "kernel": { "ignore_above": 1024, @@ -159,8 +157,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "platform": { "ignore_above": 1024, diff --git a/generated/elasticsearch/component/organization.json b/generated/elasticsearch/component/organization.json index 51e911c117..00c054d1d8 100644 --- a/generated/elasticsearch/component/organization.json +++ b/generated/elasticsearch/component/organization.json @@ -19,8 +19,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" } } } diff --git a/generated/elasticsearch/component/process.json b/generated/elasticsearch/component/process.json index 389fa91f6b..a31479014e 100644 --- a/generated/elasticsearch/component/process.json +++ b/generated/elasticsearch/component/process.json @@ -43,8 +43,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "entity_id": { "ignore_above": 1024, @@ -57,8 +56,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "exit_code": { "type": "long" @@ -90,8 +88,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "parent": { "properties": { @@ -130,8 +127,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "entity_id": { "ignore_above": 1024, @@ -144,8 +140,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "exit_code": { "type": "long" @@ -177,8 +172,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "pe": { "properties": { @@ -203,8 +197,7 @@ "type": "keyword" }, "original_file_name": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "product": { "ignore_above": 1024, @@ -230,8 +223,7 @@ "type": "long" }, "name": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" } } }, @@ -242,8 +234,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "uptime": { "type": "long" @@ -255,8 +246,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" } } }, @@ -283,8 +273,7 @@ "type": "keyword" }, "original_file_name": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "product": { "ignore_above": 1024, @@ -310,8 +299,7 @@ "type": "long" }, "name": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" } } }, @@ -322,8 +310,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "uptime": { "type": "long" @@ -335,8 +322,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" } } } diff --git a/generated/elasticsearch/component/registry.json b/generated/elasticsearch/component/registry.json index 599d017e8d..2b58d9d76b 100644 --- a/generated/elasticsearch/component/registry.json +++ b/generated/elasticsearch/component/registry.json @@ -15,8 +15,7 @@ "type": "keyword" }, "strings": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "type": { "ignore_above": 1024, @@ -29,12 +28,10 @@ "type": "keyword" }, "key": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "path": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "value": { "ignore_above": 1024, diff --git a/generated/elasticsearch/component/server.json b/generated/elasticsearch/component/server.json index 54a110e69c..9c8cc640af 100644 --- a/generated/elasticsearch/component/server.json +++ b/generated/elasticsearch/component/server.json @@ -26,8 +26,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" } } } @@ -37,8 +36,7 @@ "type": "long" }, "domain": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "geo": { "properties": { @@ -62,8 +60,7 @@ "type": "geo_point" }, "name": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "region_iso_code": { "ignore_above": 1024, @@ -99,8 +96,7 @@ "type": "long" }, "registered_domain": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "subdomain": { "ignore_above": 1024, @@ -117,8 +113,7 @@ "type": "keyword" }, "email": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "full_name": { "fields": { @@ -127,8 +122,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "group": { "properties": { @@ -161,8 +155,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "roles": { "ignore_above": 1024, diff --git a/generated/elasticsearch/component/source.json b/generated/elasticsearch/component/source.json index 79969ec8fd..91499e053a 100644 --- a/generated/elasticsearch/component/source.json +++ b/generated/elasticsearch/component/source.json @@ -26,8 +26,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" } } } @@ -37,8 +36,7 @@ "type": "long" }, "domain": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "geo": { "properties": { @@ -62,8 +60,7 @@ "type": "geo_point" }, "name": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "region_iso_code": { "ignore_above": 1024, @@ -99,8 +96,7 @@ "type": "long" }, "registered_domain": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "subdomain": { "ignore_above": 1024, @@ -117,8 +113,7 @@ "type": "keyword" }, "email": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "full_name": { "fields": { @@ -127,8 +122,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "group": { "properties": { @@ -161,8 +155,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "roles": { "ignore_above": 1024, diff --git a/generated/elasticsearch/component/tls.json b/generated/elasticsearch/component/tls.json index 0ae903236a..544d07a612 100644 --- a/generated/elasticsearch/component/tls.json +++ b/generated/elasticsearch/component/tls.json @@ -39,8 +39,7 @@ } }, "issuer": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "ja3": { "ignore_above": 1024, @@ -57,8 +56,7 @@ "type": "keyword" }, "subject": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "supported_ciphers": { "ignore_above": 1024, @@ -81,8 +79,7 @@ "type": "keyword" }, "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "locality": { "ignore_above": 1024, @@ -143,8 +140,7 @@ "type": "keyword" }, "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "locality": { "ignore_above": 1024, @@ -213,8 +209,7 @@ } }, "issuer": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "ja3s": { "ignore_above": 1024, @@ -227,8 +222,7 @@ "type": "date" }, "subject": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "x509": { "properties": { @@ -247,8 +241,7 @@ "type": "keyword" }, "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "locality": { "ignore_above": 1024, @@ -309,8 +302,7 @@ "type": "keyword" }, "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "locality": { "ignore_above": 1024, diff --git a/generated/elasticsearch/component/url.json b/generated/elasticsearch/component/url.json index 4aa0820efc..796135b89c 100644 --- a/generated/elasticsearch/component/url.json +++ b/generated/elasticsearch/component/url.json @@ -9,8 +9,7 @@ "url": { "properties": { "domain": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "extension": { "ignore_above": 1024, @@ -27,8 +26,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "original": { "fields": { @@ -37,16 +35,14 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "password": { "ignore_above": 1024, "type": "keyword" }, "path": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "port": { "type": "long" @@ -56,8 +52,7 @@ "type": "keyword" }, "registered_domain": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "scheme": { "ignore_above": 1024, diff --git a/generated/elasticsearch/component/user.json b/generated/elasticsearch/component/user.json index f078962974..09fb4037f7 100644 --- a/generated/elasticsearch/component/user.json +++ b/generated/elasticsearch/component/user.json @@ -15,8 +15,7 @@ "type": "keyword" }, "email": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "full_name": { "fields": { @@ -25,8 +24,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "group": { "properties": { @@ -59,8 +57,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "roles": { "ignore_above": 1024, @@ -79,8 +76,7 @@ "type": "keyword" }, "email": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "full_name": { "fields": { @@ -89,8 +85,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "group": { "properties": { @@ -123,8 +118,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "roles": { "ignore_above": 1024, @@ -133,8 +127,7 @@ } }, "email": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "full_name": { "fields": { @@ -143,8 +136,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "group": { "properties": { @@ -177,8 +169,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "roles": { "ignore_above": 1024, @@ -191,8 +182,7 @@ "type": "keyword" }, "email": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "full_name": { "fields": { @@ -201,8 +191,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "group": { "properties": { @@ -235,8 +224,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "roles": { "ignore_above": 1024, diff --git a/generated/elasticsearch/component/user_agent.json b/generated/elasticsearch/component/user_agent.json index 84e2b6ef9b..a5543854e0 100644 --- a/generated/elasticsearch/component/user_agent.json +++ b/generated/elasticsearch/component/user_agent.json @@ -27,8 +27,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "os": { "properties": { @@ -43,8 +42,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "kernel": { "ignore_above": 1024, @@ -57,8 +55,7 @@ "type": "text" } }, - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" }, "platform": { "ignore_above": 1024,