artifacts

docs/field-details.asciidoc

@@ -1773,7 +1773,7 @@ example: `apache`
 
 This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. If users wish to override this and index this field, consider using the wildcard data type.
 
-type: wildcard
+type: keyword
 
 
 

generated/beats/fields.ecs.yml

@@ -1330,7 +1330,8 @@
       example: apache
     - name: original
       level: core
-      type: wildcard
+      type: keyword
+      ignore_above: 1024
       description: 'Raw text message of entire event. Used to demonstrate log integrity.
 
         This field is not indexed and doc_values are disabled. It cannot be searched,

generated/csv/fields.csv

@@ -150,7 +150,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
 2.0.0-dev,true,event,event.ingested,date,core,,2016-05-23T08:05:35.101Z,Timestamp when an event arrived in the central data store.
 2.0.0-dev,true,event,event.kind,keyword,core,,alert,The kind of the event. The highest categorization field in the hierarchy.
 2.0.0-dev,true,event,event.module,keyword,core,,apache,Name of the module this data is coming from.
-2.0.0-dev,false,event,event.original,wildcard,core,,Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232,Raw text message of entire event.
+2.0.0-dev,false,event,event.original,keyword,core,,Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232,Raw text message of entire event.
 2.0.0-dev,true,event,event.outcome,keyword,core,,success,The outcome of the event. The lowest level categorization field in the hierarchy.
 2.0.0-dev,true,event,event.provider,keyword,extended,,kernel,Source of the event.
 2.0.0-dev,true,event,event.reason,keyword,extended,,Terminated an unexpected process,"Reason why this event happened, according to the source"

generated/ecs/ecs_flat.yml

@@ -2059,12 +2059,13 @@ event.original:
   example: Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100|
     worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232
   flat_name: event.original
+  ignore_above: 1024
   index: false
   level: core
   name: original
   normalize: []
   short: Raw text message of entire event.
-  type: wildcard
+  type: keyword
 event.outcome:
   allowed_values:
   - description: Indicates that this event describes a failed result. A common example

generated/ecs/ecs_nested.yml

@@ -2457,12 +2457,13 @@ event:
       example: Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100|
         worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232
       flat_name: event.original
+      ignore_above: 1024
       index: false
       level: core
       name: original
       normalize: []
       short: Raw text message of entire event.
-      type: wildcard
+      type: keyword
     event.outcome:
       allowed_values:
       - description: Indicates that this event describes a failed result. A common

generated/elasticsearch/6/template.json

@@ -710,8 +710,9 @@
             },
             "original": {
               "doc_values": false,
+              "ignore_above": 1024,
               "index": false,
-              "type": "wildcard"
+              "type": "keyword"
             },
             "outcome": {
               "ignore_above": 1024,

generated/elasticsearch/7/template.json

@@ -709,8 +709,9 @@
           },
           "original": {
             "doc_values": false,
+            "ignore_above": 1024,
             "index": false,
-            "type": "wildcard"
+            "type": "keyword"
           },
           "outcome": {
             "ignore_above": 1024,