我的书签
添加书签
移除书签Mappings APIs
The following APIs can be used for a number of tasks related to mappings, from creating to getting and updating mappings.
Get Mappings View
Example request
GET /_plugins/_security_analytics/mappings/view{"index_name": "windows","rule_topic": "windows"}
Example response
{"properties": {"windows-event_data-CommandLine": {"path": "CommandLine","type": "alias"},"event_uid": {"path": "EventID","type": "alias"}},"unmapped_index_fields": ["windows-event_data-CommandLine","unmapped_HiveName","src_ip","sha1","processPath","CallerProcessName","CallTrace","AuthenticationPackageName","AuditSourceName","AuditPolicyChanges","AttributeValue","AttributeLDAPDisplayName","ApplicationPath","Application","AllowedToDelegateTo","Address","Action","AccountType","AccountName","Accesses","AccessMask","AccessList"]}
Create Mappings
Example request
POST /_plugins/_security_analytics/mappings{"index_name": "windows","rule_topic": "windows","partial": true,"alias_mappings": {"properties": {"event_uid": {"type": "alias","path": "EventID"}}}}
Example response
{"acknowledged": true}
Get Mappings
Example request
GET /_plugins/_security_analytics/mappings
Example response
{"windows": {"mappings": {"properties": {"windows-event_data-CommandLine": {"type": "alias","path": "CommandLine"},"event_uid": {"type": "alias","path": "EventID"}}}}}
Update Mappings
Example request
PUT /_plugins/_security_analytics/mappings{"index_name": "windows","field": "CommandLine","alias": "windows-event_data-CommandLine"}
Example response
{"acknowledged": true}
当前内容版权归 OpenSearch 或其关联方所有,如需对内容或内容相关联开源项目进行关注与资助,请访问 OpenSearch .
