{
    "attributes": {
        "title": "events-*",
        "timeFieldName": "utctimestamp",
        "fields": [
           {
              "name":"_id",
              "type":"string",
              "count":0,
              "scripted":false,
              "searchable":true,
              "aggregatable":true,
              "readFromDocValues":false
           },
           {
              "name":"_index",
              "type":"string",
              "count":0,
              "scripted":false,
              "searchable":true,
              "aggregatable":true,
              "readFromDocValues":false
           },
           {
              "name":"_score",
              "type":"number",
              "count":0,
              "scripted":false,
              "searchable":false,
              "aggregatable":false,
              "readFromDocValues":false
           },
           {
              "name":"_source",
              "type":"_source",
              "count":0,
              "scripted":false,
              "searchable":false,
              "aggregatable":false,
              "readFromDocValues":false
           },
           {
              "name":"_type",
              "type":"string",
              "count":0,
              "scripted":false,
              "searchable":true,
              "aggregatable":true,
              "readFromDocValues":false
           },
           {
              "name":"category",
              "type":"string",
              "count":0,
              "scripted":false,
              "searchable":true,
              "aggregatable":true,
              "readFromDocValues":true
           },
           {
              "name":"hostname",
              "type":"string",
              "count":0,
              "scripted":false,
              "searchable":true,
              "aggregatable":true,
              "readFromDocValues":true
           },
           {
              "name":"mozdefhostname",
              "type":"string",
              "count":0,
              "scripted":false,
              "searchable":true,
              "aggregatable":true,
              "readFromDocValues":true
           },
           {
              "name":"processid",
              "type":"string",
              "count":0,
              "scripted":false,
              "searchable":true,
              "aggregatable":true,
              "readFromDocValues":true
           },
           {
              "name":"processname",
              "type":"string",
              "count":0,
              "scripted":false,
              "searchable":true,
              "aggregatable":true,
              "readFromDocValues":true
           },
           {
              "name":"receivedtimestamp",
              "type":"date",
              "count":0,
              "scripted":false,
              "searchable":true,
              "aggregatable":true,
              "readFromDocValues":true
           },
           {
              "name":"severity",
              "type":"string",
              "count":0,
              "scripted":false,
              "searchable":true,
              "aggregatable":true,
              "readFromDocValues":true
           },
           {
              "name":"source",
              "type":"string",
              "count":0,
              "scripted":false,
              "searchable":true,
              "aggregatable":true,
              "readFromDocValues":true
           },
           {
              "name":"summary",
              "type":"string",
              "count":0,
              "scripted":false,
              "searchable":true,
              "aggregatable":false,
              "readFromDocValues":false
           },
           {
              "name":"timestamp",
              "type":"date",
              "count":0,
              "scripted":false,
              "searchable":true,
              "aggregatable":true,
              "readFromDocValues":true
           },
           {
              "name":"type",
              "type":"string",
              "count":0,
              "scripted":false,
              "searchable":true,
              "aggregatable":true,
              "readFromDocValues":true
           },
           {
              "name":"utctimestamp",
              "type":"date",
              "count":0,
              "scripted":false,
              "searchable":true,
              "aggregatable":true,
              "readFromDocValues":true
           }
        ]
    }
}