dashboards/malcolm_template.json

{
  "index_patterns" : ["arkime_sessions3-*"],
  "order" : 0,
  "settings" : {
    "index" : {
      "mapping.total_fields.limit" : "2000"
    }
  },
  "mappings": {
    "session": {
      "properties": {
        "malcolmDocId": { "type": "keyword" },
        "client.domain": { "type": "keyword" },
        "destination.domain": { "type": "keyword" },
        "destination.geo.city_name": { "type": "keyword", "ignore_above": 128, "fields": { "text": { "type": "text" } } },
        "destination.geo.continent_code": { "type": "keyword" },
        "destination.geo.country_code2": { "type": "keyword" },
        "destination.geo.country_code3": { "type": "keyword" },
        "destination.geo.country_name": { "type": "keyword", "ignore_above": 128, "fields": { "text": { "type": "text" } } },
        "destination.geo.dma_code": { "type": "short" },
        "destination.geo.ip": { "type": "ip" },
        "destination.geo.latitude": { "type": "float" },
        "destination.geo.location": { "type": "geo_point" },
        "destination.geo.longitude": { "type": "float" },
        "destination.geo.postal_code": { "type": "keyword" },
        "destination.geo.region_code": { "type": "keyword" },
        "destination.geo.region_name": { "type": "keyword" },
        "destination.geo.timezone": { "type": "keyword" },
        "destination.hostname": { "type": "keyword" },
        "destination.ip": { "type": "ip" },
        "destination.ip_reverse_dns": { "type": "keyword" },
        "destination.mac": { "type": "keyword" },
        "destination.oui": { "type": "keyword" },
        "destination.port": { "type": "long" },
        "destination.segment": { "type": "keyword" },
        "dns.answers": { "type": "nested" },
        "dns.header_flags": { "type": "keyword" },
        "dns.id": { "type": "keyword" },
        "dns.op_code": { "type": "keyword" },
        "dns.question.class": { "type": "keyword" },
        "dns.question.name": { "type": "keyword" },
        "dns.question.type": { "type": "keyword" },
        "dns.resolved_ip": { "type": "ip" },
        "dns.response_code": { "type": "keyword" },
        "dns.type": { "type": "keyword" },
        "ecs.version": { "type": "keyword" },
        "event.action": { "type": "keyword" },
        "event.category": { "type": "keyword" },
        "event.dataset": { "type": "keyword" },
        "event.duration": { "type": "long" },
        "event.end": { "type": "date" },
        "event.freq_score_v1": { "type": "float" },
        "event.freq_score_v2": { "type": "float" },
        "event.id": { "type": "keyword" },
        "event.ingested": { "type": "date" },
        "event.kind": { "type": "keyword" },
        "event.outcome": { "type": "keyword" },
        "event.provider": { "type": "keyword" },
        "event.result": { "type": "keyword" },
        "event.severity_tags": { "type": "keyword" },
        "event.start": { "type": "date" },
        "file.accessed": { "type": "date" },
        "file.created": { "type": "date" },
        "file.ctime": { "type": "date" },
        "file.directory": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },
        "file.extension": { "type": "keyword" },
        "file.hash.md5": { "type": "keyword" },
        "file.hash.sha1": { "type": "keyword" },
        "file.hash.sha256": { "type": "keyword" },
        "file.mime_type": { "type": "keyword" },
        "file.mtime": { "type": "date" },
        "file.name": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },
        "file.path": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },
        "file.size": { "type": "long" },
        "file.type": { "type": "keyword" },
        "http.request.body.bytes": { "type": "long" },
        "http.request.method": { "type": "keyword" },
        "http.request.mime_type": { "type": "keyword" },
        "http.request.referrer": { "type": "keyword" },
        "http.response.body.bytes": { "type": "long" },
        "http.response.mime_type": { "type": "keyword" },
        "http.response.status_code": { "type": "long" },
        "http.version": { "type": "keyword" },
        "network.application": { "type": "keyword" },
        "network.bytes": { "type": "long" },
        "network.community_id": { "type": "keyword" },
        "network.direction": { "type": "keyword" },
        "network.iana_number": { "type": "keyword" },
        "network.inner.vlan.id": { "type": "keyword" },
        "network.name": { "type": "keyword" },
        "network.packets": { "type": "long" },
        "network.protocol": { "type": "keyword" },
        "network.protocol_version": { "type": "keyword" },
        "network.transport": { "type": "keyword" },
        "network.type": { "type": "keyword" },
        "network.vlan.id": { "type": "keyword" },
        "related.hash": { "type": "keyword" },
        "related.hosts": { "type": "keyword" },
        "related.ip": { "type": "ip" },
        "related.mac": { "type": "keyword" },
        "related.oui": { "type": "keyword" },
        "related.password": { "type": "keyword", "ignore_above": 256, "fields": { "text": { "type": "text" } } },
        "related.user": { "type": "keyword", "ignore_above": 256, "fields": { "text": { "type": "text" } } },
        "rule.author": { "type": "keyword", "ignore_above": 256, "fields": { "text": { "type": "text", "norms": false } } },
        "rule.category": { "type": "keyword" },
        "rule.description": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text", "norms": false } } },
        "rule.license": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text", "norms": false } } },
        "rule.name": { "type": "keyword" },
        "rule.reference": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text", "norms": false } } },
        "rule.ruleset": { "type": "keyword" },
        "server.domain": { "type": "keyword" },
        "source.geo.city_name": { "type": "keyword", "ignore_above": 128, "fields": { "text": { "type": "text" } } },
        "source.geo.continent_code": { "type": "keyword" },
        "source.geo.country_code2": { "type": "keyword" },
        "source.geo.country_code3": { "type": "keyword" },
        "source.geo.country_name": { "type": "keyword", "ignore_above": 128, "fields": { "text": { "type": "text" } } },
        "source.geo.dma_code": { "type": "short" },
        "source.geo.ip": { "type": "ip" },
        "source.geo.latitude": { "type": "float" },
        "source.geo.location": { "type": "geo_point" },
        "source.geo.longitude": { "type": "float" },
        "source.geo.postal_code": { "type": "keyword" },
        "source.geo.region_code": { "type": "keyword" },
        "source.geo.region_name": { "type": "keyword" },
        "source.geo.timezone": { "type": "keyword" },
        "source.hostname": { "type": "keyword" },
        "source.ip": { "type": "ip" },
        "source.ip_reverse_dns": { "type": "keyword" },
        "source.mac": { "type": "keyword" },
        "source.nat.ip": { "type": "ip" },
        "source.nat.port": { "type": "long" },
        "source.oui": { "type": "keyword" },
        "source.port": { "type": "long" },
        "source.segment": { "type": "keyword" },
        "threat.framework": { "type": "keyword" },
        "threat.tactic.id": { "type": "keyword" },
        "threat.tactic.name": { "type": "keyword" },
        "threat.tactic.reference": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text", "norms": false } } },
        "threat.technique.id": { "type": "keyword" },
        "threat.technique.name": { "type": "keyword" },
        "threat.technique.reference": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text", "norms": false } } },
        "tls.cipher": { "type": "keyword" },
        "tls.client.issuer": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },
        "tls.client.ja3": { "type": "keyword" },
        "tls.client.ja3_description": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },
        "tls.client.server_name": { "type": "keyword" },
        "tls.client.subject": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },
        "tls.curve": { "type": "keyword" },
        "tls.established": { "type": "keyword" },
        "tls.next_protocol": { "type": "keyword" },
        "tls.resumed": { "type": "keyword" },
        "tls.server.issuer": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },
        "tls.server.ja3s": { "type": "keyword" },
        "tls.server.ja3s_description": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },
        "tls.server.subject": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },
        "tls.version": { "type": "keyword" },
        "tls.version_protocol": { "type": "keyword" },
        "url.domain": { "type": "keyword" },
        "url.extension": { "type": "keyword" },
        "url.fragment": { "type": "keyword" },
        "url.full": { "type": "keyword" },
        "url.original": { "type": "keyword" },
        "url.password": { "type": "keyword" },
        "url.path": { "type": "keyword" },
        "url.port": { "type": "long" },
        "url.query": { "type": "keyword" },
        "url.scheme": { "type": "keyword" },
        "url.user": { "type": "keyword" },
        "user_agent.original": { "type": "keyword", "ignore_above": 256, "fields": { "text": { "type": "text" } } },
        "vulnerability.category": { "type": "keyword" },
        "vulnerability.description": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text", "norms": false } } },
        "vulnerability.reference": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text", "norms": false } } },
        "vulnerability.scanner.vendor": { "type": "keyword", "ignore_above": 256, "fields": { "text": { "type": "text", "norms": false } } },
        "zeek.bacnet.bvlc_function": { "type": "keyword" },
        "zeek.bacnet.invoke_id": { "type": "integer" },
        "zeek.bacnet.pdu_service": { "type": "keyword" },
        "zeek.bacnet.pdu_type": { "type": "keyword" },
        "zeek.bacnet.result_code": { "type": "keyword" },
        "zeek.bacnet_discovery.instance_number": { "type": "integer" },
        "zeek.bacnet_discovery.object_name": { "type": "keyword" },
        "zeek.bacnet_discovery.object_type": { "type": "keyword" },
        "zeek.bacnet_discovery.pdu_service": { "type": "keyword" },
        "zeek.bacnet_discovery.range": { "type": "keyword" },
        "zeek.bacnet_discovery.range_high": { "type": "integer" },
        "zeek.bacnet_discovery.range_low": { "type": "integer" },
        "zeek.bacnet_discovery.vendor": { "type": "keyword" },
        "zeek.bacnet_property.array_index": { "type": "integer" },
        "zeek.bacnet_property.instance_number": { "type": "integer" },
        "zeek.bacnet_property.object_type": { "type": "keyword" },
        "zeek.bacnet_property.pdu_service": { "type": "keyword" },
        "zeek.bacnet_property.property": { "type": "keyword" },
        "zeek.bacnet_property.value": { "type": "keyword" },
        "zeek.bestguess.category": { "type": "keyword" },
        "zeek.bestguess.name": { "type": "keyword" },
        "zeek.bsap_ip_header.num_msg": { "type": "integer" },
        "zeek.bsap_ip_header.type_name": { "type": "keyword" },
        "zeek.bsap_ip_rdb.app_func_code": { "type": "keyword" },
        "zeek.bsap_ip_rdb.data": { "type": "keyword", "ignore_above": 128, "fields": { "text": { "type": "text", "norms": false } } },
        "zeek.bsap_ip_rdb.data_len": { "type": "integer" },
        "zeek.bsap_ip_rdb.func_code": { "type": "keyword" },
        "zeek.bsap_ip_rdb.header_size": { "type": "integer" },
        "zeek.bsap_ip_rdb.mes_seq": { "type": "integer" },
        "zeek.bsap_ip_rdb.node_status": { "type": "integer" },
        "zeek.bsap_ip_rdb.res_seq": { "type": "integer" },
        "zeek.bsap_ip_rdb.sequence": { "type": "integer" },
        "zeek.bsap_ip_unknown.data": { "type": "keyword", "ignore_above": 128, "fields": { "text": { "type": "text", "norms": false } } },
        "zeek.bsap_serial_header.ctl": { "type": "integer" },
        "zeek.bsap_serial_header.dadd": { "type": "integer" },
        "zeek.bsap_serial_header.dfun": { "type": "keyword" },
        "zeek.bsap_serial_header.nsb": { "type": "integer" },
        "zeek.bsap_serial_header.sadd": { "type": "integer" },
        "zeek.bsap_serial_header.seq": { "type": "integer" },
        "zeek.bsap_serial_header.ser": { "type": "keyword" },
        "zeek.bsap_serial_header.sfun": { "type": "keyword" },
        "zeek.bsap_serial_header.type_name": { "type": "keyword" },
        "zeek.bsap_serial_rdb.data": { "type": "keyword", "ignore_above": 128, "fields": { "text": { "type": "text", "norms": false } } },
        "zeek.bsap_serial_rdb.func_code": { "type": "keyword" },
        "zeek.bsap_serial_rdb_ext.data": { "type": "keyword", "ignore_above": 128, "fields": { "text": { "type": "text", "norms": false } } },
        "zeek.bsap_serial_rdb_ext.dfun": { "type": "keyword" },
        "zeek.bsap_serial_rdb_ext.extfun": { "type": "keyword" },
        "zeek.bsap_serial_rdb_ext.nsb": { "type": "integer" },
        "zeek.bsap_serial_rdb_ext.seq": { "type": "integer" },
        "zeek.bsap_serial_rdb_ext.sfun": { "type": "keyword" },
        "zeek.bsap_serial_unknown.data": { "type": "keyword", "ignore_above": 128, "fields": { "text": { "type": "text", "norms": false } } },
        "zeek.cip.attribute_id": { "type": "keyword" },
        "zeek.cip.cip_sequence_count": { "type": "integer" },
        "zeek.cip.cip_service": { "type": "keyword" },
        "zeek.cip.cip_service_code": { "type": "keyword" },
        "zeek.cip.cip_status": { "type": "keyword" },
        "zeek.cip.class_id": { "type": "keyword" },
        "zeek.cip.class_name": { "type": "keyword" },
        "zeek.cip.direction": { "type": "keyword" },
        "zeek.cip.instance_id": { "type": "keyword" },
        "zeek.cip_identity.device_state": { "type": "keyword" },
        "zeek.cip_identity.device_status": { "type": "keyword" },
        "zeek.cip_identity.device_type_id": { "type": "integer" },
        "zeek.cip_identity.device_type_name": { "type": "keyword" },
        "zeek.cip_identity.encapsulation_version": { "type": "integer" },
        "zeek.cip_identity.product_code": { "type": "integer" },
        "zeek.cip_identity.product_name": { "type": "keyword" },
        "zeek.cip_identity.revision": { "type": "keyword" },
        "zeek.cip_identity.serial_number": { "type": "keyword" },
        "zeek.cip_identity.socket_address": { "type": "ip" },
        "zeek.cip_identity.socket_address_asn": { "type": "keyword" },
        "zeek.cip_identity.socket_address_geo.city_name": { "type": "keyword", "ignore_above": 128, "fields": { "text": { "type": "text" } } },
        "zeek.cip_identity.socket_address_geo.continent_code": { "type": "keyword" },
        "zeek.cip_identity.socket_address_geo.country_code2": { "type": "keyword" },
        "zeek.cip_identity.socket_address_geo.country_code3": { "type": "keyword" },
        "zeek.cip_identity.socket_address_geo.country_name": { "type": "keyword", "ignore_above": 128, "fields": { "text": { "type": "text" } } },
        "zeek.cip_identity.socket_address_geo.dma_code": { "type": "short" },
        "zeek.cip_identity.socket_address_geo.ip": { "type": "ip" },
        "zeek.cip_identity.socket_address_geo.latitude": { "type": "float" },
        "zeek.cip_identity.socket_address_geo.location": { "type": "geo_point" },
        "zeek.cip_identity.socket_address_geo.longitude": { "type": "float" },
        "zeek.cip_identity.socket_address_geo.postal_code": { "type": "keyword" },
        "zeek.cip_identity.socket_address_geo.region_code": { "type": "keyword" },
        "zeek.cip_identity.socket_address_geo.region_name": { "type": "keyword" },
        "zeek.cip_identity.socket_address_geo.timezone": { "type": "keyword" },
        "zeek.cip_identity.socket_port": { "type": "integer" },
        "zeek.cip_identity.vendor_id": { "type": "integer" },
        "zeek.cip_identity.vendor_name": { "type": "keyword" },
        "zeek.cip_io.connection_id": { "type": "keyword" },
        "zeek.cip_io.data_length": { "type": "integer" },
        "zeek.cip_io.io_data": { "type": "keyword", "ignore_above": 128, "fields": { "text": { "type": "text", "norms": false } } },
        "zeek.cip_io.sequence_number": { "type": "integer" },
        "zeek.conn.conn_state": { "type": "keyword" },
        "zeek.conn.conn_state_description": { "type": "keyword" },
        "zeek.conn.duration": { "type": "float" },
        "zeek.conn.history": { "type": "keyword" },
        "zeek.conn.inner_vlan": { "type": "integer" },
        "zeek.conn.local_orig": { "type": "keyword" },
        "zeek.conn.local_resp": { "type": "keyword" },
        "zeek.conn.missed_bytes": { "type": "long" },
        "zeek.conn.orig_bytes": { "type": "long" },
        "zeek.conn.orig_ip_bytes": { "type": "long" },
        "zeek.conn.orig_pkts": { "type": "integer" },
        "zeek.conn.resp_bytes": { "type": "long" },
        "zeek.conn.resp_ip_bytes": { "type": "long" },
        "zeek.conn.resp_pkts": { "type": "integer" },
        "zeek.conn.tunnel_parents": { "type": "keyword" },
        "zeek.conn.vlan": { "type": "integer" },
        "zeek.dce_rpc.endpoint": { "type": "keyword" },
        "zeek.dce_rpc.named_pipe": { "type": "keyword" },
        "zeek.dce_rpc.operation": { "type": "keyword" },
        "zeek.dce_rpc.rtt": { "type": "float" },
        "zeek.dhcp.assigned_ip": { "type": "ip" },
        "zeek.dhcp.client_fqdn": { "type": "keyword" },
        "zeek.dhcp.client_message": { "type": "keyword" },
        "zeek.dhcp.client_software": { "type": "keyword" },
        "zeek.dhcp.domain": { "type": "keyword" },
        "zeek.dhcp.duration": { "type": "float" },
        "zeek.dhcp.host_name": { "type": "keyword" },
        "zeek.dhcp.lease_time": { "type": "float" },
        "zeek.dhcp.mac": { "type": "keyword" },
        "zeek.dhcp.msg_types": { "type": "keyword" },
        "zeek.dhcp.requested_ip": { "type": "ip" },
        "zeek.dhcp.server_message": { "type": "keyword" },
        "zeek.dhcp.server_software": { "type": "keyword" },
        "zeek.dhcp.trans_id": { "type": "keyword" },
        "zeek.dnp3.fc_reply": { "type": "keyword" },
        "zeek.dnp3.fc_request": { "type": "keyword" },
        "zeek.dnp3.iin": { "type": "keyword" },
        "zeek.dnp3.iin_flags": { "type": "keyword" },
        "zeek.dnp3_control.block_type": { "type": "keyword" },
        "zeek.dnp3_control.execute_count": { "type": "integer" },
        "zeek.dnp3_control.function_code": { "type": "keyword" },
        "zeek.dnp3_control.index_number": { "type": "integer" },
        "zeek.dnp3_control.off_time": { "type": "integer" },
        "zeek.dnp3_control.on_time": { "type": "integer" },
        "zeek.dnp3_control.operation_type": { "type": "keyword" },
        "zeek.dnp3_control.status_code": { "type": "keyword" },
        "zeek.dnp3_control.trip_control_code": { "type": "keyword" },
        "zeek.dnp3_objects.function_code": { "type": "keyword" },
        "zeek.dnp3_objects.object_count": { "type": "integer" },
        "zeek.dnp3_objects.object_type": { "type": "keyword" },
        "zeek.dnp3_objects.range_high": { "type": "integer" },
        "zeek.dnp3_objects.range_low": { "type": "integer" },
        "zeek.dns.AA": { "type": "keyword" },
        "zeek.dns.answers": { "type": "keyword" },
        "zeek.dns.qclass": { "type": "keyword" },
        "zeek.dns.qclass_name": { "type": "keyword" },
        "zeek.dns.qtype": { "type": "keyword" },
        "zeek.dns.qtype_name": { "type": "keyword" },
        "zeek.dns.query": { "type": "keyword" },
        "zeek.dns.RA": { "type": "keyword" },
        "zeek.dns.rcode": { "type": "short" },
        "zeek.dns.rcode_name": { "type": "keyword" },
        "zeek.dns.RD": { "type": "keyword" },
        "zeek.dns.rejected": { "type": "keyword" },
        "zeek.dns.rtt": { "type": "float" },
        "zeek.dns.TC": { "type": "keyword" },
        "zeek.dns.trans_id": { "type": "keyword" },
        "zeek.dns.TTLs": { "type": "float" },
        "zeek.dns.Z": { "type": "keyword" },
        "zeek.dpd.failure_reason": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },
        "zeek.dpd.service": { "type": "keyword" },
        "zeek.ecat_aoe_info.command": { "type": "keyword" },
        "zeek.ecat_aoe_info.data": { "type": "keyword", "ignore_above": 128, "fields": { "text": { "type": "text", "norms": false } } },
        "zeek.ecat_aoe_info.orig_port": { "type": "keyword" },
        "zeek.ecat_aoe_info.resp_port": { "type": "keyword" },
        "zeek.ecat_aoe_info.state": { "type": "keyword" },
        "zeek.ecat_arp_info.arp_type": { "type": "keyword" },
        "zeek.ecat_arp_info.orig_hw_addr": { "type": "keyword" },
        "zeek.ecat_arp_info.orig_proto_addr": { "type": "keyword" },
        "zeek.ecat_arp_info.resp_hw_addr": { "type": "keyword" },
        "zeek.ecat_arp_info.resp_proto_addr": { "type": "keyword" },
        "zeek.ecat_coe_info.dataoffset": { "type": "keyword" },
        "zeek.ecat_coe_info.index": { "type": "keyword" },
        "zeek.ecat_coe_info.number": { "type": "keyword" },
        "zeek.ecat_coe_info.req_resp": { "type": "keyword" },
        "zeek.ecat_coe_info.subindex": { "type": "keyword" },
        "zeek.ecat_coe_info.type": { "type": "keyword" },
        "zeek.ecat_dev_info.build": { "type": "keyword" },
        "zeek.ecat_dev_info.dev_type": { "type": "keyword" },
        "zeek.ecat_dev_info.dpram": { "type": "keyword" },
        "zeek.ecat_dev_info.features": { "type": "keyword" },
        "zeek.ecat_dev_info.fmmucnt": { "type": "keyword" },
        "zeek.ecat_dev_info.ports": { "type": "keyword" },
        "zeek.ecat_dev_info.revision": { "type": "keyword" },
        "zeek.ecat_dev_info.server_id": { "type": "keyword" },
        "zeek.ecat_dev_info.smcount": { "type": "keyword" },
        "zeek.ecat_foe_info.data": { "type": "keyword", "ignore_above": 128, "fields": { "text": { "type": "text", "norms": false } } },
        "zeek.ecat_foe_info.error_code": { "type": "keyword" },
        "zeek.ecat_foe_info.filename": { "type": "keyword" },
        "zeek.ecat_foe_info.opcode": { "type": "keyword" },
        "zeek.ecat_foe_info.packet_num": { "type": "keyword" },
        "zeek.ecat_foe_info.reserved": { "type": "keyword" },
        "zeek.ecat_log_address.command": { "type": "keyword" },
        "zeek.ecat_log_address.data": { "type": "keyword", "ignore_above": 128, "fields": { "text": { "type": "text", "norms": false } } },
        "zeek.ecat_log_address.length": { "type": "integer" },
        "zeek.ecat_log_address.log_addr": { "type": "keyword" },
        "zeek.ecat_registers.command": { "type": "keyword" },
        "zeek.ecat_registers.data": { "type": "keyword", "ignore_above": 128, "fields": { "text": { "type": "text", "norms": false } } },
        "zeek.ecat_registers.register_addr": { "type": "keyword" },
        "zeek.ecat_registers.register_type": { "type": "keyword" },
        "zeek.ecat_registers.server_addr": { "type": "keyword" },
        "zeek.ecat_soe_info.drive_num": { "type": "keyword" },
        "zeek.ecat_soe_info.element": { "type": "keyword" },
        "zeek.ecat_soe_info.error": { "type": "keyword" },
        "zeek.ecat_soe_info.incomplete": { "type": "keyword" },
        "zeek.ecat_soe_info.index": { "type": "keyword" },
        "zeek.ecat_soe_info.opcode": { "type": "keyword" },
        "zeek.enip.enip_command": { "type": "keyword" },
        "zeek.enip.enip_command_code": { "type": "keyword" },
        "zeek.enip.enip_status": { "type": "keyword" },
        "zeek.enip.length": { "type": "integer" },
        "zeek.enip.options": { "type": "keyword" },
        "zeek.enip.sender_context": { "type": "keyword" },
        "zeek.enip.session_handle": { "type": "keyword" },
        "zeek.files.analyzers": { "type": "keyword" },
        "zeek.files.conn_uids": { "type": "keyword" },
        "zeek.files.depth": { "type": "integer" },
        "zeek.files.duration": { "type": "float" },
        "zeek.files.extracted": { "type": "keyword" },
        "zeek.files.extracted_cutoff": { "type": "keyword" },
        "zeek.files.extracted_size": { "type": "integer" },
        "zeek.files.filename": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },
        "zeek.files.ftime": { "type": "date" },
        "zeek.files.is_orig": { "type": "keyword" },
        "zeek.files.local_orig": { "type": "keyword" },
        "zeek.files.md5": { "type": "keyword" },
        "zeek.files.mime_type": { "type": "keyword" },
        "zeek.files.missing_bytes": { "type": "long" },
        "zeek.files.overflow_bytes": { "type": "long" },
        "zeek.files.parent_fuid": { "type": "keyword" },
        "zeek.files.rx_hosts": { "type": "ip" },
        "zeek.files.seen_bytes": { "type": "long" },
        "zeek.files.sha1": { "type": "keyword" },
        "zeek.files.sha256": { "type": "keyword" },
        "zeek.files.source": { "type": "keyword" },
        "zeek.files.timedout": { "type": "keyword" },
        "zeek.files.total_bytes": { "type": "long" },
        "zeek.files.tx_hosts": { "type": "ip" },
        "zeek.ftp.arg": { "type": "keyword" },
        "zeek.ftp.command": { "type": "keyword" },
        "zeek.ftp.data_channel_orig_h": { "type": "ip" },
        "zeek.ftp.data_channel_passive": { "type": "keyword" },
        "zeek.ftp.data_channel_resp_h": { "type": "ip" },
        "zeek.ftp.data_channel_resp_p": { "type": "integer" },
        "zeek.ftp.file_size": { "type": "long" },
        "zeek.ftp.mime_type": { "type": "keyword" },
        "zeek.ftp.reply_code": { "type": "short" },
        "zeek.ftp.reply_msg": { "type": "keyword" },
        "zeek.fuid": { "type": "keyword" },
        "zeek.gquic.cyu": { "type": "keyword" },
        "zeek.gquic.cyutags": { "type": "keyword" },
        "zeek.gquic.server_name": { "type": "keyword" },
        "zeek.gquic.tag_count": { "type": "integer" },
        "zeek.gquic.user_agent": { "type": "keyword", "ignore_above": 256, "fields": { "text": { "type": "text" } } },
        "zeek.gquic.version": { "type": "keyword" },
        "zeek.http.host": { "type": "keyword" },
        "zeek.http.info_code": { "type": "short" },
        "zeek.http.info_msg": { "type": "keyword" },
        "zeek.http.method": { "type": "keyword" },
        "zeek.http.orig_filenames": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },
        "zeek.http.orig_fuids": { "type": "keyword" },
        "zeek.http.orig_mime_types": { "type": "keyword" },
        "zeek.http.origin": { "type": "keyword" },
        "zeek.http.post_password_plain": { "type": "keyword", "ignore_above": 256, "fields": { "text": { "type": "text" } } },
        "zeek.http.post_username": { "type": "keyword", "ignore_above": 256, "fields": { "text": { "type": "text" } } },
        "zeek.http.proxied": { "type": "keyword" },
        "zeek.http.referrer": { "type": "keyword", "ignore_above": 16384, "fields": { "text": { "type": "text" } } },
        "zeek.http.request_body_len": { "type": "long" },
        "zeek.http.resp_filenames": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },
        "zeek.http.resp_fuids": { "type": "keyword" },
        "zeek.http.resp_mime_types": { "type": "keyword" },
        "zeek.http.response_body_len": { "type": "long" },
        "zeek.http.status_code": { "type": "short" },
        "zeek.http.status_msg": { "type": "keyword", "ignore_above": 1024 },
        "zeek.http.tags": { "type": "keyword" },
        "zeek.http.trans_depth": { "type": "integer" },
        "zeek.http.uri": { "type": "keyword", "ignore_above": 16384, "fields": { "text": { "type": "text" } } },
        "zeek.http.user_agent": { "type": "keyword", "ignore_above": 256, "fields": { "text": { "type": "text" } } },
        "zeek.http.version": { "type": "keyword" },
        "zeek.intel.cif_confidence": { "type": "float" },
        "zeek.intel.cif_description": { "type": "keyword" },
        "zeek.intel.cif_firstseen": { "type": "keyword" },
        "zeek.intel.cif_lastseen": { "type": "keyword" },
        "zeek.intel.cif_source": { "type": "keyword" },
        "zeek.intel.cif_tags": { "type": "keyword" },
        "zeek.intel.file_description": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text", "norms": false } } },
        "zeek.intel.file_mime_type": { "type": "keyword" },
        "zeek.intel.matched": { "type": "keyword" },
        "zeek.intel.seen_indicator": { "type": "keyword" },
        "zeek.intel.seen_indicator_type": { "type": "keyword" },
        "zeek.intel.seen_node": { "type": "keyword" },
        "zeek.intel.seen_where": { "type": "keyword" },
        "zeek.intel.sources": { "type": "keyword" },
        "zeek.ipsec.certificates": { "type": "keyword" },
        "zeek.ipsec.exchange_type": { "type": "integer" },
        "zeek.ipsec.flag_a": { "type": "keyword" },
        "zeek.ipsec.flag_c": { "type": "keyword" },
        "zeek.ipsec.flag_e": { "type": "keyword" },
        "zeek.ipsec.flag_i": { "type": "keyword" },
        "zeek.ipsec.flag_r": { "type": "keyword" },
        "zeek.ipsec.flag_v": { "type": "keyword" },
        "zeek.ipsec.flags": { "type": "keyword" },
        "zeek.ipsec.hash": { "type": "keyword" },
        "zeek.ipsec.initiator_spi": { "type": "keyword" },
        "zeek.ipsec.is_orig": { "type": "keyword" },
        "zeek.ipsec.ke_dh_groups": { "type": "integer" },
        "zeek.ipsec.length": { "type": "integer" },
        "zeek.ipsec.maj_ver": { "type": "integer" },
        "zeek.ipsec.message_id": { "type": "keyword" },
        "zeek.ipsec.min_ver": { "type": "integer" },
        "zeek.ipsec.notify_messages": { "type": "keyword" },
        "zeek.ipsec.proposals": { "type": "integer" },
        "zeek.ipsec.responder_spi": { "type": "keyword" },
        "zeek.ipsec.transform_attributes": { "type": "keyword" },
        "zeek.ipsec.transforms": { "type": "keyword" },
        "zeek.ipsec.vendor_ids": { "type": "keyword" },
        "zeek.irc.addl": { "type": "keyword" },
        "zeek.irc.command": { "type": "keyword" },
        "zeek.irc.dcc_file_name": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },
        "zeek.irc.dcc_file_size": { "type": "long" },
        "zeek.irc.dcc_mime_type": { "type": "keyword" },
        "zeek.irc.nick": { "type": "keyword" },
        "zeek.irc.value": { "type": "keyword" },
        "zeek.iso_cotp.pdu_type": { "type": "keyword" },
        "zeek.kerberos.cipher": { "type": "keyword" },
        "zeek.kerberos.client_cert_fuid": { "type": "keyword" },
        "zeek.kerberos.client_cert_subject": { "type": "keyword" },
        "zeek.kerberos.cname": { "type": "keyword" },
        "zeek.kerberos.error_msg": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },
        "zeek.kerberos.forwardable": { "type": "keyword" },
        "zeek.kerberos.from": { "type": "date" },
        "zeek.kerberos.renewable": { "type": "keyword" },
        "zeek.kerberos.request_type": { "type": "keyword" },
        "zeek.kerberos.server_cert_fuid": { "type": "keyword" },
        "zeek.kerberos.server_cert_subject": { "type": "keyword" },
        "zeek.kerberos.sname": { "type": "keyword" },
        "zeek.kerberos.success": { "type": "keyword" },
        "zeek.kerberos.till": { "type": "date" },
        "zeek.known_certs.issuer_subject": { "type": "keyword" },
        "zeek.known_certs.serial": { "type": "keyword" },
        "zeek.known_certs.subject": { "type": "keyword" },
        "zeek.known_modbus.device_type": { "type": "keyword" },
        "zeek.ldap.argument": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text", "norms": false } } },
        "zeek.ldap.message_id": { "type": "keyword" },
        "zeek.ldap.object": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },
        "zeek.ldap.operation": { "type": "keyword" },
        "zeek.ldap.result_code": { "type": "keyword" },
        "zeek.ldap.result_message": { "type": "keyword" },
        "zeek.ldap.version": { "type": "integer" },
        "zeek.ldap_search.attributes": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text", "norms": false } } },
        "zeek.ldap_search.base_object": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },
        "zeek.ldap_search.deref": { "type": "keyword" },
        "zeek.ldap_search.filter": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text", "norms": false } } },
        "zeek.ldap_search.message_id": { "type": "keyword" },
        "zeek.ldap_search.result_code": { "type": "keyword" },
        "zeek.ldap_search.result_count": { "type": "integer" },
        "zeek.ldap_search.result_message": { "type": "keyword" },
        "zeek.ldap_search.scope": { "type": "keyword" },
        "zeek.login.client_user": { "type": "keyword", "ignore_above": 256, "fields": { "text": { "type": "text" } } },
        "zeek.login.confused": { "type": "keyword" },
        "zeek.login.success": { "type": "keyword" },
        "zeek.modbus.exception": { "type": "keyword" },
        "zeek.modbus.func": { "type": "keyword" },
        "zeek.modbus_detailed.address": { "type": "integer" },
        "zeek.modbus_detailed.func": { "type": "keyword" },
        "zeek.modbus_detailed.network_direction": { "type": "keyword" },
        "zeek.modbus_detailed.quantity": { "type": "integer" },
        "zeek.modbus_detailed.unit_id": { "type": "integer" },
        "zeek.modbus_detailed.values": { "type": "keyword" },
        "zeek.modbus_mask_write_register.address": { "type": "integer" },
        "zeek.modbus_mask_write_register.and_mask": { "type": "integer" },
        "zeek.modbus_mask_write_register.func": { "type": "keyword" },
        "zeek.modbus_mask_write_register.network_direction": { "type": "keyword" },
        "zeek.modbus_mask_write_register.or_mask": { "type": "integer" },
        "zeek.modbus_mask_write_register.unit_id": { "type": "integer" },
        "zeek.modbus_read_write_multiple_registers.func": { "type": "keyword" },
        "zeek.modbus_read_write_multiple_registers.network_direction": { "type": "keyword" },
        "zeek.modbus_read_write_multiple_registers.read_quantity": { "type": "integer" },
        "zeek.modbus_read_write_multiple_registers.read_registers": { "type": "keyword" },
        "zeek.modbus_read_write_multiple_registers.read_start_address": { "type": "integer" },
        "zeek.modbus_read_write_multiple_registers.unit_id": { "type": "integer" },
        "zeek.modbus_read_write_multiple_registers.write_registers": { "type": "keyword" },
        "zeek.modbus_read_write_multiple_registers.write_start_address": { "type": "integer" },
        "zeek.mqtt_connect.client_id": { "type": "keyword" },
        "zeek.mqtt_connect.connect_status": { "type": "keyword" },
        "zeek.mqtt_connect.proto_name": { "type": "keyword" },
        "zeek.mqtt_connect.proto_version": { "type": "keyword" },
        "zeek.mqtt_connect.will_payload": { "type": "keyword" },
        "zeek.mqtt_connect.will_topic": { "type": "keyword" },
        "zeek.mqtt_publish.from_client": { "type": "keyword" },
        "zeek.mqtt_publish.payload": { "type": "keyword" },
        "zeek.mqtt_publish.payload_dict.messageType": { "type": "keyword" },
        "zeek.mqtt_publish.payload_len": { "type": "integer" },
        "zeek.mqtt_publish.qos": { "type": "keyword" },
        "zeek.mqtt_publish.retain": { "type": "keyword" },
        "zeek.mqtt_publish.status": { "type": "keyword" },
        "zeek.mqtt_publish.topic": { "type": "keyword" },
        "zeek.mqtt_subscribe.ack": { "type": "keyword" },
        "zeek.mqtt_subscribe.action": { "type": "keyword" },
        "zeek.mqtt_subscribe.granted_qos_level": { "type": "integer" },
        "zeek.mqtt_subscribe.qos_levels": { "type": "integer" },
        "zeek.mqtt_subscribe.topics": { "type": "keyword" },
        "zeek.mysql.arg": { "type": "keyword", "ignore_above": 16384, "fields": { "text": { "type": "text", "norms": false } } },
        "zeek.mysql.cmd": { "type": "keyword" },
        "zeek.mysql.response": { "type": "keyword", "ignore_above": 16384, "fields": { "text": { "type": "text" } } },
        "zeek.mysql.rows": { "type": "integer" },
        "zeek.mysql.success": { "type": "keyword" },
        "zeek.noise.enc_cookie": { "type": "keyword" },
        "zeek.noise.enc_nothing": { "type": "keyword" },
        "zeek.noise.enc_payload": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text", "norms": false } } },
        "zeek.noise.enc_payload_len": { "type": "integer" },
        "zeek.noise.enc_static": { "type": "keyword" },
        "zeek.noise.enc_timestamp": { "type": "keyword" },
        "zeek.noise.mac1": { "type": "keyword" },
        "zeek.noise.mac2": { "type": "keyword" },
        "zeek.noise.msg_type": { "type": "keyword" },
        "zeek.noise.nonce": { "type": "keyword" },
        "zeek.noise.receiver": { "type": "keyword" },
        "zeek.noise.sender": { "type": "keyword" },
        "zeek.noise.unenc_ephemeral": { "type": "keyword" },
        "zeek.notice.actions": { "type": "keyword" },
        "zeek.notice.category": { "type": "keyword" },
        "zeek.notice.dropped": { "type": "keyword" },
        "zeek.notice.dst": { "type": "ip" },
        "zeek.notice.file_desc": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text", "norms": false } } },
        "zeek.notice.file_mime_type": { "type": "keyword" },
        "zeek.notice.msg": { "type": "keyword", "ignore_above": 16384, "fields": { "text": { "type": "text", "norms": false } } },
        "zeek.notice.n": { "type": "integer" },
        "zeek.notice.note": { "type": "keyword" },
        "zeek.notice.p": { "type": "integer" },
        "zeek.notice.peer_descr": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text", "norms": false } } },
        "zeek.notice.remote_location_city": { "type": "keyword", "ignore_above": 128, "fields": { "text": { "type": "text" } } },
        "zeek.notice.remote_location_country_code": { "type": "keyword" },
        "zeek.notice.remote_location_latitude": { "type": "float" },
        "zeek.notice.remote_location_longitude": { "type": "float" },
        "zeek.notice.remote_location_region": { "type": "keyword", "ignore_above": 128, "fields": { "text": { "type": "text" } } },
        "zeek.notice.src": { "type": "ip" },
        "zeek.notice.sub": { "type": "keyword", "ignore_above": 16384, "fields": { "text": { "type": "text", "norms": false } } },
        "zeek.notice.sub_category": { "type": "keyword" },
        "zeek.notice.suppress_for": { "type": "float" },
        "zeek.ntlm.domain": { "type": "keyword" },
        "zeek.ntlm.host": { "type": "keyword" },
        "zeek.ntlm.server_dns_computer": { "type": "keyword" },
        "zeek.ntlm.server_nb_computer": { "type": "keyword" },
        "zeek.ntlm.server_tree": { "type": "keyword" },
        "zeek.ntlm.status": { "type": "keyword" },
        "zeek.ntlm.success": { "type": "keyword" },
        "zeek.ntp.mode": { "type": "keyword" },
        "zeek.ntp.mode_str": { "type": "keyword" },
        "zeek.ntp.num_exts": { "type": "integer" },
        "zeek.ntp.org_time": { "type": "date" },
        "zeek.ntp.poll": { "type": "float" },
        "zeek.ntp.precision": { "type": "float" },
        "zeek.ntp.rec_time": { "type": "date" },
        "zeek.ntp.ref_id": { "type": "keyword" },
        "zeek.ntp.ref_time": { "type": "date" },
        "zeek.ntp.root_delay": { "type": "float" },
        "zeek.ntp.root_disp": { "type": "float" },
        "zeek.ntp.stratum": { "type": "keyword" },
        "zeek.ntp.version": { "type": "integer" },
        "zeek.ntp.xmt_time": { "type": "date" },
        "zeek.ocsp.certStatus": { "type": "keyword" },
        "zeek.ocsp.hashAlgorithm": { "type": "keyword" },
        "zeek.ocsp.issuerKeyHash": { "type": "keyword" },
        "zeek.ocsp.issuerNameHash": { "type": "keyword" },
        "zeek.ocsp.nextUpdate": { "type": "date" },
        "zeek.ocsp.revokereason": { "type": "keyword" },
        "zeek.ocsp.revoketime": { "type": "date" },
        "zeek.ocsp.serialNumber": { "type": "keyword" },
        "zeek.ocsp.thisUpdate": { "type": "date" },
        "zeek.opcua_binary.encoding_mask": { "type": "long" },
        "zeek.opcua_binary.endpoint_url": { "type": "keyword" },
        "zeek.opcua_binary.error": { "type": "long" },
        "zeek.opcua_binary.identifier": { "type": "long" },
        "zeek.opcua_binary.identifier_str": { "type": "keyword" },
        "zeek.opcua_binary.is_final": { "type": "keyword" },
        "zeek.opcua_binary.max_chunk_cnt": { "type": "long" },
        "zeek.opcua_binary.max_msg_size": { "type": "long" },
        "zeek.opcua_binary.msg_size": { "type": "long" },
        "zeek.opcua_binary.msg_type": { "type": "keyword" },
        "zeek.opcua_binary.namespace_idx": { "type": "long" },
        "zeek.opcua_binary.opcua_id": { "type": "keyword" },
        "zeek.opcua_binary.rcv_buf_size": { "type": "long" },
        "zeek.opcua_binary.rcv_cert": { "type": "keyword" },
        "zeek.opcua_binary.rcv_cert_len": { "type": "integer" },
        "zeek.opcua_binary.reason": { "type": "keyword" },
        "zeek.opcua_binary.req_hdr_add_hdr_enc_mask": { "type": "long" },
        "zeek.opcua_binary.req_hdr_add_hdr_type_id": { "type": "long" },
        "zeek.opcua_binary.req_hdr_audit_entry_id": { "type": "keyword" },
        "zeek.opcua_binary.req_hdr_node_id_guid": { "type": "keyword" },
        "zeek.opcua_binary.req_hdr_node_id_namespace_idx": { "type": "long" },
        "zeek.opcua_binary.req_hdr_node_id_numeric": { "type": "long" },
        "zeek.opcua_binary.req_hdr_node_id_opaque": { "type": "keyword" },
        "zeek.opcua_binary.req_hdr_node_id_string": { "type": "keyword" },
        "zeek.opcua_binary.req_hdr_node_id_type": { "type": "keyword" },
        "zeek.opcua_binary.req_hdr_request_handle": { "type": "long" },
        "zeek.opcua_binary.req_hdr_return_diag": { "type": "long" },
        "zeek.opcua_binary.req_hdr_timeout_hint": { "type": "date" },
        "zeek.opcua_binary.req_hdr_timestamp": { "type": "date" },
        "zeek.opcua_binary.request_id": { "type": "long" },
        "zeek.opcua_binary.res_hdr_add_hdr_enc_mask": { "type": "long" },
        "zeek.opcua_binary.res_hdr_add_hdr_type_id": { "type": "long" },
        "zeek.opcua_binary.res_hdr_request_handle": { "type": "long" },
        "zeek.opcua_binary.res_hdr_service_diag_encoding": { "type": "long" },
        "zeek.opcua_binary.res_hdr_service_result": { "type": "long" },
        "zeek.opcua_binary.res_hdr_timestamp": { "type": "date" },
        "zeek.opcua_binary.sec_channel_id": { "type": "long" },
        "zeek.opcua_binary.sec_policy_uri": { "type": "keyword" },
        "zeek.opcua_binary.sec_policy_uri_len": { "type": "integer" },
        "zeek.opcua_binary.seq_number": { "type": "long" },
        "zeek.opcua_binary.snd_buf_size": { "type": "long" },
        "zeek.opcua_binary.snd_cert": { "type": "keyword" },
        "zeek.opcua_binary.snd_cert_len": { "type": "integer" },
        "zeek.opcua_binary.version": { "type": "long" },
        "zeek.opcua_binary_diag_info_detail.addl_info": { "type": "keyword" },
        "zeek.opcua_binary_diag_info_detail.has_addl_info": { "type": "keyword" },
        "zeek.opcua_binary_diag_info_detail.has_inner_diag_info": { "type": "keyword" },
        "zeek.opcua_binary_diag_info_detail.has_inner_stat_code": { "type": "keyword" },
        "zeek.opcua_binary_diag_info_detail.has_locale": { "type": "keyword" },
        "zeek.opcua_binary_diag_info_detail.has_locale_txt": { "type": "keyword" },
        "zeek.opcua_binary_diag_info_detail.has_namespace_uri": { "type": "keyword" },
        "zeek.opcua_binary_diag_info_detail.has_symbolic_id": { "type": "keyword" },
        "zeek.opcua_binary_diag_info_detail.inner_diag_level": { "type": "long" },
        "zeek.opcua_binary_diag_info_detail.inner_stat_code": { "type": "keyword" },
        "zeek.opcua_binary_diag_info_detail.locale": { "type": "long" },
        "zeek.opcua_binary_diag_info_detail.locale_str": { "type": "keyword" },
        "zeek.opcua_binary_diag_info_detail.locale_txt": { "type": "long" },
        "zeek.opcua_binary_diag_info_detail.locale_txt_str": { "type": "keyword" },
        "zeek.opcua_binary_diag_info_detail.namespace_uri": { "type": "long" },
        "zeek.opcua_binary_diag_info_detail.namespace_uri_str": { "type": "keyword" },
        "zeek.opcua_binary_diag_info_detail.symbolic_id": { "type": "long" },
        "zeek.opcua_binary_diag_info_detail.symbolic_id_str": { "type": "keyword" },
        "zeek.opcua_binary_get_endpoints.application_type": { "type": "long" },
        "zeek.opcua_binary_get_endpoints.application_uri": { "type": "keyword" },
        "zeek.opcua_binary_get_endpoints.cert_size": { "type": "long" },
        "zeek.opcua_binary_get_endpoints.discovery_profile_id": { "type": "keyword" },
        "zeek.opcua_binary_get_endpoints.encoding_mask": { "type": "long" },
        "zeek.opcua_binary_get_endpoints.endpoint_url": { "type": "keyword" },
        "zeek.opcua_binary_get_endpoints.gateway_server_uri": { "type": "keyword" },
        "zeek.opcua_binary_get_endpoints.locale": { "type": "keyword" },
        "zeek.opcua_binary_get_endpoints.locale_id": { "type": "keyword" },
        "zeek.opcua_binary_get_endpoints.message_security_mode": { "type": "long" },
        "zeek.opcua_binary_get_endpoints.product_uri": { "type": "keyword" },
        "zeek.opcua_binary_get_endpoints.profile_uri": { "type": "keyword" },
        "zeek.opcua_binary_get_endpoints.security_level": { "type": "long" },
        "zeek.opcua_binary_get_endpoints.security_policy_uri": { "type": "keyword" },
        "zeek.opcua_binary_get_endpoints.server_cert": { "type": "keyword" },
        "zeek.opcua_binary_get_endpoints.text": { "type": "keyword" },
        "zeek.opcua_binary_get_endpoints.transport_profile_uri": { "type": "keyword" },
        "zeek.opcua_binary_get_endpoints.user_token_id": { "type": "keyword" },
        "zeek.opcua_binary_get_endpoints_discovery.discovery_profile_id": { "type": "keyword" },
        "zeek.opcua_binary_get_endpoints_discovery.discovery_profile_uri": { "type": "keyword" },
        "zeek.opcua_binary_get_endpoints_discovery.discovery_profile_url": { "type": "keyword" },
        "zeek.opcua_binary_get_endpoints_user_token.user_token_endpoint_url": { "type": "keyword" },
        "zeek.opcua_binary_get_endpoints_user_token.user_token_id": { "type": "keyword" },
        "zeek.opcua_binary_get_endpoints_user_token.user_token_issued_type": { "type": "keyword" },
        "zeek.opcua_binary_get_endpoints_user_token.user_token_policy_id": { "type": "keyword" },
        "zeek.opcua_binary_get_endpoints_user_token.user_token_sec_policy_uri": { "type": "keyword" },
        "zeek.opcua_binary_get_endpoints_user_token.user_token_type": { "type": "long" },
        "zeek.opcua_binary_opensecure_channel.client_nonce": { "type": "keyword" },
        "zeek.opcua_binary_opensecure_channel.client_proto_ver": { "type": "long" },
        "zeek.opcua_binary_opensecure_channel.message_security_mode": { "type": "long" },
        "zeek.opcua_binary_opensecure_channel.req_lifetime": { "type": "long" },
        "zeek.opcua_binary_opensecure_channel.sec_token_created_at": { "type": "date" },
        "zeek.opcua_binary_opensecure_channel.sec_token_id": { "type": "long" },
        "zeek.opcua_binary_opensecure_channel.sec_token_request_type": { "type": "long" },
        "zeek.opcua_binary_opensecure_channel.sec_token_revised_time": { "type": "long" },
        "zeek.opcua_binary_opensecure_channel.sec_token_sec_channel_id": { "type": "long" },
        "zeek.opcua_binary_opensecure_channel.server_nonce": { "type": "keyword" },
        "zeek.opcua_binary_opensecure_channel.server_proto_ver": { "type": "long" },
        "zeek.opcua_binary_status_code_detail.historian_bits": { "type": "long" },
        "zeek.opcua_binary_status_code_detail.historian_bits_str": { "type": "keyword" },
        "zeek.opcua_binary_status_code_detail.historianExtraData": { "type": "keyword" },
        "zeek.opcua_binary_status_code_detail.historianMultiValue": { "type": "keyword" },
        "zeek.opcua_binary_status_code_detail.historianPartial": { "type": "keyword" },
        "zeek.opcua_binary_status_code_detail.info_type": { "type": "long" },
        "zeek.opcua_binary_status_code_detail.info_type_str": { "type": "keyword" },
        "zeek.opcua_binary_status_code_detail.limit_bits": { "type": "long" },
        "zeek.opcua_binary_status_code_detail.limit_bits_str": { "type": "keyword" },
        "zeek.opcua_binary_status_code_detail.overflow": { "type": "keyword" },
        "zeek.opcua_binary_status_code_detail.semantics_changed": { "type": "keyword" },
        "zeek.opcua_binary_status_code_detail.severity": { "type": "long" },
        "zeek.opcua_binary_status_code_detail.severity_str": { "type": "keyword" },
        "zeek.opcua_binary_status_code_detail.source": { "type": "long" },
        "zeek.opcua_binary_status_code_detail.source_str": { "type": "keyword" },
        "zeek.opcua_binary_status_code_detail.status_code": { "type": "keyword" },
        "zeek.opcua_binary_status_code_detail.structure_changed": { "type": "keyword" },
        "zeek.opcua_binary_status_code_detail.sub_code": { "type": "long" },
        "zeek.opcua_binary_status_code_detail.sub_code_str": { "type": "keyword" },
        "zeek.ospf.advert_router": { "type": "ip" },
        "zeek.ospf.area_id": { "type": "ip" },
        "zeek.ospf.backup_router": { "type": "ip" },
        "zeek.ospf.desig_router": { "type": "ip" },
        "zeek.ospf.dest_router_id": { "type": "ip" },
        "zeek.ospf.fwd_addrs": { "type": "ip" },
        "zeek.ospf.interface_id": { "type": "integer" },
        "zeek.ospf.intra_prefixes": { "type": "keyword" },
        "zeek.ospf.link_data": { "type": "ip" },
        "zeek.ospf.link_id": { "type": "ip" },
        "zeek.ospf.link_prefixes": { "type": "keyword" },
        "zeek.ospf.link_state_id": { "type": "ip" },
        "zeek.ospf.link_type": { "type": "keyword" },
        "zeek.ospf.lsa_type": { "type": "keyword" },
        "zeek.ospf.metric": { "type": "integer" },
        "zeek.ospf.metrics": { "type": "long" },
        "zeek.ospf.neighbor_interface_id": { "type": "integer" },
        "zeek.ospf.neighbor_router_id": { "type": "ip" },
        "zeek.ospf.neighbors": { "type": "ip" },
        "zeek.ospf.netmask": { "type": "ip" },
        "zeek.ospf.ospf_type": { "type": "keyword" },
        "zeek.ospf.prefix": { "type": "keyword" },
        "zeek.ospf.route_tags": { "type": "integer" },
        "zeek.ospf.router_id": { "type": "ip" },
        "zeek.ospf.routers": { "type": "ip" },
        "zeek.ospf.version": { "type": "integer" },
        "zeek.pe.compile_ts": { "type": "date" },
        "zeek.pe.has_cert_table": { "type": "keyword" },
        "zeek.pe.has_debug_data": { "type": "keyword" },
        "zeek.pe.has_export_table": { "type": "keyword" },
        "zeek.pe.has_import_table": { "type": "keyword" },
        "zeek.pe.is_64bit": { "type": "keyword" },
        "zeek.pe.is_exe": { "type": "keyword" },
        "zeek.pe.machine": { "type": "keyword" },
        "zeek.pe.os": { "type": "keyword" },
        "zeek.pe.section_names": { "type": "keyword" },
        "zeek.pe.subsystem": { "type": "keyword" },
        "zeek.pe.uses_aslr": { "type": "keyword" },
        "zeek.pe.uses_code_integrity": { "type": "keyword" },
        "zeek.pe.uses_dep": { "type": "keyword" },
        "zeek.pe.uses_seh": { "type": "keyword" },
        "zeek.profinet.block_version": { "type": "keyword" },
        "zeek.profinet.index": { "type": "keyword" },
        "zeek.profinet.operation_type": { "type": "keyword" },
        "zeek.profinet.slot_number": { "type": "integer" },
        "zeek.profinet.subslot_number": { "type": "integer" },
        "zeek.profinet_dce_rpc.activity_uuid": { "type": "keyword" },
        "zeek.profinet_dce_rpc.interface_uuid": { "type": "keyword" },
        "zeek.profinet_dce_rpc.object_uuid": { "type": "keyword" },
        "zeek.profinet_dce_rpc.operation": { "type": "keyword" },
        "zeek.profinet_dce_rpc.packet_type": { "type": "keyword" },
        "zeek.profinet_dce_rpc.server_boot_time": { "type": "integer" },
        "zeek.profinet_dce_rpc.version": { "type": "integer" },
        "zeek.radius.connect_info": { "type": "keyword" },
        "zeek.radius.framed_addr": { "type": "ip" },
        "zeek.radius.mac": { "type": "keyword" },
        "zeek.radius.reply_msg": { "type": "keyword" },
        "zeek.radius.result": { "type": "keyword" },
        "zeek.radius.ttl": { "type": "float" },
        "zeek.radius.tunnel_client": { "type": "keyword" },
        "zeek.rdp.cert_count": { "type": "integer" },
        "zeek.rdp.cert_permanent": { "type": "keyword" },
        "zeek.rdp.cert_type": { "type": "keyword" },
        "zeek.rdp.client_build": { "type": "keyword" },
        "zeek.rdp.client_channels": { "type": "keyword" },
        "zeek.rdp.client_dig_product_id": { "type": "keyword" },
        "zeek.rdp.client_name": { "type": "keyword" },
        "zeek.rdp.cookie": { "type": "keyword" },
        "zeek.rdp.desktop_height": { "type": "integer" },
        "zeek.rdp.desktop_width": { "type": "integer" },
        "zeek.rdp.encryption_level": { "type": "keyword" },
        "zeek.rdp.encryption_method": { "type": "keyword" },
        "zeek.rdp.keyboard_layout": { "type": "keyword" },
        "zeek.rdp.requested_color_depth": { "type": "keyword" },
        "zeek.rdp.result": { "type": "keyword" },
        "zeek.rdp.security_protocol": { "type": "keyword" },
        "zeek.rfb.auth": { "type": "keyword" },
        "zeek.rfb.authentication_method": { "type": "keyword" },
        "zeek.rfb.client_major_version": { "type": "keyword" },
        "zeek.rfb.client_minor_version": { "type": "keyword" },
        "zeek.rfb.desktop_name": { "type": "keyword" },
        "zeek.rfb.height": { "type": "integer" },
        "zeek.rfb.server_major_version": { "type": "keyword" },
        "zeek.rfb.server_minor_version": { "type": "keyword" },
        "zeek.rfb.share_flag": { "type": "keyword" },
        "zeek.rfb.width": { "type": "integer" },
        "zeek.s7comm.data_info": { "type": "keyword" },
        "zeek.s7comm.item_count": { "type": "integer" },
        "zeek.s7comm.parameter": { "type": "keyword", "ignore_above": 16384, "fields": { "text": { "type": "text", "norms": false } } },
        "zeek.s7comm.parameters.class": { "type": "keyword" },
        "zeek.s7comm.parameters.code": { "type": "keyword" },
        "zeek.s7comm.parameters.group": { "type": "keyword" },
        "zeek.s7comm.parameters.mode": { "type": "keyword" },
        "zeek.s7comm.parameters.sub": { "type": "keyword" },
        "zeek.s7comm.parameters.type": { "type": "keyword" },
        "zeek.s7comm.rosctr": { "type": "keyword" },
        "zeek.signatures.engine": { "type": "keyword" },
        "zeek.signatures.event_message": { "type": "keyword", "ignore_above": 16384, "fields": { "text": { "type": "text", "norms": false } } },
        "zeek.signatures.hits": { "type": "nested" },
        "zeek.signatures.host_count": { "type": "integer" },
        "zeek.signatures.note": { "type": "keyword", "ignore_above": 16384, "fields": { "text": { "type": "text", "norms": false } } },
        "zeek.signatures.signature_count": { "type": "integer" },
        "zeek.signatures.signature_id": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text", "norms": false } } },
        "zeek.signatures.sub_message": { "type": "keyword", "ignore_above": 16384, "fields": { "text": { "type": "text", "norms": false } } },
        "zeek.sip.call_id": { "type": "keyword" },
        "zeek.sip.content_type": { "type": "keyword" },
        "zeek.sip.date": { "type": "keyword" },
        "zeek.sip.method": { "type": "keyword" },
        "zeek.sip.reply_to": { "type": "keyword" },
        "zeek.sip.request_body_len": { "type": "integer" },
        "zeek.sip.request_from": { "type": "keyword" },
        "zeek.sip.request_path": { "type": "keyword" },
        "zeek.sip.request_to": { "type": "keyword" },
        "zeek.sip.response_body_len": { "type": "integer" },
        "zeek.sip.response_from": { "type": "keyword" },
        "zeek.sip.response_path": { "type": "keyword" },
        "zeek.sip.response_to": { "type": "keyword" },
        "zeek.sip.seq": { "type": "keyword" },
        "zeek.sip.status_code": { "type": "short" },
        "zeek.sip.status_msg": { "type": "keyword" },
        "zeek.sip.subject": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },
        "zeek.sip.trans_depth": { "type": "integer" },
        "zeek.sip.uri": { "type": "keyword", "ignore_above": 16384, "fields": { "text": { "type": "text" } } },
        "zeek.sip.user_agent": { "type": "keyword", "ignore_above": 256, "fields": { "text": { "type": "text" } } },
        "zeek.sip.version": { "type": "keyword" },
        "zeek.sip.warning": { "type": "keyword" },
        "zeek.smb_cmd.argument": { "type": "keyword" },
        "zeek.smb_cmd.command": { "type": "keyword" },
        "zeek.smb_cmd.rtt": { "type": "float" },
        "zeek.smb_cmd.status": { "type": "keyword" },
        "zeek.smb_cmd.sub_command": { "type": "keyword" },
        "zeek.smb_cmd.tree": { "type": "keyword" },
        "zeek.smb_cmd.tree_service": { "type": "keyword" },
        "zeek.smb_cmd.user": { "type": "keyword", "ignore_above": 256, "fields": { "text": { "type": "text" } } },
        "zeek.smb_cmd.version": { "type": "keyword" },
        "zeek.smb_files.action": { "type": "keyword" },
        "zeek.smb_files.data_len_req": { "type": "long" },
        "zeek.smb_files.data_len_rsp": { "type": "long" },
        "zeek.smb_files.data_offset_req": { "type": "long" },
        "zeek.smb_files.name": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },
        "zeek.smb_files.path": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },
        "zeek.smb_files.prev_name": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },
        "zeek.smb_files.size": { "type": "long" },
        "zeek.smb_files.times_accessed": { "type": "date" },
        "zeek.smb_files.times_changed": { "type": "date" },
        "zeek.smb_files.times_created": { "type": "date" },
        "zeek.smb_files.times_modified": { "type": "date" },
        "zeek.smb_files.ts": { "type": "date" },
        "zeek.smb_mapping.native_file_system": { "type": "keyword" },
        "zeek.smb_mapping.path": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },
        "zeek.smb_mapping.resource_type": { "type": "keyword" },
        "zeek.smb_mapping.share_type": { "type": "keyword" },
        "zeek.smtp.cc": { "type": "keyword" },
        "zeek.smtp.date": { "type": "keyword" },
        "zeek.smtp.first_received": { "type": "keyword" },
        "zeek.smtp.from": { "type": "keyword" },
        "zeek.smtp.helo": { "type": "keyword" },
        "zeek.smtp.in_reply_to": { "type": "keyword" },
        "zeek.smtp.is_webmail": { "type": "keyword" },
        "zeek.smtp.last_reply": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },
        "zeek.smtp.last_reply_code": { "type": "keyword" },
        "zeek.smtp.last_reply_msg": { "type": "keyword" },
        "zeek.smtp.mailfrom": { "type": "keyword" },
        "zeek.smtp.msg_id": { "type": "keyword" },
        "zeek.smtp.path": { "type": "ip" },
        "zeek.smtp.rcptto": { "type": "keyword" },
        "zeek.smtp.reply_to": { "type": "keyword" },
        "zeek.smtp.second_received": { "type": "keyword" },
        "zeek.smtp.subject": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },
        "zeek.smtp.tls": { "type": "keyword" },
        "zeek.smtp.to": { "type": "keyword" },
        "zeek.smtp.trans_depth": { "type": "integer" },
        "zeek.smtp.user_agent": { "type": "keyword", "ignore_above": 256, "fields": { "text": { "type": "text" } } },
        "zeek.smtp.x_originating_ip": { "type": "ip" },
        "zeek.snmp.community": { "type": "keyword" },
        "zeek.snmp.display_string": { "type": "keyword" },
        "zeek.snmp.duration": { "type": "float" },
        "zeek.snmp.get_bulk_requests": { "type": "integer" },
        "zeek.snmp.get_requests": { "type": "integer" },
        "zeek.snmp.get_responses": { "type": "integer" },
        "zeek.snmp.set_requests": { "type": "integer" },
        "zeek.snmp.up_since": { "type": "date" },
        "zeek.snmp.version": { "type": "keyword" },
        "zeek.socks.bound_host": { "type": "ip" },
        "zeek.socks.bound_name": { "type": "keyword" },
        "zeek.socks.bound_port": { "type": "integer" },
        "zeek.socks.request_host": { "type": "ip" },
        "zeek.socks.request_name": { "type": "keyword" },
        "zeek.socks.request_port": { "type": "integer" },
        "zeek.socks.server_status": { "type": "keyword" },
        "zeek.socks.version": { "type": "integer" },
        "zeek.software.name": { "type": "keyword", "ignore_above": 256, "fields": { "text": { "type": "text" } } },
        "zeek.software.software_type": { "type": "keyword" },
        "zeek.software.unparsed_version": { "type": "keyword", "ignore_above": 1024 },
        "zeek.software.version_addl": { "type": "keyword", "ignore_above": 1024 },
        "zeek.software.version_major": { "type": "integer" },
        "zeek.software.version_minor": { "type": "integer" },
        "zeek.software.version_minor2": { "type": "integer" },
        "zeek.software.version_minor3": { "type": "integer" },
        "zeek.ssh.auth_attempts": { "type": "integer" },
        "zeek.ssh.auth_success": { "type": "keyword" },
        "zeek.ssh.cipher_alg": { "type": "keyword" },
        "zeek.ssh.client": { "type": "keyword" },
        "zeek.ssh.compression_alg": { "type": "keyword" },
        "zeek.ssh.cshka": { "type": "keyword" },
        "zeek.ssh.direction": { "type": "keyword" },
        "zeek.ssh.hassh": { "type": "keyword" },
        "zeek.ssh.hasshAlgorithms": { "type": "keyword" },
        "zeek.ssh.hasshServer": { "type": "keyword" },
        "zeek.ssh.hasshServerAlgorithms": { "type": "keyword" },
        "zeek.ssh.hasshVersion": { "type": "keyword" },
        "zeek.ssh.host_key": { "type": "keyword" },
        "zeek.ssh.host_key_alg": { "type": "keyword" },
        "zeek.ssh.kex_alg": { "type": "keyword" },
        "zeek.ssh.mac_alg": { "type": "keyword" },
        "zeek.ssh.remote_location_city": { "type": "keyword", "ignore_above": 128, "fields": { "text": { "type": "text" } } },
        "zeek.ssh.remote_location_country_code": { "type": "keyword" },
        "zeek.ssh.remote_location_latitude": { "type": "float" },
        "zeek.ssh.remote_location_longitude": { "type": "float" },
        "zeek.ssh.remote_location_region": { "type": "keyword", "ignore_above": 128, "fields": { "text": { "type": "text" } } },
        "zeek.ssh.server": { "type": "keyword" },
        "zeek.ssh.sshka": { "type": "keyword" },
        "zeek.ssh.version": { "type": "integer" },
        "zeek.ssl.cert_chain_fps": { "type": "keyword" },
        "zeek.ssl.cert_chain_fuids": { "type": "keyword" },
        "zeek.ssl.cipher": { "type": "keyword" },
        "zeek.ssl.client_cert_chain_fps": { "type": "keyword" },
        "zeek.ssl.client_cert_chain_fuids": { "type": "keyword" },
        "zeek.ssl.client_issuer.C": { "type": "keyword" },
        "zeek.ssl.client_issuer.CN": { "type": "keyword" },
        "zeek.ssl.client_issuer.DC": { "type": "keyword" },
        "zeek.ssl.client_issuer.emailAddress": { "type": "keyword" },
        "zeek.ssl.client_issuer.GN": { "type": "keyword" },
        "zeek.ssl.client_issuer.initials": { "type": "keyword" },
        "zeek.ssl.client_issuer.L": { "type": "keyword" },
        "zeek.ssl.client_issuer.O": { "type": "keyword" },
        "zeek.ssl.client_issuer.OU": { "type": "keyword" },
        "zeek.ssl.client_issuer.pseudonym": { "type": "keyword" },
        "zeek.ssl.client_issuer.serialNumber": { "type": "keyword" },
        "zeek.ssl.client_issuer.SN": { "type": "keyword" },
        "zeek.ssl.client_issuer.ST": { "type": "keyword" },
        "zeek.ssl.client_issuer.title": { "type": "keyword" },
        "zeek.ssl.client_issuer_full": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },
        "zeek.ssl.client_subject.C": { "type": "keyword" },
        "zeek.ssl.client_subject.CN": { "type": "keyword" },
        "zeek.ssl.client_subject.emailAddress": { "type": "keyword" },
        "zeek.ssl.client_subject.GN": { "type": "keyword" },
        "zeek.ssl.client_subject.initials": { "type": "keyword" },
        "zeek.ssl.client_subject.L": { "type": "keyword" },
        "zeek.ssl.client_subject.O": { "type": "keyword" },
        "zeek.ssl.client_subject.OU": { "type": "keyword" },
        "zeek.ssl.client_subject.pseudonym": { "type": "keyword" },
        "zeek.ssl.client_subject.serialNumber": { "type": "keyword" },
        "zeek.ssl.client_subject.SN": { "type": "keyword" },
        "zeek.ssl.client_subject.ST": { "type": "keyword" },
        "zeek.ssl.client_subject.title": { "type": "keyword" },
        "zeek.ssl.client_subject_full": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },
        "zeek.ssl.curve": { "type": "keyword" },
        "zeek.ssl.established": { "type": "keyword" },
        "zeek.ssl.issuer.C": { "type": "keyword" },
        "zeek.ssl.issuer.CN": { "type": "keyword" },
        "zeek.ssl.issuer.DC": { "type": "keyword" },
        "zeek.ssl.issuer.emailAddress": { "type": "keyword" },
        "zeek.ssl.issuer.GN": { "type": "keyword" },
        "zeek.ssl.issuer.initials": { "type": "keyword" },
        "zeek.ssl.issuer.L": { "type": "keyword" },
        "zeek.ssl.issuer.O": { "type": "keyword" },
        "zeek.ssl.issuer.OU": { "type": "keyword" },
        "zeek.ssl.issuer.pseudonym": { "type": "keyword" },
        "zeek.ssl.issuer.serialNumber": { "type": "keyword" },
        "zeek.ssl.issuer.SN": { "type": "keyword" },
        "zeek.ssl.issuer.ST": { "type": "keyword" },
        "zeek.ssl.issuer.title": { "type": "keyword" },
        "zeek.ssl.issuer_full": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },
        "zeek.ssl.ja3": { "type": "keyword" },
        "zeek.ssl.ja3s": { "type": "keyword" },
        "zeek.ssl.last_alert": { "type": "keyword" },
        "zeek.ssl.next_protocol": { "type": "keyword" },
        "zeek.ssl.resumed": { "type": "keyword" },
        "zeek.ssl.server_name": { "type": "keyword" },
        "zeek.ssl.sni_matches_cert": { "type": "keyword" },
        "zeek.ssl.ssl_history": { "type": "keyword" },
        "zeek.ssl.ssl_version": { "type": "keyword" },
        "zeek.ssl.subject.C": { "type": "keyword" },
        "zeek.ssl.subject.CN": { "type": "keyword" },
        "zeek.ssl.subject.description": { "type": "keyword" },
        "zeek.ssl.subject.emailAddress": { "type": "keyword" },
        "zeek.ssl.subject.GN": { "type": "keyword" },
        "zeek.ssl.subject.initials": { "type": "keyword" },
        "zeek.ssl.subject.L": { "type": "keyword" },
        "zeek.ssl.subject.O": { "type": "keyword" },
        "zeek.ssl.subject.OU": { "type": "keyword" },
        "zeek.ssl.subject.postalCode": { "type": "keyword" },
        "zeek.ssl.subject.pseudonym": { "type": "keyword" },
        "zeek.ssl.subject.serialNumber": { "type": "keyword" },
        "zeek.ssl.subject.SN": { "type": "keyword" },
        "zeek.ssl.subject.ST": { "type": "keyword" },
        "zeek.ssl.subject.street": { "type": "keyword" },
        "zeek.ssl.subject.title": { "type": "keyword" },
        "zeek.ssl.subject_full": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },
        "zeek.ssl.validation_status": { "type": "keyword" },
        "zeek.stun.attr_type": { "type": "keyword" },
        "zeek.stun.attr_val": { "type": "keyword", "ignore_above": 128, "fields": { "text": { "type": "text", "norms": false } } },
        "zeek.stun.class": { "type": "keyword" },
        "zeek.stun.is_orig": { "type": "keyword" },
        "zeek.stun.method": { "type": "keyword" },
        "zeek.stun.trans_id": { "type": "keyword" },
        "zeek.stun_nat.is_orig": { "type": "keyword" },
        "zeek.stun_nat.lan_addr": { "type": "keyword" },
        "zeek.stun_nat.wan_addr": { "type": "ip" },
        "zeek.stun_nat.wan_port": { "type": "integer" },
        "zeek.syslog.facility": { "type": "keyword" },
        "zeek.syslog.message": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },
        "zeek.syslog.severity": { "type": "keyword" },
        "zeek.tds.command": { "type": "keyword" },
        "zeek.tds_rpc.parameter": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text", "norms": false } } },
        "zeek.tds_rpc.parameters": { "type": "nested" },
        "zeek.tds_rpc.procedure_name": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },
        "zeek.tds_sql_batch.header_type": { "type": "keyword" },
        "zeek.tds_sql_batch.query": { "type": "keyword", "ignore_above": 16384, "fields": { "text": { "type": "text" } } },
        "zeek.tftp.block_acked": { "type": "integer" },
        "zeek.tftp.block_sent": { "type": "integer" },
        "zeek.tftp.error_code": { "type": "integer" },
        "zeek.tftp.error_msg": { "type": "keyword" },
        "zeek.tftp.fname": { "type": "keyword" },
        "zeek.tftp.mode": { "type": "keyword" },
        "zeek.tftp.size": { "type": "integer" },
        "zeek.tftp.uid_data": { "type": "keyword" },
        "zeek.tftp.wrq": { "type": "keyword" },
        "zeek.ts": { "type": "date" },
        "zeek.tunnel.action": { "type": "keyword" },
        "zeek.tunnel.tunnel_type": { "type": "keyword" },
        "zeek.uid": { "type": "keyword" },
        "zeek.weird.addl": { "type": "keyword", "ignore_above": 16384, "fields": { "text": { "type": "text", "norms": false } } },
        "zeek.weird.name": { "type": "keyword" },
        "zeek.weird.notice": { "type": "keyword" },
        "zeek.weird.peer": { "type": "keyword" },
        "zeek.wireguard.established": { "type": "keyword" },
        "zeek.wireguard.initiations": { "type": "integer" },
        "zeek.wireguard.receiver_index": { "type": "keyword" },
        "zeek.wireguard.responses": { "type": "integer" },
        "zeek.wireguard.sender_index": { "type": "keyword" },
        "zeek.x509.basic_constraints_ca": { "type": "keyword" },
        "zeek.x509.basic_constraints_path_len": { "type": "integer" },
        "zeek.x509.certificate_curve": { "type": "keyword" },
        "zeek.x509.certificate_exponent": { "type": "keyword" },
        "zeek.x509.certificate_issuer.C": { "type": "keyword" },
        "zeek.x509.certificate_issuer.CN": { "type": "keyword" },
        "zeek.x509.certificate_issuer.DC": { "type": "keyword" },
        "zeek.x509.certificate_issuer.emailAddress": { "type": "keyword" },
        "zeek.x509.certificate_issuer.GN": { "type": "keyword" },
        "zeek.x509.certificate_issuer.initials": { "type": "keyword" },
        "zeek.x509.certificate_issuer.L": { "type": "keyword" },
        "zeek.x509.certificate_issuer.O": { "type": "keyword" },
        "zeek.x509.certificate_issuer.OU": { "type": "keyword" },
        "zeek.x509.certificate_issuer.pseudonym": { "type": "keyword" },
        "zeek.x509.certificate_issuer.serialNumber": { "type": "keyword" },
        "zeek.x509.certificate_issuer.SN": { "type": "keyword" },
        "zeek.x509.certificate_issuer.ST": { "type": "keyword" },
        "zeek.x509.certificate_issuer.title": { "type": "keyword" },
        "zeek.x509.certificate_issuer_full": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },
        "zeek.x509.certificate_key_alg": { "type": "keyword" },
        "zeek.x509.certificate_key_length": { "type": "integer" },
        "zeek.x509.certificate_key_type": { "type": "keyword" },
        "zeek.x509.certificate_not_valid_after": { "type": "date" },
        "zeek.x509.certificate_not_valid_before": { "type": "date" },
        "zeek.x509.certificate_serial": { "type": "keyword" },
        "zeek.x509.certificate_sig_alg": { "type": "keyword" },
        "zeek.x509.certificate_subject.C": { "type": "keyword" },
        "zeek.x509.certificate_subject.CN": { "type": "keyword" },
        "zeek.x509.certificate_subject.DC": { "type": "keyword" },
        "zeek.x509.certificate_subject.description": { "type": "keyword" },
        "zeek.x509.certificate_subject.emailAddress": { "type": "keyword" },
        "zeek.x509.certificate_subject.GN": { "type": "keyword" },
        "zeek.x509.certificate_subject.initials": { "type": "keyword" },
        "zeek.x509.certificate_subject.L": { "type": "keyword" },
        "zeek.x509.certificate_subject.O": { "type": "keyword" },
        "zeek.x509.certificate_subject.OU": { "type": "keyword" },
        "zeek.x509.certificate_subject.postalCode": { "type": "keyword" },
        "zeek.x509.certificate_subject.pseudonym": { "type": "keyword" },
        "zeek.x509.certificate_subject.serialNumber": { "type": "keyword" },
        "zeek.x509.certificate_subject.SN": { "type": "keyword" },
        "zeek.x509.certificate_subject.ST": { "type": "keyword" },
        "zeek.x509.certificate_subject.street": { "type": "keyword" },
        "zeek.x509.certificate_subject.title": { "type": "keyword" },
        "zeek.x509.certificate_subject_full": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },
        "zeek.x509.certificate_version": { "type": "integer" },
        "zeek.x509.client_cert": { "type": "keyword" },
        "zeek.x509.fingerprint": { "type": "keyword" },
        "zeek.x509.host_cert": { "type": "keyword" },
        "zeek.x509.san_dns": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },
        "zeek.x509.san_email": { "type": "keyword" },
        "zeek.x509.san_ip": { "type": "ip" },
        "zeek.x509.san_uri": { "type": "keyword", "ignore_above": 16384, "fields": { "text": { "type": "text" } } }
      }
    }
  }
}