...
{
"index": "bro",
"batchSize": 5,
"enrichment" : {
"fieldMap": {
"geo": ["ip_dst_addr", "ip_src_addr"],
"host": ["host"],"hbaseEnrichmentstellar" : [ "ip_src_addr" ] {
}, "fieldToTypeMapconfig" : {
"user" : "ENRICHMENT_GET('user', ip_src_addr, 'enrichment', 't')" : [ "user" ]
}
}
}
},
"threatIntel": {
"fieldMap": {
"hbaseThreatIntel": ["ip_src_addr", "ip_dst_addr"]
},
"fieldToTypeMap": {
"ip_src_addr" : ["malicious_ip"],
"ip_dst_addr" : ["malicious_ip"]
}
}
}
...