Here's the Elasticsearch template
{
"template": "mylogs*",
"settings":
{
"number_of_shards": 2,
"mapper":
{
"dynamic": "false"
}
},
"mappings":
{
"mytype":
{
"dynamic": "strict",
"properties":
{
"beat":
{
"type": "nested",
"properties":
{
"hostname": { "type": "keyword" },
"name": { "type": "keyword" }
}
},
"log_level" : { "type": "keyword" },
"logsource" : { "type": "keyword" },
"logtimestamp" : { "type": "date" },
"message":
{
"type": "text",
"fields" :
{
"raw": { "type": "keyword" }
}
},
"method" : { "type": "keyword" },
"source" : { "type": "text" }
}
}
}
}