metron-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rmerri...@apache.org
Subject [1/2] metron git commit: METRON-1464 Convert schemas to be compatible with Solr 5.5.2 (merrimanr) closes apache/metron#945
Date Thu, 08 Mar 2018 17:53:19 GMT
Repository: metron
Updated Branches:
  refs/heads/feature/METRON-1416-upgrade-solr 84cac7e85 -> a7a41a55a


http://git-wip-us.apache.org/repos/asf/metron/blob/a7a41a55/metron-platform/metron-solr/src/main/config/schema/metaalert/managed-schema
----------------------------------------------------------------------
diff --git a/metron-platform/metron-solr/src/main/config/schema/metaalert/managed-schema b/metron-platform/metron-solr/src/main/config/schema/metaalert/managed-schema
deleted file mode 100644
index 2138a92..0000000
--- a/metron-platform/metron-solr/src/main/config/schema/metaalert/managed-schema
+++ /dev/null
@@ -1,41 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements.  See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License.  You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<schema name="metaalert_doc" version="1.6">
-  <field name="_version_" type="plong" indexed="false" stored="false"/>
-  <field name="_root_" type="string" indexed="true" stored="false" docValues="false" />
-  <field name="guid" type="string" indexed="true" stored="true" required="true" multiValued="false"
/>
-  <field name="score" type="string" indexed="true" stored="true" />
-  <field name="status" type="string" indexed="true" stored="true" />
-  <field name="timestamp" type="timestamp" indexed="true" stored="true" />
-  <field name="source.type" type="string" indexed="true" stored="true" />
-  <dynamicField name="alert.*" type="string" multiValued="false" docValues="true"/>
-  <dynamicField name="*score" type="pfloat" multiValued="false" docValues="true"/>
-  <dynamicField name="*" type="ignored" multiValued="false" docValues="true"/>
-  <uniqueKey>guid</uniqueKey>
-  <fieldType name="string" stored="true" indexed="true" multiValued="false" class="solr.StrField"
sortMissingLast="true" docValues="false"/>
-  <fieldType name="boolean" stored="true" indexed="true" multiValued="false" class="solr.BoolField"
sortMissingLast="true" docValues="false"/>
-  <fieldType name="pint" stored="true" indexed="true" multiValued="false" class="solr.IntPointField"
sortMissingLast="false" docValues="true"/>
-  <fieldType name="pfloat" stored="true" indexed="true" multiValued="false" class="solr.FloatPointField"
sortMissingLast="false" docValues="true"/>
-  <fieldType name="plong" stored="true" indexed="true" multiValued="false" class="solr.LongPointField"
sortMissingLast="false" docValues="true"/>
-  <fieldType name="pdouble" stored="true" indexed="true" multiValued="false" class="solr.DoublePointField"
sortMissingLast="false" docValues="true"/>
-  <fieldType name="bytes" stored="true" indexed="true" multiValued="false" class="solr.BinaryField"
sortMissingLast="false" docValues="true"/>
-  <fieldType name="location" stored="true" indexed="true" multiValued="false" class="solr.LatLonPointSpatialField"
sortMissingLast="false" docValues="true"/>
-  <fieldType name="ip" stored="true" indexed="true" multiValued="false" class="solr.StrField"
sortMissingLast="true" docValues="false"/>
-  <fieldType name="timestamp" stored="true" indexed="true" multiValued="false" class="solr.LongPointField"
sortMissingLast="false" docValues="true"/>
-  <fieldType name="ignored" stored="true" indexed="true" multiValued="true" class="solr.StrField"
sortMissingLast="false" docValues="false"/>
-</schema>

http://git-wip-us.apache.org/repos/asf/metron/blob/a7a41a55/metron-platform/metron-solr/src/main/config/schema/metaalert/schema.xml
----------------------------------------------------------------------
diff --git a/metron-platform/metron-solr/src/main/config/schema/metaalert/schema.xml b/metron-platform/metron-solr/src/main/config/schema/metaalert/schema.xml
new file mode 100644
index 0000000..e36c71e
--- /dev/null
+++ b/metron-platform/metron-solr/src/main/config/schema/metaalert/schema.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements.  See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<schema name="metaalert_doc" version="1.6">
+  <field name="_version_" type="plong" indexed="true" stored="true"/>
+  <field name="_root_" type="string" indexed="true" stored="false" docValues="false" />
+  <field name="guid" type="string" indexed="true" stored="true" required="true" multiValued="false"
/>
+  <field name="score" type="string" indexed="true" stored="true" />
+  <field name="status" type="string" indexed="true" stored="true" />
+  <field name="timestamp" type="timestamp" indexed="true" stored="true" />
+  <field name="source.type" type="string" indexed="true" stored="true" />
+  <dynamicField name="alert.*" type="string" multiValued="false" docValues="true"/>
+  <dynamicField name="*score" type="pfloat" multiValued="false" docValues="true"/>
+  <dynamicField name="*" type="ignored" multiValued="false" docValues="true"/>
+  <uniqueKey>guid</uniqueKey>
+  <fieldType name="string" stored="true" indexed="true" multiValued="false" class="solr.StrField"
sortMissingLast="true" docValues="false"/>
+  <fieldType name="boolean" stored="true" indexed="true" multiValued="false" class="solr.BoolField"
sortMissingLast="true" docValues="false"/>
+  <fieldType name="pint" stored="true" indexed="true" multiValued="false" class="solr.TrieIntField"
sortMissingLast="false" docValues="true"/>
+  <fieldType name="pfloat" stored="true" indexed="true" multiValued="false" class="solr.TrieFloatField"
sortMissingLast="false" docValues="true"/>
+  <fieldType name="plong" stored="true" indexed="true" multiValued="false" class="solr.TrieLongField"
sortMissingLast="false" docValues="true"/>
+  <fieldType name="pdouble" stored="true" indexed="true" multiValued="false" class="solr.TrieDoubleField"
sortMissingLast="false" docValues="true"/>
+  <fieldType name="bytes" stored="true" indexed="true" multiValued="false" class="solr.BinaryField"
sortMissingLast="false" docValues="true"/>
+  <fieldType name="location" class="solr.LatLonType" subFieldSuffix="_coordinate"/>
+  <fieldType name="ip" stored="true" indexed="true" multiValued="false" class="solr.StrField"
sortMissingLast="true" docValues="false"/>
+  <fieldType name="timestamp" stored="true" indexed="true" multiValued="false" class="solr.TrieLongField"
sortMissingLast="false" docValues="true"/>
+  <fieldType name="ignored" stored="true" indexed="true" multiValued="true" class="solr.StrField"
sortMissingLast="false" docValues="false"/>
+</schema>

http://git-wip-us.apache.org/repos/asf/metron/blob/a7a41a55/metron-platform/metron-solr/src/main/config/schema/snort/managed-schema
----------------------------------------------------------------------
diff --git a/metron-platform/metron-solr/src/main/config/schema/snort/managed-schema b/metron-platform/metron-solr/src/main/config/schema/snort/managed-schema
deleted file mode 100644
index 2cdf3ab..0000000
--- a/metron-platform/metron-solr/src/main/config/schema/snort/managed-schema
+++ /dev/null
@@ -1,86 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements.  See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License.  You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<schema name="snort_doc" version="1.6">
-  <field name="_version_" type="plong" indexed="false" stored="false"/>
-  <field name="_root_" type="string" indexed="true" stored="false" docValues="false" />
-
-  <!-- Metron specific fields -->
-  <field name="timestamp" type="timestamp" indexed="true" stored="true" />
-  <field name="source.type" type="string" indexed="true" stored="true" />
-  <field name="guid" type="string" indexed="true" stored="true" required="true" multiValued="false"
/>
-  <uniqueKey>guid</uniqueKey>
-
-  <!-- Source/Destination information -->
-  <field name="ip_dst_addr" type="ip" indexed="true" stored="true" />
-  <field name="ip_dst_port" type="pint" indexed="true" stored="true" />
-  <field name="ip_src_addr" type="ip" indexed="true" stored="true" />
-  <field name="ip_src_port" type="pint" indexed="true" stored="true" />
-
-  <!-- Snort specific fields -->
-  <field name="dgmlen" type="pint" indexed="true" stored="true" />
-  <field name="ethdst" type="string" indexed="true" stored="true" />
-  <field name="ethlen" type="string" indexed="true" stored="true" />
-  <field name="ethsrc" type="string" indexed="true" stored="true" />
-  <field name="id" type="pint" indexed="true" stored="true" />
-  <field name="iplen" type="pint" indexed="true" stored="true" />
-  <field name="msg" type="string" indexed="true" stored="true" />
-  <field name="protocol" type="string" indexed="true" stored="true" />
-  <field name="sig_generator" type="string" indexed="true" stored="true" />
-  <field name="sig_id" type="pint" indexed="true" stored="true" />
-  <field name="sig_rev" type="string" indexed="true" stored="true" />
-  <field name="tcpack" type="string" indexed="true" stored="true" />
-  <field name="tcpflags" type="string" indexed="true" stored="true" />
-  <field name="tcpseq" type="string" indexed="true" stored="true" />
-  <field name="tcpwindow" type="string" indexed="true" stored="true" />
-  <field name="tos" type="pint" indexed="true" stored="true" />
-  <field name="ttl" type="pint" indexed="true" stored="true" />
-
-  <!-- Geo Enrichment Fields -->
-  <dynamicField name="*.location_point" type="location" multiValued="false" docValues="true"/>
-  <dynamicField name="*.country" type="string" multiValued="false" docValues="true"/>
-  <dynamicField name="*.city" type="string" multiValued="false" docValues="true"/>
-  <dynamicField name="*.locID" type="string" multiValued="false" docValues="true"/>
-  <dynamicField name="*.dmaCode" type="string" multiValued="false" docValues="true"/>
-  <dynamicField name="*.postalCode" type="string" multiValued="false" docValues="true"/>
-  <dynamicField name="*.latitude" type="pfloat" multiValued="false" docValues="true"/>
-  <dynamicField name="*.longitude" type="pfloat" multiValued="false" docValues="true"/>
-
-  <!-- Performance Debugging Fields -->
-  <dynamicField name="*.ts" type="timestamp" multiValued="false" docValues="true"/>
-
-  <!-- Threat Intel Scoring Fields -->
-  <field name="is_alert" type="boolean" indexed="true" stored="true" />
-  <dynamicField name="*score" type="pfloat" multiValued="false" docValues="true"/>
-  <dynamicField name="*.reason" type="string" multiValued="false" docValues="true"/>
-  <dynamicField name="*.name" type="string" multiValued="false" docValues="true"/>
-
-  <!-- Catch all, if we don't know about it, it gets dropped. -->
-  <dynamicField name="*" type="ignored" multiValued="false" docValues="true"/>
-
-  <!-- Type Definitions -->
-  <fieldType name="string" stored="true" indexed="true" multiValued="false" class="solr.StrField"
sortMissingLast="true" docValues="false"/>
-  <fieldType name="boolean" stored="true" indexed="true" multiValued="false" class="solr.BoolField"
sortMissingLast="true" docValues="false"/>
-  <fieldType name="pint" stored="true" indexed="true" multiValued="false" class="solr.IntPointField"
sortMissingLast="false" docValues="true"/>
-  <fieldType name="pfloat" stored="true" indexed="true" multiValued="false" class="solr.FloatPointField"
sortMissingLast="false" docValues="true"/>
-  <fieldType name="plong" stored="true" indexed="true" multiValued="false" class="solr.LongPointField"
sortMissingLast="false" docValues="true"/>
-  <fieldType name="pdouble" stored="true" indexed="true" multiValued="false" class="solr.DoublePointField"
sortMissingLast="false" docValues="true"/>
-  <fieldType name="location" stored="true" indexed="true" multiValued="false" class="solr.LatLonPointSpatialField"
sortMissingLast="false" docValues="true"/>
-  <fieldType name="ip" stored="true" indexed="true" multiValued="false" class="solr.StrField"
sortMissingLast="true" docValues="false"/>
-  <fieldType name="timestamp" stored="true" indexed="true" multiValued="false" class="solr.LongPointField"
sortMissingLast="false" docValues="true"/>
-  <fieldType name="ignored" stored="true" indexed="true" multiValued="true" class="solr.StrField"
sortMissingLast="false" docValues="false"/>
-</schema>

http://git-wip-us.apache.org/repos/asf/metron/blob/a7a41a55/metron-platform/metron-solr/src/main/config/schema/snort/schema.xml
----------------------------------------------------------------------
diff --git a/metron-platform/metron-solr/src/main/config/schema/snort/schema.xml b/metron-platform/metron-solr/src/main/config/schema/snort/schema.xml
new file mode 100644
index 0000000..ae13b8d
--- /dev/null
+++ b/metron-platform/metron-solr/src/main/config/schema/snort/schema.xml
@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements.  See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<schema name="snort_doc" version="1.6">
+  <field name="_version_" type="plong" indexed="true" stored="true"/>
+  <field name="_root_" type="string" indexed="true" stored="false" docValues="false" />
+
+  <!-- Metron specific fields -->
+  <field name="timestamp" type="timestamp" indexed="true" stored="true" />
+  <field name="source.type" type="string" indexed="true" stored="true" />
+  <field name="guid" type="string" indexed="true" stored="true" required="true" multiValued="false"
/>
+  <uniqueKey>guid</uniqueKey>
+
+  <!-- Source/Destination information -->
+  <field name="ip_dst_addr" type="ip" indexed="true" stored="true" />
+  <field name="ip_dst_port" type="pint" indexed="true" stored="true" />
+  <field name="ip_src_addr" type="ip" indexed="true" stored="true" />
+  <field name="ip_src_port" type="pint" indexed="true" stored="true" />
+
+  <!-- Snort specific fields -->
+  <field name="dgmlen" type="pint" indexed="true" stored="true" />
+  <field name="ethdst" type="string" indexed="true" stored="true" />
+  <field name="ethlen" type="string" indexed="true" stored="true" />
+  <field name="ethsrc" type="string" indexed="true" stored="true" />
+  <field name="id" type="pint" indexed="true" stored="true" />
+  <field name="iplen" type="pint" indexed="true" stored="true" />
+  <field name="msg" type="string" indexed="true" stored="true" />
+  <field name="protocol" type="string" indexed="true" stored="true" />
+  <field name="sig_generator" type="string" indexed="true" stored="true" />
+  <field name="sig_id" type="pint" indexed="true" stored="true" />
+  <field name="sig_rev" type="string" indexed="true" stored="true" />
+  <field name="tcpack" type="string" indexed="true" stored="true" />
+  <field name="tcpflags" type="string" indexed="true" stored="true" />
+  <field name="tcpseq" type="string" indexed="true" stored="true" />
+  <field name="tcpwindow" type="string" indexed="true" stored="true" />
+  <field name="tos" type="pint" indexed="true" stored="true" />
+  <field name="ttl" type="pint" indexed="true" stored="true" />
+
+  <!-- Geo Enrichment Fields -->
+  <dynamicField name="*.location_point" type="location" multiValued="false" docValues="false"/>
+  <dynamicField name="*.country" type="string" multiValued="false" docValues="true"/>
+  <dynamicField name="*.city" type="string" multiValued="false" docValues="true"/>
+  <dynamicField name="*.locID" type="string" multiValued="false" docValues="true"/>
+  <dynamicField name="*.dmaCode" type="string" multiValued="false" docValues="true"/>
+  <dynamicField name="*.postalCode" type="string" multiValued="false" docValues="true"/>
+  <dynamicField name="*.latitude" type="pfloat" multiValued="false" docValues="true"/>
+  <dynamicField name="*.longitude" type="pfloat" multiValued="false" docValues="true"/>
+
+  <!-- Performance Debugging Fields -->
+  <dynamicField name="*.ts" type="timestamp" multiValued="false" docValues="true"/>
+
+  <!-- Threat Intel Scoring Fields -->
+  <field name="is_alert" type="boolean" indexed="true" stored="true" />
+  <dynamicField name="*score" type="pfloat" multiValued="false" docValues="true"/>
+  <dynamicField name="*.reason" type="string" multiValued="false" docValues="true"/>
+  <dynamicField name="*.name" type="string" multiValued="false" docValues="true"/>
+
+  <!-- Catch all, if we don't know about it, it gets dropped. -->
+  <dynamicField name="*" type="ignored" multiValued="false" docValues="true"/>
+
+  <!-- Type Definitions -->
+  <fieldType name="string" stored="true" indexed="true" multiValued="false" class="solr.StrField"
sortMissingLast="true" docValues="false"/>
+  <fieldType name="boolean" stored="true" indexed="true" multiValued="false" class="solr.BoolField"
sortMissingLast="true" docValues="false"/>
+  <fieldType name="pint" stored="true" indexed="true" multiValued="false" class="solr.TrieIntField"
sortMissingLast="false" docValues="true"/>
+  <fieldType name="pfloat" stored="true" indexed="true" multiValued="false" class="solr.TrieFloatField"
sortMissingLast="false" docValues="true"/>
+  <fieldType name="plong" stored="true" indexed="true" multiValued="false" class="solr.TrieLongField"
sortMissingLast="false" docValues="true"/>
+  <fieldType name="pdouble" stored="true" indexed="true" multiValued="false" class="solr.TrieDoubleField"
sortMissingLast="false" docValues="true"/>
+  <fieldType name="location" class="solr.LatLonType" subFieldSuffix="_coordinate"/>
+  <fieldType name="ip" stored="true" indexed="true" multiValued="false" class="solr.StrField"
sortMissingLast="true" docValues="false"/>
+  <fieldType name="timestamp" stored="true" indexed="true" multiValued="false" class="solr.TrieLongField"
sortMissingLast="false" docValues="true"/>
+  <fieldType name="ignored" stored="true" indexed="true" multiValued="true" class="solr.StrField"
sortMissingLast="false" docValues="false"/>
+</schema>

http://git-wip-us.apache.org/repos/asf/metron/blob/a7a41a55/metron-platform/metron-solr/src/main/config/schema/yaf/managed-schema
----------------------------------------------------------------------
diff --git a/metron-platform/metron-solr/src/main/config/schema/yaf/managed-schema b/metron-platform/metron-solr/src/main/config/schema/yaf/managed-schema
deleted file mode 100644
index edf80da..0000000
--- a/metron-platform/metron-solr/src/main/config/schema/yaf/managed-schema
+++ /dev/null
@@ -1,92 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements.  See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License.  You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<schema name="yaf_doc" version="1.6">
-  <field name="_version_" type="plong" indexed="false" stored="false"/>
-  <field name="_root_" type="string" indexed="true" stored="false" docValues="false" />
-
-  <!-- Metron specific fields -->
-  <field name="timestamp" type="timestamp" indexed="true" stored="true" />
-  <field name="source.type" type="string" indexed="true" stored="true" />
-  <field name="guid" type="string" indexed="true" stored="true" required="true" multiValued="false"
/>
-  <uniqueKey>guid</uniqueKey>
-
-  <!-- Source/Destination information -->
-  <field name="ip_dst_addr" type="ip" indexed="true" stored="true" />
-  <field name="ip_dst_port" type="pint" indexed="true" stored="true" />
-  <field name="ip_src_addr" type="ip" indexed="true" stored="true" />
-  <field name="ip_src_port" type="pint" indexed="true" stored="true" />
-
-  <!-- Yaf specific fields -->
-  <field name="start_time" type="timestamp" indexed="true" stored="true" />
-  <field name="end_time" type="timestamp" indexed="true" stored="true" />
-  <field name="duration" type="pdouble" indexed="true" stored="true" />
-  <field name="rtt" type="pdouble" indexed="true" stored="true" />
-  <field name="proto" type="string" indexed="true" stored="true" />
-  <field name="sip" type="string" indexed="true" stored="true" />
-  <field name="sp" type="string" indexed="true" stored="true" />
-  <field name="dip" type="string" indexed="true" stored="true" />
-  <field name="dp" type="string" indexed="true" stored="true" />
-  <field name="iflags" type="string" indexed="true" stored="true" />
-  <field name="uflags" type="string" indexed="true" stored="true" />
-  <field name="riflags" type="string" indexed="true" stored="true" />
-  <field name="ruflags" type="string" indexed="true" stored="true" />
-  <field name="isn" type="string" indexed="true" stored="true" />
-  <field name="risn" type="string" indexed="true" stored="true" />
-  <field name="tag" type="string" indexed="true" stored="true" />
-  <field name="rtag" type="string" indexed="true" stored="true" />
-  <field name="pkt" type="pint" indexed="true" stored="true" />
-  <field name="oct" type="pint" indexed="true" stored="true" />
-  <field name="rpkt" type="pint" indexed="true" stored="true" />
-  <field name="roct" type="pint" indexed="true" stored="true" />
-  <field name="app" type="string" indexed="true" stored="true" />
-  <field name="end-reason" type="string" indexed="true" stored="true" />
-
-  <!-- Geo Enrichment Fields -->
-  <dynamicField name="*.location_point" type="location" multiValued="false" docValues="true"/>
-  <dynamicField name="*.country" type="string" multiValued="false" docValues="true"/>
-  <dynamicField name="*.city" type="string" multiValued="false" docValues="true"/>
-  <dynamicField name="*.locID" type="string" multiValued="false" docValues="true"/>
-  <dynamicField name="*.dmaCode" type="string" multiValued="false" docValues="true"/>
-  <dynamicField name="*.postalCode" type="string" multiValued="false" docValues="true"/>
-  <dynamicField name="*.latitude" type="pfloat" multiValued="false" docValues="true"/>
-  <dynamicField name="*.longitude" type="pfloat" multiValued="false" docValues="true"/>
-
-  <!-- Performance Debugging Fields -->
-  <dynamicField name="*.ts" type="timestamp" multiValued="false" docValues="true"/>
-
-  <!-- Threat Intel Scoring Fields -->
-  <field name="is_alert" type="boolean" indexed="true" stored="true" />
-  <dynamicField name="*score" type="pfloat" multiValued="false" docValues="true"/>
-  <dynamicField name="*.reason" type="string" multiValued="false" docValues="true"/>
-  <dynamicField name="*.name" type="string" multiValued="false" docValues="true"/>
-
-  <!-- Catch all, if we don't know about it, it gets dropped. -->
-  <dynamicField name="*" type="ignored" multiValued="false" docValues="true"/>
-
-  <!-- Type Definitions -->
-  <fieldType name="string" stored="true" indexed="true" multiValued="false" class="solr.StrField"
sortMissingLast="true" docValues="false"/>
-  <fieldType name="boolean" stored="true" indexed="true" multiValued="false" class="solr.BoolField"
sortMissingLast="true" docValues="false"/>
-  <fieldType name="pint" stored="true" indexed="true" multiValued="false" class="solr.IntPointField"
sortMissingLast="false" docValues="true"/>
-  <fieldType name="pfloat" stored="true" indexed="true" multiValued="false" class="solr.FloatPointField"
sortMissingLast="false" docValues="true"/>
-  <fieldType name="plong" stored="true" indexed="true" multiValued="false" class="solr.LongPointField"
sortMissingLast="false" docValues="true"/>
-  <fieldType name="pdouble" stored="true" indexed="true" multiValued="false" class="solr.DoublePointField"
sortMissingLast="false" docValues="true"/>
-  <fieldType name="location" stored="true" indexed="true" multiValued="false" class="solr.LatLonPointSpatialField"
sortMissingLast="false" docValues="true"/>
-  <fieldType name="ip" stored="true" indexed="true" multiValued="false" class="solr.StrField"
sortMissingLast="true" docValues="false"/>
-  <fieldType name="timestamp" stored="true" indexed="true" multiValued="false" class="solr.LongPointField"
sortMissingLast="false" docValues="true"/>
-  <fieldType name="ignored" stored="true" indexed="true" multiValued="true" class="solr.StrField"
sortMissingLast="false" docValues="false"/>
-</schema>

http://git-wip-us.apache.org/repos/asf/metron/blob/a7a41a55/metron-platform/metron-solr/src/main/config/schema/yaf/schema.xml
----------------------------------------------------------------------
diff --git a/metron-platform/metron-solr/src/main/config/schema/yaf/schema.xml b/metron-platform/metron-solr/src/main/config/schema/yaf/schema.xml
new file mode 100644
index 0000000..edccd9d
--- /dev/null
+++ b/metron-platform/metron-solr/src/main/config/schema/yaf/schema.xml
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements.  See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<schema name="yaf_doc" version="1.6">
+  <field name="_version_" type="plong" indexed="true" stored="true"/>
+  <field name="_root_" type="string" indexed="true" stored="false" docValues="false" />
+
+  <!-- Metron specific fields -->
+  <field name="timestamp" type="timestamp" indexed="true" stored="true" />
+  <field name="source.type" type="string" indexed="true" stored="true" />
+  <field name="guid" type="string" indexed="true" stored="true" required="true" multiValued="false"
/>
+  <uniqueKey>guid</uniqueKey>
+
+  <!-- Source/Destination information -->
+  <field name="ip_dst_addr" type="ip" indexed="true" stored="true" />
+  <field name="ip_dst_port" type="pint" indexed="true" stored="true" />
+  <field name="ip_src_addr" type="ip" indexed="true" stored="true" />
+  <field name="ip_src_port" type="pint" indexed="true" stored="true" />
+
+  <!-- Yaf specific fields -->
+  <field name="start_time" type="timestamp" indexed="true" stored="true" />
+  <field name="end_time" type="timestamp" indexed="true" stored="true" />
+  <field name="duration" type="pdouble" indexed="true" stored="true" />
+  <field name="rtt" type="pdouble" indexed="true" stored="true" />
+  <field name="proto" type="string" indexed="true" stored="true" />
+  <field name="sip" type="string" indexed="true" stored="true" />
+  <field name="sp" type="string" indexed="true" stored="true" />
+  <field name="dip" type="string" indexed="true" stored="true" />
+  <field name="dp" type="string" indexed="true" stored="true" />
+  <field name="iflags" type="string" indexed="true" stored="true" />
+  <field name="uflags" type="string" indexed="true" stored="true" />
+  <field name="riflags" type="string" indexed="true" stored="true" />
+  <field name="ruflags" type="string" indexed="true" stored="true" />
+  <field name="isn" type="string" indexed="true" stored="true" />
+  <field name="risn" type="string" indexed="true" stored="true" />
+  <field name="tag" type="string" indexed="true" stored="true" />
+  <field name="rtag" type="string" indexed="true" stored="true" />
+  <field name="pkt" type="pint" indexed="true" stored="true" />
+  <field name="oct" type="pint" indexed="true" stored="true" />
+  <field name="rpkt" type="pint" indexed="true" stored="true" />
+  <field name="roct" type="pint" indexed="true" stored="true" />
+  <field name="app" type="string" indexed="true" stored="true" />
+  <field name="end-reason" type="string" indexed="true" stored="true" />
+
+  <!-- Geo Enrichment Fields -->
+  <dynamicField name="*.location_point" type="location" multiValued="false" docValues="false"/>
+  <dynamicField name="*.country" type="string" multiValued="false" docValues="true"/>
+  <dynamicField name="*.city" type="string" multiValued="false" docValues="true"/>
+  <dynamicField name="*.locID" type="string" multiValued="false" docValues="true"/>
+  <dynamicField name="*.dmaCode" type="string" multiValued="false" docValues="true"/>
+  <dynamicField name="*.postalCode" type="string" multiValued="false" docValues="true"/>
+  <dynamicField name="*.latitude" type="pfloat" multiValued="false" docValues="true"/>
+  <dynamicField name="*.longitude" type="pfloat" multiValued="false" docValues="true"/>
+
+  <!-- Performance Debugging Fields -->
+  <dynamicField name="*.ts" type="timestamp" multiValued="false" docValues="true"/>
+
+  <!-- Threat Intel Scoring Fields -->
+  <field name="is_alert" type="boolean" indexed="true" stored="true" />
+  <dynamicField name="*score" type="pfloat" multiValued="false" docValues="true"/>
+  <dynamicField name="*.reason" type="string" multiValued="false" docValues="true"/>
+  <dynamicField name="*.name" type="string" multiValued="false" docValues="true"/>
+
+  <!-- Catch all, if we don't know about it, it gets dropped. -->
+  <dynamicField name="*" type="ignored" multiValued="false" docValues="true"/>
+
+  <!-- Type Definitions -->
+  <fieldType name="string" stored="true" indexed="true" multiValued="false" class="solr.StrField"
sortMissingLast="true" docValues="false"/>
+  <fieldType name="boolean" stored="true" indexed="true" multiValued="false" class="solr.BoolField"
sortMissingLast="true" docValues="false"/>
+  <fieldType name="pint" stored="true" indexed="true" multiValued="false" class="solr.TrieIntField"
sortMissingLast="false" docValues="true"/>
+  <fieldType name="pfloat" stored="true" indexed="true" multiValued="false" class="solr.TrieFloatField"
sortMissingLast="false" docValues="true"/>
+  <fieldType name="plong" stored="true" indexed="true" multiValued="false" class="solr.TrieLongField"
sortMissingLast="false" docValues="true"/>
+  <fieldType name="pdouble" stored="true" indexed="true" multiValued="false" class="solr.TrieDoubleField"
sortMissingLast="false" docValues="true"/>
+  <fieldType name="location" class="solr.LatLonType" subFieldSuffix="_coordinate"/>
+  <fieldType name="ip" stored="true" indexed="true" multiValued="false" class="solr.StrField"
sortMissingLast="true" docValues="false"/>
+  <fieldType name="timestamp" stored="true" indexed="true" multiValued="false" class="solr.TrieLongField"
sortMissingLast="false" docValues="true"/>
+  <fieldType name="ignored" stored="true" indexed="true" multiValued="true" class="solr.StrField"
sortMissingLast="false" docValues="false"/>
+</schema>


Mime
View raw message