{
    "properties" : {
        "bytes_written_string" : {
            "type" : "keyword"
        },
        "bytes_written_string_list" : {
            "type" : "keyword"
        },
        "command_line" : {
            "type" : "keyword"
        },
        "event" : {
            "properties" : {
                "category" : {
                    "type" : "keyword"
                }
            }
        },
        "md5" : {
            "type" : "keyword"
        },
        "parent_process_name": {
            "type" : "keyword"
        },
        "parent_process_path": {
            "type" : "keyword"
        },
        "pid" : {
            "type" : "long"
        },
        "ppid" : {
            "type" : "long"
        },
        "process_name": {
            "type" : "keyword"
        },
        "process_path": {
            "type" : "keyword"
        },
        "subtype" : {
            "type" : "keyword"
        },
        "@timestamp" : {
            "type" : "date"
        },
        "user" : {
            "type" : "keyword"
        },
        "user_name" : {
            "type" : "keyword"
        },
        "user_domain": {
            "type" : "keyword"
        },
        "hostname" : {
            "type" : "text",
            "fields" : {
                "keyword" : {
                    "type" : "wildcard",
                    "ignore_above" : 256
                }
            }
        },
        "opcode" : {
            "type" : "long"
        },
        "file_name" : {
            "type" : "text",
            "fields" : {
                "keyword" : {
                    "type" : "keyword",
                    "ignore_above" : 256
                }
            }
        },
        "serial_event_id" : {
            "type" : "long"
        },
        "source_address" : {
            "type" : "ip"
        },
        "exit_code" : {
            "type" : "long"
        },
        "plain_text" : {
            "type" : "text"
        },
        "constant_keyword" : {
            "type" : "constant_keyword"
        },
        "bool" : {
            "type" : "boolean"
        },
        "version" : {
            "type" : "version"
        }
    }
}