From 9624d76bb915ba4fd579617e4c29583745820ae9 Mon Sep 17 00:00:00 2001
From: Mathieu Martin <mathieu.martin@elastic.co>
Date: Wed, 25 Nov 2020 16:26:18 -0500
Subject: [PATCH 01/27] Small bugfix when no --include (not even [])

---
 scripts/generator.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/generator.py b/scripts/generator.py
index 7e009d5fa..4e9e4181b 100644
--- a/scripts/generator.py
+++ b/scripts/generator.py
@@ -41,7 +41,7 @@ def main():
     # ecs_helpers.yaml_dump('ecs.yml', fields)
 
     # Detect usage of experimental changes to tweak artifact version label
-    if loader.EXPERIMENTAL_SCHEMA_DIR in args.include:
+    if args.include and loader.EXPERIMENTAL_SCHEMA_DIR in args.include:
         ecs_version += "+exp"
 
     fields = loader.load_schemas(ref=args.ref, included_files=args.include)

From 9c342f958775624f802f6111daef21d5386212f3 Mon Sep 17 00:00:00 2001
From: Mathieu Martin <mathieu.martin@elastic.co>
Date: Thu, 26 Nov 2020 09:44:04 -0500
Subject: [PATCH 02/27] Sort the imports

---
 scripts/generators/es_template.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scripts/generators/es_template.py b/scripts/generators/es_template.py
index 086d5246b..724e92564 100644
--- a/scripts/generators/es_template.py
+++ b/scripts/generators/es_template.py
@@ -1,8 +1,9 @@
+import copy
 import json
 import sys
-import copy
 
 from os.path import join
+
 from generators import ecs_helpers
 
 

From 60038418b25097cd798cb1e308e69710edb52b43 Mon Sep 17 00:00:00 2001
From: Mathieu Martin <mathieu.martin@elastic.co>
Date: Thu, 26 Nov 2020 09:49:51 -0500
Subject: [PATCH 03/27] Initial implementation, generating only the component
 templates

---
 .../elasticsearch/component/agent.json        |  39 ++
 .../generated/elasticsearch/component/as.json |  28 ++
 .../elasticsearch/component/base.json         |  22 ++
 .../elasticsearch/component/client.json       | 167 +++++++++
 .../elasticsearch/component/cloud.json        |  68 ++++
 .../component/code_signature.json             |  29 ++
 .../elasticsearch/component/container.json    |  39 ++
 .../elasticsearch/component/destination.json  | 167 +++++++++
 .../elasticsearch/component/dll.json          |  92 +++++
 .../elasticsearch/component/dns.json          |  85 +++++
 .../elasticsearch/component/ecs.json          |  16 +
 .../elasticsearch/component/error.json        |  36 ++
 .../elasticsearch/component/event.json        | 105 ++++++
 .../elasticsearch/component/file.json         | 276 ++++++++++++++
 .../elasticsearch/component/geo.json          |  42 +++
 .../elasticsearch/component/group.json        |  24 ++
 .../elasticsearch/component/hash.json         |  28 ++
 .../elasticsearch/component/host.json         | 178 +++++++++
 .../elasticsearch/component/http.json         |  80 ++++
 .../elasticsearch/component/interface.json    |  24 ++
 .../elasticsearch/component/log.json          |  81 ++++
 .../elasticsearch/component/network.json      |  82 ++++
 .../elasticsearch/component/observer.json     | 197 ++++++++++
 .../elasticsearch/component/organization.json |  25 ++
 .../generated/elasticsearch/component/os.json |  50 +++
 .../elasticsearch/component/package.json      |  62 ++++
 .../generated/elasticsearch/component/pe.json |  39 ++
 .../elasticsearch/component/process.json      | 328 ++++++++++++++++
 .../elasticsearch/component/registry.json     |  41 ++
 .../elasticsearch/component/related.json      |  27 ++
 .../elasticsearch/component/rule.json         |  52 +++
 .../elasticsearch/component/server.json       | 167 +++++++++
 .../elasticsearch/component/service.json      |  44 +++
 .../elasticsearch/component/source.json       | 167 +++++++++
 .../elasticsearch/component/threat.json       |  76 ++++
 .../elasticsearch/component/tls.json          | 342 +++++++++++++++++
 .../elasticsearch/component/tracing.json      |  32 ++
 .../elasticsearch/component/url.json          |  74 ++++
 .../elasticsearch/component/user.json         | 236 ++++++++++++
 .../elasticsearch/component/user_agent.json   |  79 ++++
 .../elasticsearch/component/vlan.json         |  20 +
 .../component/vulnerability.json              |  75 ++++
 .../elasticsearch/component/x509.json         | 112 ++++++
 generated/elasticsearch/component/agent.json  |  40 ++
 generated/elasticsearch/component/as.json     |  29 ++
 generated/elasticsearch/component/base.json   |  22 ++
 generated/elasticsearch/component/client.json | 174 +++++++++
 generated/elasticsearch/component/cloud.json  |  68 ++++
 .../component/code_signature.json             |  29 ++
 .../elasticsearch/component/container.json    |  39 ++
 .../elasticsearch/component/destination.json  | 174 +++++++++
 generated/elasticsearch/component/dll.json    |  93 +++++
 generated/elasticsearch/component/dns.json    |  87 +++++
 generated/elasticsearch/component/ecs.json    |  16 +
 generated/elasticsearch/component/error.json  |  40 ++
 generated/elasticsearch/component/event.json  | 105 ++++++
 generated/elasticsearch/component/file.json   | 282 ++++++++++++++
 generated/elasticsearch/component/geo.json    |  43 +++
 generated/elasticsearch/component/group.json  |  24 ++
 generated/elasticsearch/component/hash.json   |  28 ++
 generated/elasticsearch/component/host.json   | 185 +++++++++
 generated/elasticsearch/component/http.json   |  83 +++++
 .../elasticsearch/component/interface.json    |  24 ++
 generated/elasticsearch/component/log.json    |  83 +++++
 .../elasticsearch/component/network.json      |  82 ++++
 .../elasticsearch/component/observer.json     | 200 ++++++++++
 .../elasticsearch/component/organization.json |  26 ++
 generated/elasticsearch/component/os.json     |  52 +++
 .../elasticsearch/component/package.json      |  62 ++++
 generated/elasticsearch/component/pe.json     |  40 ++
 .../elasticsearch/component/process.json      | 342 +++++++++++++++++
 .../elasticsearch/component/registry.json     |  44 +++
 .../elasticsearch/component/related.json      |  27 ++
 generated/elasticsearch/component/rule.json   |  52 +++
 generated/elasticsearch/component/server.json | 174 +++++++++
 .../elasticsearch/component/service.json      |  44 +++
 generated/elasticsearch/component/source.json | 174 +++++++++
 generated/elasticsearch/component/threat.json |  76 ++++
 generated/elasticsearch/component/tls.json    | 350 ++++++++++++++++++
 .../elasticsearch/component/tracing.json      |  32 ++
 generated/elasticsearch/component/url.json    |  79 ++++
 generated/elasticsearch/component/user.json   |  68 ++++
 .../elasticsearch/component/user_agent.json   |  82 ++++
 generated/elasticsearch/component/vlan.json   |  20 +
 .../component/vulnerability.json              |  75 ++++
 generated/elasticsearch/component/x509.json   | 114 ++++++
 scripts/generator.py                          |   3 +-
 scripts/generators/es_template.py             |  49 ++-
 88 files changed, 7878 insertions(+), 10 deletions(-)
 create mode 100644 experimental/generated/elasticsearch/component/agent.json
 create mode 100644 experimental/generated/elasticsearch/component/as.json
 create mode 100644 experimental/generated/elasticsearch/component/base.json
 create mode 100644 experimental/generated/elasticsearch/component/client.json
 create mode 100644 experimental/generated/elasticsearch/component/cloud.json
 create mode 100644 experimental/generated/elasticsearch/component/code_signature.json
 create mode 100644 experimental/generated/elasticsearch/component/container.json
 create mode 100644 experimental/generated/elasticsearch/component/destination.json
 create mode 100644 experimental/generated/elasticsearch/component/dll.json
 create mode 100644 experimental/generated/elasticsearch/component/dns.json
 create mode 100644 experimental/generated/elasticsearch/component/ecs.json
 create mode 100644 experimental/generated/elasticsearch/component/error.json
 create mode 100644 experimental/generated/elasticsearch/component/event.json
 create mode 100644 experimental/generated/elasticsearch/component/file.json
 create mode 100644 experimental/generated/elasticsearch/component/geo.json
 create mode 100644 experimental/generated/elasticsearch/component/group.json
 create mode 100644 experimental/generated/elasticsearch/component/hash.json
 create mode 100644 experimental/generated/elasticsearch/component/host.json
 create mode 100644 experimental/generated/elasticsearch/component/http.json
 create mode 100644 experimental/generated/elasticsearch/component/interface.json
 create mode 100644 experimental/generated/elasticsearch/component/log.json
 create mode 100644 experimental/generated/elasticsearch/component/network.json
 create mode 100644 experimental/generated/elasticsearch/component/observer.json
 create mode 100644 experimental/generated/elasticsearch/component/organization.json
 create mode 100644 experimental/generated/elasticsearch/component/os.json
 create mode 100644 experimental/generated/elasticsearch/component/package.json
 create mode 100644 experimental/generated/elasticsearch/component/pe.json
 create mode 100644 experimental/generated/elasticsearch/component/process.json
 create mode 100644 experimental/generated/elasticsearch/component/registry.json
 create mode 100644 experimental/generated/elasticsearch/component/related.json
 create mode 100644 experimental/generated/elasticsearch/component/rule.json
 create mode 100644 experimental/generated/elasticsearch/component/server.json
 create mode 100644 experimental/generated/elasticsearch/component/service.json
 create mode 100644 experimental/generated/elasticsearch/component/source.json
 create mode 100644 experimental/generated/elasticsearch/component/threat.json
 create mode 100644 experimental/generated/elasticsearch/component/tls.json
 create mode 100644 experimental/generated/elasticsearch/component/tracing.json
 create mode 100644 experimental/generated/elasticsearch/component/url.json
 create mode 100644 experimental/generated/elasticsearch/component/user.json
 create mode 100644 experimental/generated/elasticsearch/component/user_agent.json
 create mode 100644 experimental/generated/elasticsearch/component/vlan.json
 create mode 100644 experimental/generated/elasticsearch/component/vulnerability.json
 create mode 100644 experimental/generated/elasticsearch/component/x509.json
 create mode 100644 generated/elasticsearch/component/agent.json
 create mode 100644 generated/elasticsearch/component/as.json
 create mode 100644 generated/elasticsearch/component/base.json
 create mode 100644 generated/elasticsearch/component/client.json
 create mode 100644 generated/elasticsearch/component/cloud.json
 create mode 100644 generated/elasticsearch/component/code_signature.json
 create mode 100644 generated/elasticsearch/component/container.json
 create mode 100644 generated/elasticsearch/component/destination.json
 create mode 100644 generated/elasticsearch/component/dll.json
 create mode 100644 generated/elasticsearch/component/dns.json
 create mode 100644 generated/elasticsearch/component/ecs.json
 create mode 100644 generated/elasticsearch/component/error.json
 create mode 100644 generated/elasticsearch/component/event.json
 create mode 100644 generated/elasticsearch/component/file.json
 create mode 100644 generated/elasticsearch/component/geo.json
 create mode 100644 generated/elasticsearch/component/group.json
 create mode 100644 generated/elasticsearch/component/hash.json
 create mode 100644 generated/elasticsearch/component/host.json
 create mode 100644 generated/elasticsearch/component/http.json
 create mode 100644 generated/elasticsearch/component/interface.json
 create mode 100644 generated/elasticsearch/component/log.json
 create mode 100644 generated/elasticsearch/component/network.json
 create mode 100644 generated/elasticsearch/component/observer.json
 create mode 100644 generated/elasticsearch/component/organization.json
 create mode 100644 generated/elasticsearch/component/os.json
 create mode 100644 generated/elasticsearch/component/package.json
 create mode 100644 generated/elasticsearch/component/pe.json
 create mode 100644 generated/elasticsearch/component/process.json
 create mode 100644 generated/elasticsearch/component/registry.json
 create mode 100644 generated/elasticsearch/component/related.json
 create mode 100644 generated/elasticsearch/component/rule.json
 create mode 100644 generated/elasticsearch/component/server.json
 create mode 100644 generated/elasticsearch/component/service.json
 create mode 100644 generated/elasticsearch/component/source.json
 create mode 100644 generated/elasticsearch/component/threat.json
 create mode 100644 generated/elasticsearch/component/tls.json
 create mode 100644 generated/elasticsearch/component/tracing.json
 create mode 100644 generated/elasticsearch/component/url.json
 create mode 100644 generated/elasticsearch/component/user.json
 create mode 100644 generated/elasticsearch/component/user_agent.json
 create mode 100644 generated/elasticsearch/component/vlan.json
 create mode 100644 generated/elasticsearch/component/vulnerability.json
 create mode 100644 generated/elasticsearch/component/x509.json

diff --git a/experimental/generated/elasticsearch/component/agent.json b/experimental/generated/elasticsearch/component/agent.json
new file mode 100644
index 000000000..66fe0572a
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/agent.json
@@ -0,0 +1,39 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "agent": {
+          "properties": {
+            "build": {
+              "properties": {
+                "original": {
+                  "type": "wildcard"
+                }
+              }
+            },
+            "ephemeral_id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "type": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "version": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/as.json b/experimental/generated/elasticsearch/component/as.json
new file mode 100644
index 000000000..85b465e03
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/as.json
@@ -0,0 +1,28 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "as": {
+          "properties": {
+            "number": {
+              "type": "long"
+            },
+            "organization": {
+              "properties": {
+                "name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "type": "wildcard"
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/base.json b/experimental/generated/elasticsearch/component/base.json
new file mode 100644
index 000000000..d1818f4fa
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/base.json
@@ -0,0 +1,22 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "@timestamp": {
+          "type": "date"
+        },
+        "labels": {
+          "type": "object"
+        },
+        "message": {
+          "norms": false,
+          "type": "text"
+        },
+        "tags": {
+          "ignore_above": 1024,
+          "type": "keyword"
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/client.json b/experimental/generated/elasticsearch/component/client.json
new file mode 100644
index 000000000..5e628839f
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/client.json
@@ -0,0 +1,167 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "client": {
+          "properties": {
+            "address": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "as": {
+              "properties": {
+                "number": {
+                  "type": "long"
+                },
+                "organization": {
+                  "properties": {
+                    "name": {
+                      "fields": {
+                        "text": {
+                          "norms": false,
+                          "type": "text"
+                        }
+                      },
+                      "type": "wildcard"
+                    }
+                  }
+                }
+              }
+            },
+            "bytes": {
+              "type": "long"
+            },
+            "domain": {
+              "type": "wildcard"
+            },
+            "geo": {
+              "properties": {
+                "city_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "continent_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "country_iso_code": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "country_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "location": {
+                  "type": "geo_point"
+                },
+                "name": {
+                  "type": "wildcard"
+                },
+                "region_iso_code": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "region_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "ip": {
+              "type": "ip"
+            },
+            "mac": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "nat": {
+              "properties": {
+                "ip": {
+                  "type": "ip"
+                },
+                "port": {
+                  "type": "long"
+                }
+              }
+            },
+            "packets": {
+              "type": "long"
+            },
+            "port": {
+              "type": "long"
+            },
+            "registered_domain": {
+              "type": "wildcard"
+            },
+            "subdomain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "top_level_domain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "user": {
+              "properties": {
+                "domain": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "email": {
+                  "type": "wildcard"
+                },
+                "full_name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "type": "wildcard"
+                },
+                "group": {
+                  "properties": {
+                    "domain": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "id": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "hash": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "type": "wildcard"
+                },
+                "roles": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/cloud.json b/experimental/generated/elasticsearch/component/cloud.json
new file mode 100644
index 000000000..feb7e24db
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/cloud.json
@@ -0,0 +1,68 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "cloud": {
+          "properties": {
+            "account": {
+              "properties": {
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "availability_zone": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "instance": {
+              "properties": {
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "machine": {
+              "properties": {
+                "type": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "project": {
+              "properties": {
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "provider": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "region": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/code_signature.json b/experimental/generated/elasticsearch/component/code_signature.json
new file mode 100644
index 000000000..66c183f3f
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/code_signature.json
@@ -0,0 +1,29 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "code_signature": {
+          "properties": {
+            "exists": {
+              "type": "boolean"
+            },
+            "status": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "subject_name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "trusted": {
+              "type": "boolean"
+            },
+            "valid": {
+              "type": "boolean"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/container.json b/experimental/generated/elasticsearch/component/container.json
new file mode 100644
index 000000000..c9db58055
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/container.json
@@ -0,0 +1,39 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "container": {
+          "properties": {
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "image": {
+              "properties": {
+                "name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "tag": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "labels": {
+              "type": "object"
+            },
+            "name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "runtime": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/destination.json b/experimental/generated/elasticsearch/component/destination.json
new file mode 100644
index 000000000..d6b0c73c1
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/destination.json
@@ -0,0 +1,167 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "destination": {
+          "properties": {
+            "address": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "as": {
+              "properties": {
+                "number": {
+                  "type": "long"
+                },
+                "organization": {
+                  "properties": {
+                    "name": {
+                      "fields": {
+                        "text": {
+                          "norms": false,
+                          "type": "text"
+                        }
+                      },
+                      "type": "wildcard"
+                    }
+                  }
+                }
+              }
+            },
+            "bytes": {
+              "type": "long"
+            },
+            "domain": {
+              "type": "wildcard"
+            },
+            "geo": {
+              "properties": {
+                "city_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "continent_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "country_iso_code": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "country_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "location": {
+                  "type": "geo_point"
+                },
+                "name": {
+                  "type": "wildcard"
+                },
+                "region_iso_code": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "region_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "ip": {
+              "type": "ip"
+            },
+            "mac": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "nat": {
+              "properties": {
+                "ip": {
+                  "type": "ip"
+                },
+                "port": {
+                  "type": "long"
+                }
+              }
+            },
+            "packets": {
+              "type": "long"
+            },
+            "port": {
+              "type": "long"
+            },
+            "registered_domain": {
+              "type": "wildcard"
+            },
+            "subdomain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "top_level_domain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "user": {
+              "properties": {
+                "domain": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "email": {
+                  "type": "wildcard"
+                },
+                "full_name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "type": "wildcard"
+                },
+                "group": {
+                  "properties": {
+                    "domain": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "id": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "hash": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "type": "wildcard"
+                },
+                "roles": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/dll.json b/experimental/generated/elasticsearch/component/dll.json
new file mode 100644
index 000000000..c42dd2ae0
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/dll.json
@@ -0,0 +1,92 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "dll": {
+          "properties": {
+            "code_signature": {
+              "properties": {
+                "exists": {
+                  "type": "boolean"
+                },
+                "status": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "subject_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "trusted": {
+                  "type": "boolean"
+                },
+                "valid": {
+                  "type": "boolean"
+                }
+              }
+            },
+            "hash": {
+              "properties": {
+                "md5": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "sha1": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "sha256": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "sha512": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "path": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "pe": {
+              "properties": {
+                "architecture": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "company": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "description": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "file_version": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "imphash": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "original_file_name": {
+                  "type": "wildcard"
+                },
+                "product": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/dns.json b/experimental/generated/elasticsearch/component/dns.json
new file mode 100644
index 000000000..c40e9ff2a
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/dns.json
@@ -0,0 +1,85 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "dns": {
+          "properties": {
+            "answers": {
+              "properties": {
+                "class": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "data": {
+                  "type": "wildcard"
+                },
+                "name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "ttl": {
+                  "type": "long"
+                },
+                "type": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              },
+              "type": "object"
+            },
+            "header_flags": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "op_code": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "question": {
+              "properties": {
+                "class": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "type": "wildcard"
+                },
+                "registered_domain": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "subdomain": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "top_level_domain": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "type": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "resolved_ip": {
+              "type": "ip"
+            },
+            "response_code": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "type": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/ecs.json b/experimental/generated/elasticsearch/component/ecs.json
new file mode 100644
index 000000000..df4b5d56e
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/ecs.json
@@ -0,0 +1,16 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "ecs": {
+          "properties": {
+            "version": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/error.json b/experimental/generated/elasticsearch/component/error.json
new file mode 100644
index 000000000..672692077
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/error.json
@@ -0,0 +1,36 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "error": {
+          "properties": {
+            "code": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "message": {
+              "norms": false,
+              "type": "text"
+            },
+            "stack_trace": {
+              "fields": {
+                "text": {
+                  "norms": false,
+                  "type": "text"
+                }
+              },
+              "type": "wildcard"
+            },
+            "type": {
+              "type": "wildcard"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/event.json b/experimental/generated/elasticsearch/component/event.json
new file mode 100644
index 000000000..a8a6eb1f5
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/event.json
@@ -0,0 +1,105 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "event": {
+          "properties": {
+            "action": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "category": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "code": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "created": {
+              "type": "date"
+            },
+            "dataset": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "duration": {
+              "type": "long"
+            },
+            "end": {
+              "type": "date"
+            },
+            "hash": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "ingested": {
+              "type": "date"
+            },
+            "kind": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "module": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "original": {
+              "doc_values": false,
+              "ignore_above": 1024,
+              "index": false,
+              "type": "keyword"
+            },
+            "outcome": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "provider": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "reason": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "reference": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "risk_score": {
+              "type": "float"
+            },
+            "risk_score_norm": {
+              "type": "float"
+            },
+            "sequence": {
+              "type": "long"
+            },
+            "severity": {
+              "type": "long"
+            },
+            "start": {
+              "type": "date"
+            },
+            "timezone": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "type": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "url": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/file.json b/experimental/generated/elasticsearch/component/file.json
new file mode 100644
index 000000000..67890178e
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/file.json
@@ -0,0 +1,276 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "file": {
+          "properties": {
+            "accessed": {
+              "type": "date"
+            },
+            "attributes": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "code_signature": {
+              "properties": {
+                "exists": {
+                  "type": "boolean"
+                },
+                "status": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "subject_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "trusted": {
+                  "type": "boolean"
+                },
+                "valid": {
+                  "type": "boolean"
+                }
+              }
+            },
+            "created": {
+              "type": "date"
+            },
+            "ctime": {
+              "type": "date"
+            },
+            "device": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "directory": {
+              "type": "wildcard"
+            },
+            "drive_letter": {
+              "ignore_above": 1,
+              "type": "keyword"
+            },
+            "extension": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "gid": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "group": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "hash": {
+              "properties": {
+                "md5": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "sha1": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "sha256": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "sha512": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "inode": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "mime_type": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "mode": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "mtime": {
+              "type": "date"
+            },
+            "name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "owner": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "path": {
+              "fields": {
+                "text": {
+                  "norms": false,
+                  "type": "text"
+                }
+              },
+              "type": "wildcard"
+            },
+            "pe": {
+              "properties": {
+                "architecture": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "company": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "description": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "file_version": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "imphash": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "original_file_name": {
+                  "type": "wildcard"
+                },
+                "product": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "size": {
+              "type": "long"
+            },
+            "target_path": {
+              "fields": {
+                "text": {
+                  "norms": false,
+                  "type": "text"
+                }
+              },
+              "type": "wildcard"
+            },
+            "type": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "uid": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "x509": {
+              "properties": {
+                "alternative_names": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "issuer": {
+                  "properties": {
+                    "common_name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "country": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "distinguished_name": {
+                      "type": "wildcard"
+                    },
+                    "locality": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "organization": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "organizational_unit": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "state_or_province": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "not_after": {
+                  "type": "date"
+                },
+                "not_before": {
+                  "type": "date"
+                },
+                "public_key_algorithm": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "public_key_curve": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "public_key_exponent": {
+                  "doc_values": false,
+                  "index": false,
+                  "type": "long"
+                },
+                "public_key_size": {
+                  "type": "long"
+                },
+                "serial_number": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "signature_algorithm": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "subject": {
+                  "properties": {
+                    "common_name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "country": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "distinguished_name": {
+                      "type": "wildcard"
+                    },
+                    "locality": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "organization": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "organizational_unit": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "state_or_province": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "version_number": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/geo.json b/experimental/generated/elasticsearch/component/geo.json
new file mode 100644
index 000000000..81dc5defc
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/geo.json
@@ -0,0 +1,42 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "geo": {
+          "properties": {
+            "city_name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "continent_name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "country_iso_code": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "country_name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "location": {
+              "type": "geo_point"
+            },
+            "name": {
+              "type": "wildcard"
+            },
+            "region_iso_code": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "region_name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/group.json b/experimental/generated/elasticsearch/component/group.json
new file mode 100644
index 000000000..7500ad89c
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/group.json
@@ -0,0 +1,24 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "group": {
+          "properties": {
+            "domain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/hash.json b/experimental/generated/elasticsearch/component/hash.json
new file mode 100644
index 000000000..d7776dcf1
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/hash.json
@@ -0,0 +1,28 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "hash": {
+          "properties": {
+            "md5": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "sha1": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "sha256": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "sha512": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/host.json b/experimental/generated/elasticsearch/component/host.json
new file mode 100644
index 000000000..c77aaf43e
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/host.json
@@ -0,0 +1,178 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "host": {
+          "properties": {
+            "architecture": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "domain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "geo": {
+              "properties": {
+                "city_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "continent_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "country_iso_code": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "country_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "location": {
+                  "type": "geo_point"
+                },
+                "name": {
+                  "type": "wildcard"
+                },
+                "region_iso_code": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "region_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "hostname": {
+              "type": "wildcard"
+            },
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "ip": {
+              "type": "ip"
+            },
+            "mac": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "os": {
+              "properties": {
+                "family": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "full": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "type": "wildcard"
+                },
+                "kernel": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "type": "wildcard"
+                },
+                "platform": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "type": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "version": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "type": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "uptime": {
+              "type": "long"
+            },
+            "user": {
+              "properties": {
+                "domain": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "email": {
+                  "type": "wildcard"
+                },
+                "full_name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "type": "wildcard"
+                },
+                "group": {
+                  "properties": {
+                    "domain": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "id": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "hash": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "type": "wildcard"
+                },
+                "roles": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/http.json b/experimental/generated/elasticsearch/component/http.json
new file mode 100644
index 000000000..78885efce
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/http.json
@@ -0,0 +1,80 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "http": {
+          "properties": {
+            "request": {
+              "properties": {
+                "body": {
+                  "properties": {
+                    "bytes": {
+                      "type": "long"
+                    },
+                    "content": {
+                      "fields": {
+                        "text": {
+                          "norms": false,
+                          "type": "text"
+                        }
+                      },
+                      "type": "wildcard"
+                    }
+                  }
+                },
+                "bytes": {
+                  "type": "long"
+                },
+                "method": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "mime_type": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "referrer": {
+                  "type": "wildcard"
+                }
+              }
+            },
+            "response": {
+              "properties": {
+                "body": {
+                  "properties": {
+                    "bytes": {
+                      "type": "long"
+                    },
+                    "content": {
+                      "fields": {
+                        "text": {
+                          "norms": false,
+                          "type": "text"
+                        }
+                      },
+                      "type": "wildcard"
+                    }
+                  }
+                },
+                "bytes": {
+                  "type": "long"
+                },
+                "mime_type": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "status_code": {
+                  "type": "long"
+                }
+              }
+            },
+            "version": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/interface.json b/experimental/generated/elasticsearch/component/interface.json
new file mode 100644
index 000000000..67b95e8dc
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/interface.json
@@ -0,0 +1,24 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "interface": {
+          "properties": {
+            "alias": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/log.json b/experimental/generated/elasticsearch/component/log.json
new file mode 100644
index 000000000..05477692c
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/log.json
@@ -0,0 +1,81 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "log": {
+          "properties": {
+            "file": {
+              "properties": {
+                "path": {
+                  "type": "wildcard"
+                }
+              }
+            },
+            "level": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "logger": {
+              "type": "wildcard"
+            },
+            "origin": {
+              "properties": {
+                "file": {
+                  "properties": {
+                    "line": {
+                      "type": "integer"
+                    },
+                    "name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "function": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "original": {
+              "doc_values": false,
+              "ignore_above": 1024,
+              "index": false,
+              "type": "keyword"
+            },
+            "syslog": {
+              "properties": {
+                "facility": {
+                  "properties": {
+                    "code": {
+                      "type": "long"
+                    },
+                    "name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "priority": {
+                  "type": "long"
+                },
+                "severity": {
+                  "properties": {
+                    "code": {
+                      "type": "long"
+                    },
+                    "name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                }
+              },
+              "type": "object"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/network.json b/experimental/generated/elasticsearch/component/network.json
new file mode 100644
index 000000000..74a7b796e
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/network.json
@@ -0,0 +1,82 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "network": {
+          "properties": {
+            "application": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "bytes": {
+              "type": "long"
+            },
+            "community_id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "direction": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "forwarded_ip": {
+              "type": "ip"
+            },
+            "iana_number": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "inner": {
+              "properties": {
+                "vlan": {
+                  "properties": {
+                    "id": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                }
+              },
+              "type": "object"
+            },
+            "name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "packets": {
+              "type": "long"
+            },
+            "protocol": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "transport": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "type": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "vlan": {
+              "properties": {
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/observer.json b/experimental/generated/elasticsearch/component/observer.json
new file mode 100644
index 000000000..3e58dabf8
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/observer.json
@@ -0,0 +1,197 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "observer": {
+          "properties": {
+            "egress": {
+              "properties": {
+                "interface": {
+                  "properties": {
+                    "alias": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "id": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "vlan": {
+                  "properties": {
+                    "id": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "zone": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              },
+              "type": "object"
+            },
+            "geo": {
+              "properties": {
+                "city_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "continent_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "country_iso_code": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "country_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "location": {
+                  "type": "geo_point"
+                },
+                "name": {
+                  "type": "wildcard"
+                },
+                "region_iso_code": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "region_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "hostname": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "ingress": {
+              "properties": {
+                "interface": {
+                  "properties": {
+                    "alias": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "id": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "vlan": {
+                  "properties": {
+                    "id": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "zone": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              },
+              "type": "object"
+            },
+            "ip": {
+              "type": "ip"
+            },
+            "mac": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "os": {
+              "properties": {
+                "family": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "full": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "type": "wildcard"
+                },
+                "kernel": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "type": "wildcard"
+                },
+                "platform": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "type": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "version": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "product": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "serial_number": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "type": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "vendor": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "version": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/organization.json b/experimental/generated/elasticsearch/component/organization.json
new file mode 100644
index 000000000..32cf3ab4f
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/organization.json
@@ -0,0 +1,25 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "organization": {
+          "properties": {
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "name": {
+              "fields": {
+                "text": {
+                  "norms": false,
+                  "type": "text"
+                }
+              },
+              "type": "wildcard"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/os.json b/experimental/generated/elasticsearch/component/os.json
new file mode 100644
index 000000000..db3eca753
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/os.json
@@ -0,0 +1,50 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "os": {
+          "properties": {
+            "family": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "full": {
+              "fields": {
+                "text": {
+                  "norms": false,
+                  "type": "text"
+                }
+              },
+              "type": "wildcard"
+            },
+            "kernel": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "name": {
+              "fields": {
+                "text": {
+                  "norms": false,
+                  "type": "text"
+                }
+              },
+              "type": "wildcard"
+            },
+            "platform": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "type": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "version": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/package.json b/experimental/generated/elasticsearch/component/package.json
new file mode 100644
index 000000000..bc7324b6b
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/package.json
@@ -0,0 +1,62 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "package": {
+          "properties": {
+            "architecture": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "build_version": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "checksum": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "description": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "install_scope": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "installed": {
+              "type": "date"
+            },
+            "license": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "path": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "reference": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "size": {
+              "type": "long"
+            },
+            "type": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "version": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/pe.json b/experimental/generated/elasticsearch/component/pe.json
new file mode 100644
index 000000000..b5ca655c9
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/pe.json
@@ -0,0 +1,39 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "pe": {
+          "properties": {
+            "architecture": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "company": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "description": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "file_version": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "imphash": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "original_file_name": {
+              "type": "wildcard"
+            },
+            "product": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/process.json b/experimental/generated/elasticsearch/component/process.json
new file mode 100644
index 000000000..d87851392
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/process.json
@@ -0,0 +1,328 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "process": {
+          "properties": {
+            "args": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "args_count": {
+              "type": "long"
+            },
+            "code_signature": {
+              "properties": {
+                "exists": {
+                  "type": "boolean"
+                },
+                "status": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "subject_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "trusted": {
+                  "type": "boolean"
+                },
+                "valid": {
+                  "type": "boolean"
+                }
+              }
+            },
+            "command_line": {
+              "fields": {
+                "text": {
+                  "norms": false,
+                  "type": "text"
+                }
+              },
+              "type": "wildcard"
+            },
+            "entity_id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "executable": {
+              "fields": {
+                "text": {
+                  "norms": false,
+                  "type": "text"
+                }
+              },
+              "type": "wildcard"
+            },
+            "exit_code": {
+              "type": "long"
+            },
+            "hash": {
+              "properties": {
+                "md5": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "sha1": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "sha256": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "sha512": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "name": {
+              "fields": {
+                "text": {
+                  "norms": false,
+                  "type": "text"
+                }
+              },
+              "type": "wildcard"
+            },
+            "parent": {
+              "properties": {
+                "args": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "args_count": {
+                  "type": "long"
+                },
+                "code_signature": {
+                  "properties": {
+                    "exists": {
+                      "type": "boolean"
+                    },
+                    "status": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "subject_name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "trusted": {
+                      "type": "boolean"
+                    },
+                    "valid": {
+                      "type": "boolean"
+                    }
+                  }
+                },
+                "command_line": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "type": "wildcard"
+                },
+                "entity_id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "executable": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "type": "wildcard"
+                },
+                "exit_code": {
+                  "type": "long"
+                },
+                "hash": {
+                  "properties": {
+                    "md5": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "sha1": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "sha256": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "sha512": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "type": "wildcard"
+                },
+                "pe": {
+                  "properties": {
+                    "architecture": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "company": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "description": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "file_version": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "imphash": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "original_file_name": {
+                      "type": "wildcard"
+                    },
+                    "product": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "pgid": {
+                  "type": "long"
+                },
+                "pid": {
+                  "type": "long"
+                },
+                "ppid": {
+                  "type": "long"
+                },
+                "start": {
+                  "type": "date"
+                },
+                "thread": {
+                  "properties": {
+                    "id": {
+                      "type": "long"
+                    },
+                    "name": {
+                      "type": "wildcard"
+                    }
+                  }
+                },
+                "title": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "type": "wildcard"
+                },
+                "uptime": {
+                  "type": "long"
+                },
+                "working_directory": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "type": "wildcard"
+                }
+              }
+            },
+            "pe": {
+              "properties": {
+                "architecture": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "company": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "description": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "file_version": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "imphash": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "original_file_name": {
+                  "type": "wildcard"
+                },
+                "product": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "pgid": {
+              "type": "long"
+            },
+            "pid": {
+              "type": "long"
+            },
+            "ppid": {
+              "type": "long"
+            },
+            "start": {
+              "type": "date"
+            },
+            "thread": {
+              "properties": {
+                "id": {
+                  "type": "long"
+                },
+                "name": {
+                  "type": "wildcard"
+                }
+              }
+            },
+            "title": {
+              "fields": {
+                "text": {
+                  "norms": false,
+                  "type": "text"
+                }
+              },
+              "type": "wildcard"
+            },
+            "uptime": {
+              "type": "long"
+            },
+            "working_directory": {
+              "fields": {
+                "text": {
+                  "norms": false,
+                  "type": "text"
+                }
+              },
+              "type": "wildcard"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/registry.json b/experimental/generated/elasticsearch/component/registry.json
new file mode 100644
index 000000000..315490a95
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/registry.json
@@ -0,0 +1,41 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "registry": {
+          "properties": {
+            "data": {
+              "properties": {
+                "bytes": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "strings": {
+                  "type": "wildcard"
+                },
+                "type": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "hive": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "key": {
+              "type": "wildcard"
+            },
+            "path": {
+              "type": "wildcard"
+            },
+            "value": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/related.json b/experimental/generated/elasticsearch/component/related.json
new file mode 100644
index 000000000..0d5227f3c
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/related.json
@@ -0,0 +1,27 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "related": {
+          "properties": {
+            "hash": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "hosts": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "ip": {
+              "type": "ip"
+            },
+            "user": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/rule.json b/experimental/generated/elasticsearch/component/rule.json
new file mode 100644
index 000000000..43de55f11
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/rule.json
@@ -0,0 +1,52 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "rule": {
+          "properties": {
+            "author": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "category": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "description": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "license": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "reference": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "ruleset": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "uuid": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "version": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/server.json b/experimental/generated/elasticsearch/component/server.json
new file mode 100644
index 000000000..fcdbaaa7a
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/server.json
@@ -0,0 +1,167 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "server": {
+          "properties": {
+            "address": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "as": {
+              "properties": {
+                "number": {
+                  "type": "long"
+                },
+                "organization": {
+                  "properties": {
+                    "name": {
+                      "fields": {
+                        "text": {
+                          "norms": false,
+                          "type": "text"
+                        }
+                      },
+                      "type": "wildcard"
+                    }
+                  }
+                }
+              }
+            },
+            "bytes": {
+              "type": "long"
+            },
+            "domain": {
+              "type": "wildcard"
+            },
+            "geo": {
+              "properties": {
+                "city_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "continent_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "country_iso_code": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "country_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "location": {
+                  "type": "geo_point"
+                },
+                "name": {
+                  "type": "wildcard"
+                },
+                "region_iso_code": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "region_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "ip": {
+              "type": "ip"
+            },
+            "mac": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "nat": {
+              "properties": {
+                "ip": {
+                  "type": "ip"
+                },
+                "port": {
+                  "type": "long"
+                }
+              }
+            },
+            "packets": {
+              "type": "long"
+            },
+            "port": {
+              "type": "long"
+            },
+            "registered_domain": {
+              "type": "wildcard"
+            },
+            "subdomain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "top_level_domain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "user": {
+              "properties": {
+                "domain": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "email": {
+                  "type": "wildcard"
+                },
+                "full_name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "type": "wildcard"
+                },
+                "group": {
+                  "properties": {
+                    "domain": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "id": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "hash": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "type": "wildcard"
+                },
+                "roles": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/service.json b/experimental/generated/elasticsearch/component/service.json
new file mode 100644
index 000000000..c36de8112
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/service.json
@@ -0,0 +1,44 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "service": {
+          "properties": {
+            "ephemeral_id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "node": {
+              "properties": {
+                "name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "state": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "type": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "version": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/source.json b/experimental/generated/elasticsearch/component/source.json
new file mode 100644
index 000000000..9fb01d365
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/source.json
@@ -0,0 +1,167 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "source": {
+          "properties": {
+            "address": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "as": {
+              "properties": {
+                "number": {
+                  "type": "long"
+                },
+                "organization": {
+                  "properties": {
+                    "name": {
+                      "fields": {
+                        "text": {
+                          "norms": false,
+                          "type": "text"
+                        }
+                      },
+                      "type": "wildcard"
+                    }
+                  }
+                }
+              }
+            },
+            "bytes": {
+              "type": "long"
+            },
+            "domain": {
+              "type": "wildcard"
+            },
+            "geo": {
+              "properties": {
+                "city_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "continent_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "country_iso_code": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "country_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "location": {
+                  "type": "geo_point"
+                },
+                "name": {
+                  "type": "wildcard"
+                },
+                "region_iso_code": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "region_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "ip": {
+              "type": "ip"
+            },
+            "mac": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "nat": {
+              "properties": {
+                "ip": {
+                  "type": "ip"
+                },
+                "port": {
+                  "type": "long"
+                }
+              }
+            },
+            "packets": {
+              "type": "long"
+            },
+            "port": {
+              "type": "long"
+            },
+            "registered_domain": {
+              "type": "wildcard"
+            },
+            "subdomain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "top_level_domain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "user": {
+              "properties": {
+                "domain": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "email": {
+                  "type": "wildcard"
+                },
+                "full_name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "type": "wildcard"
+                },
+                "group": {
+                  "properties": {
+                    "domain": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "id": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "hash": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "type": "wildcard"
+                },
+                "roles": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/threat.json b/experimental/generated/elasticsearch/component/threat.json
new file mode 100644
index 000000000..6d7662b03
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/threat.json
@@ -0,0 +1,76 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "threat": {
+          "properties": {
+            "framework": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "tactic": {
+              "properties": {
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "reference": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "technique": {
+              "properties": {
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "reference": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "subtechnique": {
+                  "properties": {
+                    "id": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "name": {
+                      "fields": {
+                        "text": {
+                          "norms": false,
+                          "type": "text"
+                        }
+                      },
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "reference": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/tls.json b/experimental/generated/elasticsearch/component/tls.json
new file mode 100644
index 000000000..b4d7d730d
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/tls.json
@@ -0,0 +1,342 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "tls": {
+          "properties": {
+            "cipher": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "client": {
+              "properties": {
+                "certificate": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "certificate_chain": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "hash": {
+                  "properties": {
+                    "md5": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "sha1": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "sha256": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "issuer": {
+                  "type": "wildcard"
+                },
+                "ja3": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "not_after": {
+                  "type": "date"
+                },
+                "not_before": {
+                  "type": "date"
+                },
+                "server_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "subject": {
+                  "type": "wildcard"
+                },
+                "supported_ciphers": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "x509": {
+                  "properties": {
+                    "alternative_names": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "issuer": {
+                      "properties": {
+                        "common_name": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "country": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "distinguished_name": {
+                          "type": "wildcard"
+                        },
+                        "locality": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "organization": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "organizational_unit": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "state_or_province": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        }
+                      }
+                    },
+                    "not_after": {
+                      "type": "date"
+                    },
+                    "not_before": {
+                      "type": "date"
+                    },
+                    "public_key_algorithm": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "public_key_curve": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "public_key_exponent": {
+                      "doc_values": false,
+                      "index": false,
+                      "type": "long"
+                    },
+                    "public_key_size": {
+                      "type": "long"
+                    },
+                    "serial_number": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "signature_algorithm": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "subject": {
+                      "properties": {
+                        "common_name": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "country": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "distinguished_name": {
+                          "type": "wildcard"
+                        },
+                        "locality": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "organization": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "organizational_unit": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "state_or_province": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        }
+                      }
+                    },
+                    "version_number": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                }
+              }
+            },
+            "curve": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "established": {
+              "type": "boolean"
+            },
+            "next_protocol": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "resumed": {
+              "type": "boolean"
+            },
+            "server": {
+              "properties": {
+                "certificate": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "certificate_chain": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "hash": {
+                  "properties": {
+                    "md5": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "sha1": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "sha256": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "issuer": {
+                  "type": "wildcard"
+                },
+                "ja3s": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "not_after": {
+                  "type": "date"
+                },
+                "not_before": {
+                  "type": "date"
+                },
+                "subject": {
+                  "type": "wildcard"
+                },
+                "x509": {
+                  "properties": {
+                    "alternative_names": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "issuer": {
+                      "properties": {
+                        "common_name": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "country": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "distinguished_name": {
+                          "type": "wildcard"
+                        },
+                        "locality": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "organization": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "organizational_unit": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "state_or_province": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        }
+                      }
+                    },
+                    "not_after": {
+                      "type": "date"
+                    },
+                    "not_before": {
+                      "type": "date"
+                    },
+                    "public_key_algorithm": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "public_key_curve": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "public_key_exponent": {
+                      "doc_values": false,
+                      "index": false,
+                      "type": "long"
+                    },
+                    "public_key_size": {
+                      "type": "long"
+                    },
+                    "serial_number": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "signature_algorithm": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "subject": {
+                      "properties": {
+                        "common_name": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "country": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "distinguished_name": {
+                          "type": "wildcard"
+                        },
+                        "locality": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "organization": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "organizational_unit": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "state_or_province": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        }
+                      }
+                    },
+                    "version_number": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                }
+              }
+            },
+            "version": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "version_protocol": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/tracing.json b/experimental/generated/elasticsearch/component/tracing.json
new file mode 100644
index 000000000..9d9555d9f
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/tracing.json
@@ -0,0 +1,32 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "span": {
+          "properties": {
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        },
+        "trace": {
+          "properties": {
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        },
+        "transaction": {
+          "properties": {
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/url.json b/experimental/generated/elasticsearch/component/url.json
new file mode 100644
index 000000000..567c86f3e
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/url.json
@@ -0,0 +1,74 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "url": {
+          "properties": {
+            "domain": {
+              "type": "wildcard"
+            },
+            "extension": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "fragment": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "full": {
+              "fields": {
+                "text": {
+                  "norms": false,
+                  "type": "text"
+                }
+              },
+              "type": "wildcard"
+            },
+            "original": {
+              "fields": {
+                "text": {
+                  "norms": false,
+                  "type": "text"
+                }
+              },
+              "type": "wildcard"
+            },
+            "password": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "path": {
+              "type": "wildcard"
+            },
+            "port": {
+              "type": "long"
+            },
+            "query": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "registered_domain": {
+              "type": "wildcard"
+            },
+            "scheme": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "subdomain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "top_level_domain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "username": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/user.json b/experimental/generated/elasticsearch/component/user.json
new file mode 100644
index 000000000..ff5bbdac7
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/user.json
@@ -0,0 +1,236 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "user": {
+          "properties": {
+            "changes": {
+              "properties": {
+                "domain": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "email": {
+                  "type": "wildcard"
+                },
+                "full_name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "type": "wildcard"
+                },
+                "group": {
+                  "properties": {
+                    "domain": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "id": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "hash": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "type": "wildcard"
+                },
+                "roles": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "domain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "effective": {
+              "properties": {
+                "domain": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "email": {
+                  "type": "wildcard"
+                },
+                "full_name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "type": "wildcard"
+                },
+                "group": {
+                  "properties": {
+                    "domain": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "id": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "hash": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "type": "wildcard"
+                },
+                "roles": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "email": {
+              "type": "wildcard"
+            },
+            "full_name": {
+              "fields": {
+                "text": {
+                  "norms": false,
+                  "type": "text"
+                }
+              },
+              "type": "wildcard"
+            },
+            "group": {
+              "properties": {
+                "domain": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "hash": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "name": {
+              "fields": {
+                "text": {
+                  "norms": false,
+                  "type": "text"
+                }
+              },
+              "type": "wildcard"
+            },
+            "roles": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "target": {
+              "properties": {
+                "domain": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "email": {
+                  "type": "wildcard"
+                },
+                "full_name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "type": "wildcard"
+                },
+                "group": {
+                  "properties": {
+                    "domain": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "id": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "hash": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "type": "wildcard"
+                },
+                "roles": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/user_agent.json b/experimental/generated/elasticsearch/component/user_agent.json
new file mode 100644
index 000000000..85613440b
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/user_agent.json
@@ -0,0 +1,79 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "user_agent": {
+          "properties": {
+            "device": {
+              "properties": {
+                "name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "original": {
+              "fields": {
+                "text": {
+                  "norms": false,
+                  "type": "text"
+                }
+              },
+              "type": "wildcard"
+            },
+            "os": {
+              "properties": {
+                "family": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "full": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "type": "wildcard"
+                },
+                "kernel": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "type": "wildcard"
+                },
+                "platform": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "type": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "version": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "version": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/vlan.json b/experimental/generated/elasticsearch/component/vlan.json
new file mode 100644
index 000000000..3cddf5221
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/vlan.json
@@ -0,0 +1,20 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "vlan": {
+          "properties": {
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/vulnerability.json b/experimental/generated/elasticsearch/component/vulnerability.json
new file mode 100644
index 000000000..a4e37d4b7
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/vulnerability.json
@@ -0,0 +1,75 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "vulnerability": {
+          "properties": {
+            "category": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "classification": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "description": {
+              "fields": {
+                "text": {
+                  "norms": false,
+                  "type": "text"
+                }
+              },
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "enumeration": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "reference": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "report_id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "scanner": {
+              "properties": {
+                "vendor": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "score": {
+              "properties": {
+                "base": {
+                  "type": "float"
+                },
+                "environmental": {
+                  "type": "float"
+                },
+                "temporal": {
+                  "type": "float"
+                },
+                "version": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "severity": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/x509.json b/experimental/generated/elasticsearch/component/x509.json
new file mode 100644
index 000000000..d6ea1c8df
--- /dev/null
+++ b/experimental/generated/elasticsearch/component/x509.json
@@ -0,0 +1,112 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "x509": {
+          "properties": {
+            "alternative_names": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "issuer": {
+              "properties": {
+                "common_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "country": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "distinguished_name": {
+                  "type": "wildcard"
+                },
+                "locality": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "organization": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "organizational_unit": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "state_or_province": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "not_after": {
+              "type": "date"
+            },
+            "not_before": {
+              "type": "date"
+            },
+            "public_key_algorithm": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "public_key_curve": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "public_key_exponent": {
+              "doc_values": false,
+              "index": false,
+              "type": "long"
+            },
+            "public_key_size": {
+              "type": "long"
+            },
+            "serial_number": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "signature_algorithm": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "subject": {
+              "properties": {
+                "common_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "country": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "distinguished_name": {
+                  "type": "wildcard"
+                },
+                "locality": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "organization": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "organizational_unit": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "state_or_province": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "version_number": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/agent.json b/generated/elasticsearch/component/agent.json
new file mode 100644
index 000000000..78158bbe9
--- /dev/null
+++ b/generated/elasticsearch/component/agent.json
@@ -0,0 +1,40 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "agent": {
+          "properties": {
+            "build": {
+              "properties": {
+                "original": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "ephemeral_id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "type": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "version": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/as.json b/generated/elasticsearch/component/as.json
new file mode 100644
index 000000000..1f8f48b72
--- /dev/null
+++ b/generated/elasticsearch/component/as.json
@@ -0,0 +1,29 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "as": {
+          "properties": {
+            "number": {
+              "type": "long"
+            },
+            "organization": {
+              "properties": {
+                "name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/base.json b/generated/elasticsearch/component/base.json
new file mode 100644
index 000000000..d1818f4fa
--- /dev/null
+++ b/generated/elasticsearch/component/base.json
@@ -0,0 +1,22 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "@timestamp": {
+          "type": "date"
+        },
+        "labels": {
+          "type": "object"
+        },
+        "message": {
+          "norms": false,
+          "type": "text"
+        },
+        "tags": {
+          "ignore_above": 1024,
+          "type": "keyword"
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/client.json b/generated/elasticsearch/component/client.json
new file mode 100644
index 000000000..75edcb94a
--- /dev/null
+++ b/generated/elasticsearch/component/client.json
@@ -0,0 +1,174 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "client": {
+          "properties": {
+            "address": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "as": {
+              "properties": {
+                "number": {
+                  "type": "long"
+                },
+                "organization": {
+                  "properties": {
+                    "name": {
+                      "fields": {
+                        "text": {
+                          "norms": false,
+                          "type": "text"
+                        }
+                      },
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                }
+              }
+            },
+            "bytes": {
+              "type": "long"
+            },
+            "domain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "geo": {
+              "properties": {
+                "city_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "continent_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "country_iso_code": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "country_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "location": {
+                  "type": "geo_point"
+                },
+                "name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "region_iso_code": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "region_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "ip": {
+              "type": "ip"
+            },
+            "mac": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "nat": {
+              "properties": {
+                "ip": {
+                  "type": "ip"
+                },
+                "port": {
+                  "type": "long"
+                }
+              }
+            },
+            "packets": {
+              "type": "long"
+            },
+            "port": {
+              "type": "long"
+            },
+            "registered_domain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "subdomain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "top_level_domain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "user": {
+              "properties": {
+                "domain": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "email": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "group": {
+                  "properties": {
+                    "domain": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "id": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "hash": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "roles": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/cloud.json b/generated/elasticsearch/component/cloud.json
new file mode 100644
index 000000000..feb7e24db
--- /dev/null
+++ b/generated/elasticsearch/component/cloud.json
@@ -0,0 +1,68 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "cloud": {
+          "properties": {
+            "account": {
+              "properties": {
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "availability_zone": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "instance": {
+              "properties": {
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "machine": {
+              "properties": {
+                "type": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "project": {
+              "properties": {
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "provider": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "region": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/code_signature.json b/generated/elasticsearch/component/code_signature.json
new file mode 100644
index 000000000..66c183f3f
--- /dev/null
+++ b/generated/elasticsearch/component/code_signature.json
@@ -0,0 +1,29 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "code_signature": {
+          "properties": {
+            "exists": {
+              "type": "boolean"
+            },
+            "status": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "subject_name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "trusted": {
+              "type": "boolean"
+            },
+            "valid": {
+              "type": "boolean"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/container.json b/generated/elasticsearch/component/container.json
new file mode 100644
index 000000000..c9db58055
--- /dev/null
+++ b/generated/elasticsearch/component/container.json
@@ -0,0 +1,39 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "container": {
+          "properties": {
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "image": {
+              "properties": {
+                "name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "tag": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "labels": {
+              "type": "object"
+            },
+            "name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "runtime": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/destination.json b/generated/elasticsearch/component/destination.json
new file mode 100644
index 000000000..31237474f
--- /dev/null
+++ b/generated/elasticsearch/component/destination.json
@@ -0,0 +1,174 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "destination": {
+          "properties": {
+            "address": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "as": {
+              "properties": {
+                "number": {
+                  "type": "long"
+                },
+                "organization": {
+                  "properties": {
+                    "name": {
+                      "fields": {
+                        "text": {
+                          "norms": false,
+                          "type": "text"
+                        }
+                      },
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                }
+              }
+            },
+            "bytes": {
+              "type": "long"
+            },
+            "domain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "geo": {
+              "properties": {
+                "city_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "continent_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "country_iso_code": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "country_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "location": {
+                  "type": "geo_point"
+                },
+                "name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "region_iso_code": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "region_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "ip": {
+              "type": "ip"
+            },
+            "mac": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "nat": {
+              "properties": {
+                "ip": {
+                  "type": "ip"
+                },
+                "port": {
+                  "type": "long"
+                }
+              }
+            },
+            "packets": {
+              "type": "long"
+            },
+            "port": {
+              "type": "long"
+            },
+            "registered_domain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "subdomain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "top_level_domain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "user": {
+              "properties": {
+                "domain": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "email": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "group": {
+                  "properties": {
+                    "domain": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "id": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "hash": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "roles": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/dll.json b/generated/elasticsearch/component/dll.json
new file mode 100644
index 000000000..9bbc77114
--- /dev/null
+++ b/generated/elasticsearch/component/dll.json
@@ -0,0 +1,93 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "dll": {
+          "properties": {
+            "code_signature": {
+              "properties": {
+                "exists": {
+                  "type": "boolean"
+                },
+                "status": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "subject_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "trusted": {
+                  "type": "boolean"
+                },
+                "valid": {
+                  "type": "boolean"
+                }
+              }
+            },
+            "hash": {
+              "properties": {
+                "md5": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "sha1": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "sha256": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "sha512": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "path": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "pe": {
+              "properties": {
+                "architecture": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "company": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "description": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "file_version": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "imphash": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "original_file_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "product": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/dns.json b/generated/elasticsearch/component/dns.json
new file mode 100644
index 000000000..1814577b1
--- /dev/null
+++ b/generated/elasticsearch/component/dns.json
@@ -0,0 +1,87 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "dns": {
+          "properties": {
+            "answers": {
+              "properties": {
+                "class": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "data": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "ttl": {
+                  "type": "long"
+                },
+                "type": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              },
+              "type": "object"
+            },
+            "header_flags": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "op_code": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "question": {
+              "properties": {
+                "class": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "registered_domain": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "subdomain": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "top_level_domain": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "type": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "resolved_ip": {
+              "type": "ip"
+            },
+            "response_code": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "type": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/ecs.json b/generated/elasticsearch/component/ecs.json
new file mode 100644
index 000000000..df4b5d56e
--- /dev/null
+++ b/generated/elasticsearch/component/ecs.json
@@ -0,0 +1,16 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "ecs": {
+          "properties": {
+            "version": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/error.json b/generated/elasticsearch/component/error.json
new file mode 100644
index 000000000..0f2b5e12f
--- /dev/null
+++ b/generated/elasticsearch/component/error.json
@@ -0,0 +1,40 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "error": {
+          "properties": {
+            "code": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "message": {
+              "norms": false,
+              "type": "text"
+            },
+            "stack_trace": {
+              "doc_values": false,
+              "fields": {
+                "text": {
+                  "norms": false,
+                  "type": "text"
+                }
+              },
+              "ignore_above": 1024,
+              "index": false,
+              "type": "keyword"
+            },
+            "type": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/event.json b/generated/elasticsearch/component/event.json
new file mode 100644
index 000000000..a8a6eb1f5
--- /dev/null
+++ b/generated/elasticsearch/component/event.json
@@ -0,0 +1,105 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "event": {
+          "properties": {
+            "action": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "category": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "code": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "created": {
+              "type": "date"
+            },
+            "dataset": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "duration": {
+              "type": "long"
+            },
+            "end": {
+              "type": "date"
+            },
+            "hash": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "ingested": {
+              "type": "date"
+            },
+            "kind": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "module": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "original": {
+              "doc_values": false,
+              "ignore_above": 1024,
+              "index": false,
+              "type": "keyword"
+            },
+            "outcome": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "provider": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "reason": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "reference": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "risk_score": {
+              "type": "float"
+            },
+            "risk_score_norm": {
+              "type": "float"
+            },
+            "sequence": {
+              "type": "long"
+            },
+            "severity": {
+              "type": "long"
+            },
+            "start": {
+              "type": "date"
+            },
+            "timezone": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "type": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "url": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/file.json b/generated/elasticsearch/component/file.json
new file mode 100644
index 000000000..ca5a80a6c
--- /dev/null
+++ b/generated/elasticsearch/component/file.json
@@ -0,0 +1,282 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "file": {
+          "properties": {
+            "accessed": {
+              "type": "date"
+            },
+            "attributes": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "code_signature": {
+              "properties": {
+                "exists": {
+                  "type": "boolean"
+                },
+                "status": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "subject_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "trusted": {
+                  "type": "boolean"
+                },
+                "valid": {
+                  "type": "boolean"
+                }
+              }
+            },
+            "created": {
+              "type": "date"
+            },
+            "ctime": {
+              "type": "date"
+            },
+            "device": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "directory": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "drive_letter": {
+              "ignore_above": 1,
+              "type": "keyword"
+            },
+            "extension": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "gid": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "group": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "hash": {
+              "properties": {
+                "md5": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "sha1": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "sha256": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "sha512": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "inode": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "mime_type": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "mode": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "mtime": {
+              "type": "date"
+            },
+            "name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "owner": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "path": {
+              "fields": {
+                "text": {
+                  "norms": false,
+                  "type": "text"
+                }
+              },
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "pe": {
+              "properties": {
+                "architecture": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "company": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "description": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "file_version": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "imphash": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "original_file_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "product": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "size": {
+              "type": "long"
+            },
+            "target_path": {
+              "fields": {
+                "text": {
+                  "norms": false,
+                  "type": "text"
+                }
+              },
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "type": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "uid": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "x509": {
+              "properties": {
+                "alternative_names": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "issuer": {
+                  "properties": {
+                    "common_name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "country": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "distinguished_name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "locality": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "organization": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "organizational_unit": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "state_or_province": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "not_after": {
+                  "type": "date"
+                },
+                "not_before": {
+                  "type": "date"
+                },
+                "public_key_algorithm": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "public_key_curve": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "public_key_exponent": {
+                  "doc_values": false,
+                  "index": false,
+                  "type": "long"
+                },
+                "public_key_size": {
+                  "type": "long"
+                },
+                "serial_number": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "signature_algorithm": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "subject": {
+                  "properties": {
+                    "common_name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "country": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "distinguished_name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "locality": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "organization": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "organizational_unit": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "state_or_province": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "version_number": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/geo.json b/generated/elasticsearch/component/geo.json
new file mode 100644
index 000000000..55cdb3be3
--- /dev/null
+++ b/generated/elasticsearch/component/geo.json
@@ -0,0 +1,43 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "geo": {
+          "properties": {
+            "city_name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "continent_name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "country_iso_code": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "country_name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "location": {
+              "type": "geo_point"
+            },
+            "name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "region_iso_code": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "region_name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/group.json b/generated/elasticsearch/component/group.json
new file mode 100644
index 000000000..7500ad89c
--- /dev/null
+++ b/generated/elasticsearch/component/group.json
@@ -0,0 +1,24 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "group": {
+          "properties": {
+            "domain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/hash.json b/generated/elasticsearch/component/hash.json
new file mode 100644
index 000000000..d7776dcf1
--- /dev/null
+++ b/generated/elasticsearch/component/hash.json
@@ -0,0 +1,28 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "hash": {
+          "properties": {
+            "md5": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "sha1": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "sha256": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "sha512": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/host.json b/generated/elasticsearch/component/host.json
new file mode 100644
index 000000000..de7d5d653
--- /dev/null
+++ b/generated/elasticsearch/component/host.json
@@ -0,0 +1,185 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "host": {
+          "properties": {
+            "architecture": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "domain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "geo": {
+              "properties": {
+                "city_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "continent_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "country_iso_code": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "country_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "location": {
+                  "type": "geo_point"
+                },
+                "name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "region_iso_code": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "region_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "hostname": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "ip": {
+              "type": "ip"
+            },
+            "mac": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "os": {
+              "properties": {
+                "family": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "full": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "kernel": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "platform": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "type": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "version": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "type": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "uptime": {
+              "type": "long"
+            },
+            "user": {
+              "properties": {
+                "domain": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "email": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "group": {
+                  "properties": {
+                    "domain": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "id": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "hash": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "roles": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/http.json b/generated/elasticsearch/component/http.json
new file mode 100644
index 000000000..5a52dd9e9
--- /dev/null
+++ b/generated/elasticsearch/component/http.json
@@ -0,0 +1,83 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "http": {
+          "properties": {
+            "request": {
+              "properties": {
+                "body": {
+                  "properties": {
+                    "bytes": {
+                      "type": "long"
+                    },
+                    "content": {
+                      "fields": {
+                        "text": {
+                          "norms": false,
+                          "type": "text"
+                        }
+                      },
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "bytes": {
+                  "type": "long"
+                },
+                "method": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "mime_type": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "referrer": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "response": {
+              "properties": {
+                "body": {
+                  "properties": {
+                    "bytes": {
+                      "type": "long"
+                    },
+                    "content": {
+                      "fields": {
+                        "text": {
+                          "norms": false,
+                          "type": "text"
+                        }
+                      },
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "bytes": {
+                  "type": "long"
+                },
+                "mime_type": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "status_code": {
+                  "type": "long"
+                }
+              }
+            },
+            "version": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/interface.json b/generated/elasticsearch/component/interface.json
new file mode 100644
index 000000000..67b95e8dc
--- /dev/null
+++ b/generated/elasticsearch/component/interface.json
@@ -0,0 +1,24 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "interface": {
+          "properties": {
+            "alias": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/log.json b/generated/elasticsearch/component/log.json
new file mode 100644
index 000000000..fe0261dc1
--- /dev/null
+++ b/generated/elasticsearch/component/log.json
@@ -0,0 +1,83 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "log": {
+          "properties": {
+            "file": {
+              "properties": {
+                "path": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "level": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "logger": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "origin": {
+              "properties": {
+                "file": {
+                  "properties": {
+                    "line": {
+                      "type": "integer"
+                    },
+                    "name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "function": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "original": {
+              "doc_values": false,
+              "ignore_above": 1024,
+              "index": false,
+              "type": "keyword"
+            },
+            "syslog": {
+              "properties": {
+                "facility": {
+                  "properties": {
+                    "code": {
+                      "type": "long"
+                    },
+                    "name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "priority": {
+                  "type": "long"
+                },
+                "severity": {
+                  "properties": {
+                    "code": {
+                      "type": "long"
+                    },
+                    "name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                }
+              },
+              "type": "object"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/network.json b/generated/elasticsearch/component/network.json
new file mode 100644
index 000000000..74a7b796e
--- /dev/null
+++ b/generated/elasticsearch/component/network.json
@@ -0,0 +1,82 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "network": {
+          "properties": {
+            "application": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "bytes": {
+              "type": "long"
+            },
+            "community_id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "direction": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "forwarded_ip": {
+              "type": "ip"
+            },
+            "iana_number": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "inner": {
+              "properties": {
+                "vlan": {
+                  "properties": {
+                    "id": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                }
+              },
+              "type": "object"
+            },
+            "name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "packets": {
+              "type": "long"
+            },
+            "protocol": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "transport": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "type": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "vlan": {
+              "properties": {
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/observer.json b/generated/elasticsearch/component/observer.json
new file mode 100644
index 000000000..8c5b98955
--- /dev/null
+++ b/generated/elasticsearch/component/observer.json
@@ -0,0 +1,200 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "observer": {
+          "properties": {
+            "egress": {
+              "properties": {
+                "interface": {
+                  "properties": {
+                    "alias": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "id": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "vlan": {
+                  "properties": {
+                    "id": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "zone": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              },
+              "type": "object"
+            },
+            "geo": {
+              "properties": {
+                "city_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "continent_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "country_iso_code": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "country_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "location": {
+                  "type": "geo_point"
+                },
+                "name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "region_iso_code": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "region_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "hostname": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "ingress": {
+              "properties": {
+                "interface": {
+                  "properties": {
+                    "alias": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "id": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "vlan": {
+                  "properties": {
+                    "id": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "zone": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              },
+              "type": "object"
+            },
+            "ip": {
+              "type": "ip"
+            },
+            "mac": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "os": {
+              "properties": {
+                "family": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "full": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "kernel": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "platform": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "type": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "version": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "product": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "serial_number": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "type": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "vendor": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "version": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/organization.json b/generated/elasticsearch/component/organization.json
new file mode 100644
index 000000000..befa6f313
--- /dev/null
+++ b/generated/elasticsearch/component/organization.json
@@ -0,0 +1,26 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "organization": {
+          "properties": {
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "name": {
+              "fields": {
+                "text": {
+                  "norms": false,
+                  "type": "text"
+                }
+              },
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/os.json b/generated/elasticsearch/component/os.json
new file mode 100644
index 000000000..4d23c2613
--- /dev/null
+++ b/generated/elasticsearch/component/os.json
@@ -0,0 +1,52 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "os": {
+          "properties": {
+            "family": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "full": {
+              "fields": {
+                "text": {
+                  "norms": false,
+                  "type": "text"
+                }
+              },
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "kernel": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "name": {
+              "fields": {
+                "text": {
+                  "norms": false,
+                  "type": "text"
+                }
+              },
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "platform": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "type": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "version": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/package.json b/generated/elasticsearch/component/package.json
new file mode 100644
index 000000000..bc7324b6b
--- /dev/null
+++ b/generated/elasticsearch/component/package.json
@@ -0,0 +1,62 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "package": {
+          "properties": {
+            "architecture": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "build_version": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "checksum": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "description": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "install_scope": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "installed": {
+              "type": "date"
+            },
+            "license": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "path": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "reference": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "size": {
+              "type": "long"
+            },
+            "type": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "version": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/pe.json b/generated/elasticsearch/component/pe.json
new file mode 100644
index 000000000..bbdae948d
--- /dev/null
+++ b/generated/elasticsearch/component/pe.json
@@ -0,0 +1,40 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "pe": {
+          "properties": {
+            "architecture": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "company": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "description": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "file_version": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "imphash": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "original_file_name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "product": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/process.json b/generated/elasticsearch/component/process.json
new file mode 100644
index 000000000..91b462048
--- /dev/null
+++ b/generated/elasticsearch/component/process.json
@@ -0,0 +1,342 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "process": {
+          "properties": {
+            "args": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "args_count": {
+              "type": "long"
+            },
+            "code_signature": {
+              "properties": {
+                "exists": {
+                  "type": "boolean"
+                },
+                "status": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "subject_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "trusted": {
+                  "type": "boolean"
+                },
+                "valid": {
+                  "type": "boolean"
+                }
+              }
+            },
+            "command_line": {
+              "fields": {
+                "text": {
+                  "norms": false,
+                  "type": "text"
+                }
+              },
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "entity_id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "executable": {
+              "fields": {
+                "text": {
+                  "norms": false,
+                  "type": "text"
+                }
+              },
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "exit_code": {
+              "type": "long"
+            },
+            "hash": {
+              "properties": {
+                "md5": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "sha1": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "sha256": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "sha512": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "name": {
+              "fields": {
+                "text": {
+                  "norms": false,
+                  "type": "text"
+                }
+              },
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "parent": {
+              "properties": {
+                "args": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "args_count": {
+                  "type": "long"
+                },
+                "code_signature": {
+                  "properties": {
+                    "exists": {
+                      "type": "boolean"
+                    },
+                    "status": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "subject_name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "trusted": {
+                      "type": "boolean"
+                    },
+                    "valid": {
+                      "type": "boolean"
+                    }
+                  }
+                },
+                "command_line": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "entity_id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "executable": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "exit_code": {
+                  "type": "long"
+                },
+                "hash": {
+                  "properties": {
+                    "md5": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "sha1": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "sha256": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "sha512": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "pe": {
+                  "properties": {
+                    "architecture": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "company": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "description": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "file_version": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "imphash": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "original_file_name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "product": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "pgid": {
+                  "type": "long"
+                },
+                "pid": {
+                  "type": "long"
+                },
+                "ppid": {
+                  "type": "long"
+                },
+                "start": {
+                  "type": "date"
+                },
+                "thread": {
+                  "properties": {
+                    "id": {
+                      "type": "long"
+                    },
+                    "name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "title": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "uptime": {
+                  "type": "long"
+                },
+                "working_directory": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "pe": {
+              "properties": {
+                "architecture": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "company": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "description": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "file_version": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "imphash": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "original_file_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "product": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "pgid": {
+              "type": "long"
+            },
+            "pid": {
+              "type": "long"
+            },
+            "ppid": {
+              "type": "long"
+            },
+            "start": {
+              "type": "date"
+            },
+            "thread": {
+              "properties": {
+                "id": {
+                  "type": "long"
+                },
+                "name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "title": {
+              "fields": {
+                "text": {
+                  "norms": false,
+                  "type": "text"
+                }
+              },
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "uptime": {
+              "type": "long"
+            },
+            "working_directory": {
+              "fields": {
+                "text": {
+                  "norms": false,
+                  "type": "text"
+                }
+              },
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/registry.json b/generated/elasticsearch/component/registry.json
new file mode 100644
index 000000000..fd43b911a
--- /dev/null
+++ b/generated/elasticsearch/component/registry.json
@@ -0,0 +1,44 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "registry": {
+          "properties": {
+            "data": {
+              "properties": {
+                "bytes": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "strings": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "type": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "hive": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "key": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "path": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "value": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/related.json b/generated/elasticsearch/component/related.json
new file mode 100644
index 000000000..0d5227f3c
--- /dev/null
+++ b/generated/elasticsearch/component/related.json
@@ -0,0 +1,27 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "related": {
+          "properties": {
+            "hash": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "hosts": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "ip": {
+              "type": "ip"
+            },
+            "user": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/rule.json b/generated/elasticsearch/component/rule.json
new file mode 100644
index 000000000..43de55f11
--- /dev/null
+++ b/generated/elasticsearch/component/rule.json
@@ -0,0 +1,52 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "rule": {
+          "properties": {
+            "author": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "category": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "description": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "license": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "reference": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "ruleset": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "uuid": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "version": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/server.json b/generated/elasticsearch/component/server.json
new file mode 100644
index 000000000..9e4c219fd
--- /dev/null
+++ b/generated/elasticsearch/component/server.json
@@ -0,0 +1,174 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "server": {
+          "properties": {
+            "address": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "as": {
+              "properties": {
+                "number": {
+                  "type": "long"
+                },
+                "organization": {
+                  "properties": {
+                    "name": {
+                      "fields": {
+                        "text": {
+                          "norms": false,
+                          "type": "text"
+                        }
+                      },
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                }
+              }
+            },
+            "bytes": {
+              "type": "long"
+            },
+            "domain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "geo": {
+              "properties": {
+                "city_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "continent_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "country_iso_code": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "country_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "location": {
+                  "type": "geo_point"
+                },
+                "name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "region_iso_code": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "region_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "ip": {
+              "type": "ip"
+            },
+            "mac": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "nat": {
+              "properties": {
+                "ip": {
+                  "type": "ip"
+                },
+                "port": {
+                  "type": "long"
+                }
+              }
+            },
+            "packets": {
+              "type": "long"
+            },
+            "port": {
+              "type": "long"
+            },
+            "registered_domain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "subdomain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "top_level_domain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "user": {
+              "properties": {
+                "domain": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "email": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "group": {
+                  "properties": {
+                    "domain": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "id": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "hash": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "roles": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/service.json b/generated/elasticsearch/component/service.json
new file mode 100644
index 000000000..c36de8112
--- /dev/null
+++ b/generated/elasticsearch/component/service.json
@@ -0,0 +1,44 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "service": {
+          "properties": {
+            "ephemeral_id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "node": {
+              "properties": {
+                "name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "state": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "type": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "version": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/source.json b/generated/elasticsearch/component/source.json
new file mode 100644
index 000000000..9193ba6fd
--- /dev/null
+++ b/generated/elasticsearch/component/source.json
@@ -0,0 +1,174 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "source": {
+          "properties": {
+            "address": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "as": {
+              "properties": {
+                "number": {
+                  "type": "long"
+                },
+                "organization": {
+                  "properties": {
+                    "name": {
+                      "fields": {
+                        "text": {
+                          "norms": false,
+                          "type": "text"
+                        }
+                      },
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                }
+              }
+            },
+            "bytes": {
+              "type": "long"
+            },
+            "domain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "geo": {
+              "properties": {
+                "city_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "continent_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "country_iso_code": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "country_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "location": {
+                  "type": "geo_point"
+                },
+                "name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "region_iso_code": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "region_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "ip": {
+              "type": "ip"
+            },
+            "mac": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "nat": {
+              "properties": {
+                "ip": {
+                  "type": "ip"
+                },
+                "port": {
+                  "type": "long"
+                }
+              }
+            },
+            "packets": {
+              "type": "long"
+            },
+            "port": {
+              "type": "long"
+            },
+            "registered_domain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "subdomain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "top_level_domain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "user": {
+              "properties": {
+                "domain": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "email": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "group": {
+                  "properties": {
+                    "domain": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "id": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "hash": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "roles": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/threat.json b/generated/elasticsearch/component/threat.json
new file mode 100644
index 000000000..6d7662b03
--- /dev/null
+++ b/generated/elasticsearch/component/threat.json
@@ -0,0 +1,76 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "threat": {
+          "properties": {
+            "framework": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "tactic": {
+              "properties": {
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "reference": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "technique": {
+              "properties": {
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "reference": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "subtechnique": {
+                  "properties": {
+                    "id": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "name": {
+                      "fields": {
+                        "text": {
+                          "norms": false,
+                          "type": "text"
+                        }
+                      },
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "reference": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/tls.json b/generated/elasticsearch/component/tls.json
new file mode 100644
index 000000000..255ea45e1
--- /dev/null
+++ b/generated/elasticsearch/component/tls.json
@@ -0,0 +1,350 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "tls": {
+          "properties": {
+            "cipher": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "client": {
+              "properties": {
+                "certificate": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "certificate_chain": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "hash": {
+                  "properties": {
+                    "md5": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "sha1": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "sha256": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "issuer": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "ja3": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "not_after": {
+                  "type": "date"
+                },
+                "not_before": {
+                  "type": "date"
+                },
+                "server_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "subject": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "supported_ciphers": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "x509": {
+                  "properties": {
+                    "alternative_names": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "issuer": {
+                      "properties": {
+                        "common_name": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "country": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "distinguished_name": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "locality": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "organization": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "organizational_unit": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "state_or_province": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        }
+                      }
+                    },
+                    "not_after": {
+                      "type": "date"
+                    },
+                    "not_before": {
+                      "type": "date"
+                    },
+                    "public_key_algorithm": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "public_key_curve": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "public_key_exponent": {
+                      "doc_values": false,
+                      "index": false,
+                      "type": "long"
+                    },
+                    "public_key_size": {
+                      "type": "long"
+                    },
+                    "serial_number": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "signature_algorithm": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "subject": {
+                      "properties": {
+                        "common_name": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "country": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "distinguished_name": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "locality": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "organization": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "organizational_unit": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "state_or_province": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        }
+                      }
+                    },
+                    "version_number": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                }
+              }
+            },
+            "curve": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "established": {
+              "type": "boolean"
+            },
+            "next_protocol": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "resumed": {
+              "type": "boolean"
+            },
+            "server": {
+              "properties": {
+                "certificate": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "certificate_chain": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "hash": {
+                  "properties": {
+                    "md5": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "sha1": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "sha256": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "issuer": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "ja3s": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "not_after": {
+                  "type": "date"
+                },
+                "not_before": {
+                  "type": "date"
+                },
+                "subject": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "x509": {
+                  "properties": {
+                    "alternative_names": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "issuer": {
+                      "properties": {
+                        "common_name": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "country": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "distinguished_name": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "locality": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "organization": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "organizational_unit": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "state_or_province": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        }
+                      }
+                    },
+                    "not_after": {
+                      "type": "date"
+                    },
+                    "not_before": {
+                      "type": "date"
+                    },
+                    "public_key_algorithm": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "public_key_curve": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "public_key_exponent": {
+                      "doc_values": false,
+                      "index": false,
+                      "type": "long"
+                    },
+                    "public_key_size": {
+                      "type": "long"
+                    },
+                    "serial_number": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "signature_algorithm": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "subject": {
+                      "properties": {
+                        "common_name": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "country": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "distinguished_name": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "locality": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "organization": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "organizational_unit": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        },
+                        "state_or_province": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        }
+                      }
+                    },
+                    "version_number": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                }
+              }
+            },
+            "version": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "version_protocol": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/tracing.json b/generated/elasticsearch/component/tracing.json
new file mode 100644
index 000000000..9d9555d9f
--- /dev/null
+++ b/generated/elasticsearch/component/tracing.json
@@ -0,0 +1,32 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "span": {
+          "properties": {
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        },
+        "trace": {
+          "properties": {
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        },
+        "transaction": {
+          "properties": {
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/url.json b/generated/elasticsearch/component/url.json
new file mode 100644
index 000000000..e4dfeaf5b
--- /dev/null
+++ b/generated/elasticsearch/component/url.json
@@ -0,0 +1,79 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "url": {
+          "properties": {
+            "domain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "extension": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "fragment": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "full": {
+              "fields": {
+                "text": {
+                  "norms": false,
+                  "type": "text"
+                }
+              },
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "original": {
+              "fields": {
+                "text": {
+                  "norms": false,
+                  "type": "text"
+                }
+              },
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "password": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "path": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "port": {
+              "type": "long"
+            },
+            "query": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "registered_domain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "scheme": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "subdomain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "top_level_domain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "username": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/user.json b/generated/elasticsearch/component/user.json
new file mode 100644
index 000000000..60d82d698
--- /dev/null
+++ b/generated/elasticsearch/component/user.json
@@ -0,0 +1,68 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "user": {
+          "properties": {
+            "domain": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "email": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "full_name": {
+              "fields": {
+                "text": {
+                  "norms": false,
+                  "type": "text"
+                }
+              },
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "group": {
+              "properties": {
+                "domain": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "hash": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "name": {
+              "fields": {
+                "text": {
+                  "norms": false,
+                  "type": "text"
+                }
+              },
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "roles": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/user_agent.json b/generated/elasticsearch/component/user_agent.json
new file mode 100644
index 000000000..2a9f1e830
--- /dev/null
+++ b/generated/elasticsearch/component/user_agent.json
@@ -0,0 +1,82 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "user_agent": {
+          "properties": {
+            "device": {
+              "properties": {
+                "name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "original": {
+              "fields": {
+                "text": {
+                  "norms": false,
+                  "type": "text"
+                }
+              },
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "os": {
+              "properties": {
+                "family": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "full": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "kernel": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "platform": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "type": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "version": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "version": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/vlan.json b/generated/elasticsearch/component/vlan.json
new file mode 100644
index 000000000..3cddf5221
--- /dev/null
+++ b/generated/elasticsearch/component/vlan.json
@@ -0,0 +1,20 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "vlan": {
+          "properties": {
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/vulnerability.json b/generated/elasticsearch/component/vulnerability.json
new file mode 100644
index 000000000..a4e37d4b7
--- /dev/null
+++ b/generated/elasticsearch/component/vulnerability.json
@@ -0,0 +1,75 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "vulnerability": {
+          "properties": {
+            "category": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "classification": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "description": {
+              "fields": {
+                "text": {
+                  "norms": false,
+                  "type": "text"
+                }
+              },
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "enumeration": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "reference": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "report_id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "scanner": {
+              "properties": {
+                "vendor": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "score": {
+              "properties": {
+                "base": {
+                  "type": "float"
+                },
+                "environmental": {
+                  "type": "float"
+                },
+                "temporal": {
+                  "type": "float"
+                },
+                "version": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "severity": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/x509.json b/generated/elasticsearch/component/x509.json
new file mode 100644
index 000000000..874b47ffe
--- /dev/null
+++ b/generated/elasticsearch/component/x509.json
@@ -0,0 +1,114 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "x509": {
+          "properties": {
+            "alternative_names": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "issuer": {
+              "properties": {
+                "common_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "country": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "distinguished_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "locality": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "organization": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "organizational_unit": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "state_or_province": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "not_after": {
+              "type": "date"
+            },
+            "not_before": {
+              "type": "date"
+            },
+            "public_key_algorithm": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "public_key_curve": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "public_key_exponent": {
+              "doc_values": false,
+              "index": false,
+              "type": "long"
+            },
+            "public_key_size": {
+              "type": "long"
+            },
+            "serial_number": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "signature_algorithm": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "subject": {
+              "properties": {
+                "common_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "country": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "distinguished_name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "locality": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "organization": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "organizational_unit": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "state_or_province": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
+            "version_number": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/scripts/generator.py b/scripts/generator.py
index 4e9e4181b..47f94c4a8 100644
--- a/scripts/generator.py
+++ b/scripts/generator.py
@@ -56,7 +56,8 @@ def main():
         exit()
 
     csv_generator.generate(flat, ecs_version, out_dir)
-    es_template.generate(flat, ecs_version, out_dir, args.template_settings, args.mapping_settings)
+    es_template.generate(nested, ecs_version, out_dir, args.template_settings, args.mapping_settings)
+    es_template.generate_legacy(flat, ecs_version, out_dir, args.template_settings, args.mapping_settings)
     beats.generate(nested, ecs_version, out_dir)
     if args.include or args.subset:
         exit()
diff --git a/scripts/generators/es_template.py b/scripts/generators/es_template.py
index 724e92564..4bf8ddb47 100644
--- a/scripts/generators/es_template.py
+++ b/scripts/generators/es_template.py
@@ -7,12 +7,43 @@
 from generators import ecs_helpers
 
 
-def generate(ecs_flat, ecs_version, out_dir, template_settings_file, mapping_settings_file):
+### Composable Template
+
+def generate(ecs_nested, ecs_version, out_dir, template_settings_file, mapping_settings_file):
+    all_component_templates(ecs_nested, ecs_version, out_dir)
+
+# Main template
+
+# Component templates
+
+def all_component_templates(ecs_nested, ecs_version, out_dir):
+    component_dir = join(out_dir, 'elasticsearch/component')
+    ecs_helpers.make_dirs(component_dir)
+
+    for (fieldset_name, fieldset) in ecs_nested.items():
+        field_mappings = {}
+        for (flat_name, field) in fieldset['fields'].items():
+            name_parts = flat_name.split('.')
+            dict_add_nested(field_mappings, name_parts, entry_for(field))
+
+        component_template(fieldset_name, ecs_version, component_dir, field_mappings)
+
+
+def component_template(template_name, ecs_version, out_dir, field_mappings):
+    filename = join(out_dir, template_name) + ".json"
+
+    template = { 'template': { 'mappings': { 'properties': field_mappings }}}
+    save_json(filename, template)
+
+### Legacy template
+
+
+def generate_legacy(ecs_flat, ecs_version, out_dir, template_settings_file, mapping_settings_file):
     field_mappings = {}
     for flat_name in sorted(ecs_flat):
         field = ecs_flat[flat_name]
-        nestings = flat_name.split('.')
-        dict_add_nested(field_mappings, nestings, entry_for(field))
+        name_parts = flat_name.split('.')
+        dict_add_nested(field_mappings, name_parts, entry_for(field))
 
     if mapping_settings_file:
         with open(mapping_settings_file) as f:
@@ -25,19 +56,19 @@ def generate(ecs_flat, ecs_version, out_dir, template_settings_file, mapping_set
     generate_template_version(6, mappings_section, out_dir, template_settings_file)
     generate_template_version(7, mappings_section, out_dir, template_settings_file)
 
-# Field mappings
+### Field mappings
 
 
-def dict_add_nested(dct, nestings, value):
-    current_nesting = nestings[0]
-    rest_nestings = nestings[1:]
-    if len(rest_nestings) > 0:
+def dict_add_nested(dct, name_parts, value):
+    current_nesting = name_parts[0]
+    rest_name_parts = name_parts[1:]
+    if len(rest_name_parts) > 0:
         dct.setdefault(current_nesting, {})
         dct[current_nesting].setdefault('properties', {})
 
         dict_add_nested(
             dct[current_nesting]['properties'],
-            rest_nestings,
+            rest_name_parts,
             value)
 
     else:

From 9ca0276bc295ec1a9404c3407cd4ff2d584cea24 Mon Sep 17 00:00:00 2001
From: Mathieu Martin <mathieu.martin@elastic.co>
Date: Thu, 26 Nov 2020 10:22:37 -0500
Subject: [PATCH 04/27] Reorganize the code specific to each approach...

And also fix those unacceptable '###' comments :eyeroll:
---
 scripts/generators/es_template.py | 53 +++++++++++++++++--------------
 1 file changed, 29 insertions(+), 24 deletions(-)

diff --git a/scripts/generators/es_template.py b/scripts/generators/es_template.py
index 4bf8ddb47..d327f0a02 100644
--- a/scripts/generators/es_template.py
+++ b/scripts/generators/es_template.py
@@ -7,16 +7,19 @@
 from generators import ecs_helpers
 
 
-### Composable Template
+# Composable Template
 
 def generate(ecs_nested, ecs_version, out_dir, template_settings_file, mapping_settings_file):
+    """This generates all artifacts for the composable template approach"""
     all_component_templates(ecs_nested, ecs_version, out_dir)
 
-# Main template
 
-# Component templates
+def composable_template(ecs_version, out_dir, template_settings_file, mapping_settings_file):
+    """Generate the master sample composable template"""
+
 
 def all_component_templates(ecs_nested, ecs_version, out_dir):
+    """Generate one component template per field set"""
     component_dir = join(out_dir, 'elasticsearch/component')
     ecs_helpers.make_dirs(component_dir)
 
@@ -32,13 +35,14 @@ def all_component_templates(ecs_nested, ecs_version, out_dir):
 def component_template(template_name, ecs_version, out_dir, field_mappings):
     filename = join(out_dir, template_name) + ".json"
 
-    template = { 'template': { 'mappings': { 'properties': field_mappings }}}
+    template = {'template': {'mappings': {'properties': field_mappings}}}
     save_json(filename, template)
 
-### Legacy template
+# Legacy template
 
 
 def generate_legacy(ecs_flat, ecs_version, out_dir, template_settings_file, mapping_settings_file):
+    """Generate the legacy index template"""
     field_mappings = {}
     for flat_name in sorted(ecs_flat):
         field = ecs_flat[flat_name]
@@ -53,10 +57,27 @@ def generate_legacy(ecs_flat, ecs_version, out_dir, template_settings_file, mapp
 
     mappings_section['properties'] = field_mappings
 
-    generate_template_version(6, mappings_section, out_dir, template_settings_file)
-    generate_template_version(7, mappings_section, out_dir, template_settings_file)
+    generate_legacy_template_version(6, mappings_section, out_dir, template_settings_file)
+    generate_legacy_template_version(7, mappings_section, out_dir, template_settings_file)
+
+
+def generate_legacy_template_version(elasticsearch_version, mappings_section, out_dir, template_settings_file):
+    ecs_helpers.make_dirs(join(out_dir, 'elasticsearch', str(elasticsearch_version)))
+    if template_settings_file:
+        with open(template_settings_file) as f:
+            template = json.load(f)
+    else:
+        template = default_template_settings()
+    if elasticsearch_version == 6:
+        template['mappings'] = {'_doc': mappings_section}
+    else:
+        template['mappings'] = mappings_section
+
+    filename = join(out_dir, "elasticsearch/{}/template.json".format(elasticsearch_version))
+    save_json(filename, template)
+
 
-### Field mappings
+# Common helpers
 
 
 def dict_add_nested(dct, name_parts, value):
@@ -117,22 +138,6 @@ def entry_for(field):
 # Generated files
 
 
-def generate_template_version(elasticsearch_version, mappings_section, out_dir, template_settings_file):
-    ecs_helpers.make_dirs(join(out_dir, 'elasticsearch', str(elasticsearch_version)))
-    if template_settings_file:
-        with open(template_settings_file) as f:
-            template = json.load(f)
-    else:
-        template = default_template_settings()
-    if elasticsearch_version == 6:
-        template['mappings'] = {'_doc': mappings_section}
-    else:
-        template['mappings'] = mappings_section
-
-    filename = join(out_dir, "elasticsearch/{}/template.json".format(elasticsearch_version))
-    save_json(filename, template)
-
-
 def save_json(file, data):
     open_mode = "wb"
     if sys.version_info >= (3, 0):

From 8210eb71f139d0a2477f39254af35a4b090ecacd Mon Sep 17 00:00:00 2001
From: Mathieu Martin <mathieu.martin@elastic.co>
Date: Thu, 26 Nov 2020 10:39:07 -0500
Subject: [PATCH 05/27] Extract mapping_settings and template_settings to
 reusable functions

---
 scripts/generators/es_template.py | 52 +++++++++++++++++--------------
 1 file changed, 29 insertions(+), 23 deletions(-)

diff --git a/scripts/generators/es_template.py b/scripts/generators/es_template.py
index d327f0a02..9c5c37e33 100644
--- a/scripts/generators/es_template.py
+++ b/scripts/generators/es_template.py
@@ -18,6 +18,7 @@ def composable_template(ecs_version, out_dir, template_settings_file, mapping_se
     """Generate the master sample composable template"""
 
 
+
 def all_component_templates(ecs_nested, ecs_version, out_dir):
     """Generate one component template per field set"""
     component_dir = join(out_dir, 'elasticsearch/component')
@@ -49,31 +50,18 @@ def generate_legacy(ecs_flat, ecs_version, out_dir, template_settings_file, mapp
         name_parts = flat_name.split('.')
         dict_add_nested(field_mappings, name_parts, entry_for(field))
 
-    if mapping_settings_file:
-        with open(mapping_settings_file) as f:
-            mappings_section = json.load(f)
-    else:
-        mappings_section = default_mapping_settings(ecs_version)
-
+    mappings_section = mapping_settings(ecs_version, mapping_settings_file)
     mappings_section['properties'] = field_mappings
 
     generate_legacy_template_version(6, mappings_section, out_dir, template_settings_file)
     generate_legacy_template_version(7, mappings_section, out_dir, template_settings_file)
 
 
-def generate_legacy_template_version(elasticsearch_version, mappings_section, out_dir, template_settings_file):
-    ecs_helpers.make_dirs(join(out_dir, 'elasticsearch', str(elasticsearch_version)))
-    if template_settings_file:
-        with open(template_settings_file) as f:
-            template = json.load(f)
-    else:
-        template = default_template_settings()
-    if elasticsearch_version == 6:
-        template['mappings'] = {'_doc': mappings_section}
-    else:
-        template['mappings'] = mappings_section
+def generate_legacy_template_version(es_version, mappings_section, out_dir, template_settings_file):
+    ecs_helpers.make_dirs(join(out_dir, 'elasticsearch', str(es_version)))
+    template = template_settings(es_version, mappings_section, template_settings_file)
 
-    filename = join(out_dir, "elasticsearch/{}/template.json".format(elasticsearch_version))
+    filename = join(out_dir, "elasticsearch/{}/template.json".format(es_version))
     save_json(filename, template)
 
 
@@ -135,7 +123,27 @@ def entry_for(field):
         raise ex
     return field_entry
 
-# Generated files
+
+def mapping_settings(ecs_version, mapping_settings_file):
+    if mapping_settings_file:
+        with open(mapping_settings_file) as f:
+            mappings = json.load(f)
+    else:
+        mappings = default_mapping_settings(ecs_version)
+    return mappings
+
+
+def template_settings(es_version, mappings_section, template_settings_file):
+    if template_settings_file:
+        with open(template_settings_file) as f:
+            template = json.load(f)
+    else:
+        template = default_template_settings()
+    if es_version == 6:
+        template['mappings'] = {'_doc': mappings_section}
+    else:
+        template['mappings'] = mappings_section
+    return template
 
 
 def save_json(file, data):
@@ -159,8 +167,7 @@ def default_template_settings():
                 },
                 "refresh_interval": "5s"
             }
-        },
-        "mappings": {}
+        }
     }
 
 
@@ -178,6 +185,5 @@ def default_mapping_settings(ecs_version):
                     "match_mapping_type": "string"
                 }
             }
-        ],
-        "properties": {}
+        ]
     }

From 871b9c41327e2413413c189d6ca4f4994b8d0497 Mon Sep 17 00:00:00 2001
From: Mathieu Martin <mathieu.martin@elastic.co>
Date: Thu, 26 Nov 2020 11:23:29 -0500
Subject: [PATCH 06/27] Move the _meta version to the template level.

Why did I put this in the mappings o.O?
---
 .../generated/elasticsearch/7/template.json   |  6 ++---
 generated/elasticsearch/6/template.json       |  6 ++---
 generated/elasticsearch/7/template.json       |  6 ++---
 scripts/generators/es_template.py             | 24 +++++++++----------
 4 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/experimental/generated/elasticsearch/7/template.json b/experimental/generated/elasticsearch/7/template.json
index 0bfd44d08..acbeab62e 100644
--- a/experimental/generated/elasticsearch/7/template.json
+++ b/experimental/generated/elasticsearch/7/template.json
@@ -1,11 +1,11 @@
 {
+  "_meta": {
+    "version": "2.0.0-dev+exp"
+  },
   "index_patterns": [
     "try-ecs-*"
   ],
   "mappings": {
-    "_meta": {
-      "version": "2.0.0-dev+exp"
-    },
     "date_detection": false,
     "dynamic_templates": [
       {
diff --git a/generated/elasticsearch/6/template.json b/generated/elasticsearch/6/template.json
index c80ed9eab..82dda7b78 100644
--- a/generated/elasticsearch/6/template.json
+++ b/generated/elasticsearch/6/template.json
@@ -1,12 +1,12 @@
 {
+  "_meta": {
+    "version": "2.0.0-dev"
+  },
   "index_patterns": [
     "try-ecs-*"
   ],
   "mappings": {
     "_doc": {
-      "_meta": {
-        "version": "2.0.0-dev"
-      },
       "date_detection": false,
       "dynamic_templates": [
         {
diff --git a/generated/elasticsearch/7/template.json b/generated/elasticsearch/7/template.json
index 2065369a1..d0deb8d94 100644
--- a/generated/elasticsearch/7/template.json
+++ b/generated/elasticsearch/7/template.json
@@ -1,11 +1,11 @@
 {
+  "_meta": {
+    "version": "2.0.0-dev"
+  },
   "index_patterns": [
     "try-ecs-*"
   ],
   "mappings": {
-    "_meta": {
-      "version": "2.0.0-dev"
-    },
     "date_detection": false,
     "dynamic_templates": [
       {
diff --git a/scripts/generators/es_template.py b/scripts/generators/es_template.py
index 9c5c37e33..64c994b0f 100644
--- a/scripts/generators/es_template.py
+++ b/scripts/generators/es_template.py
@@ -50,16 +50,16 @@ def generate_legacy(ecs_flat, ecs_version, out_dir, template_settings_file, mapp
         name_parts = flat_name.split('.')
         dict_add_nested(field_mappings, name_parts, entry_for(field))
 
-    mappings_section = mapping_settings(ecs_version, mapping_settings_file)
+    mappings_section = mapping_settings(mapping_settings_file)
     mappings_section['properties'] = field_mappings
 
-    generate_legacy_template_version(6, mappings_section, out_dir, template_settings_file)
-    generate_legacy_template_version(7, mappings_section, out_dir, template_settings_file)
+    generate_legacy_template_version(6, ecs_version, mappings_section, out_dir, template_settings_file)
+    generate_legacy_template_version(7, ecs_version, mappings_section, out_dir, template_settings_file)
 
 
-def generate_legacy_template_version(es_version, mappings_section, out_dir, template_settings_file):
+def generate_legacy_template_version(es_version, ecs_version, mappings_section, out_dir, template_settings_file):
     ecs_helpers.make_dirs(join(out_dir, 'elasticsearch', str(es_version)))
-    template = template_settings(es_version, mappings_section, template_settings_file)
+    template = template_settings(es_version, ecs_version, mappings_section, template_settings_file)
 
     filename = join(out_dir, "elasticsearch/{}/template.json".format(es_version))
     save_json(filename, template)
@@ -124,21 +124,21 @@ def entry_for(field):
     return field_entry
 
 
-def mapping_settings(ecs_version, mapping_settings_file):
+def mapping_settings(mapping_settings_file):
     if mapping_settings_file:
         with open(mapping_settings_file) as f:
             mappings = json.load(f)
     else:
-        mappings = default_mapping_settings(ecs_version)
+        mappings = default_mapping_settings()
     return mappings
 
 
-def template_settings(es_version, mappings_section, template_settings_file):
+def template_settings(es_version, ecs_version, mappings_section, template_settings_file):
     if template_settings_file:
         with open(template_settings_file) as f:
             template = json.load(f)
     else:
-        template = default_template_settings()
+        template = default_template_settings(ecs_version)
     if es_version == 6:
         template['mappings'] = {'_doc': mappings_section}
     else:
@@ -154,9 +154,10 @@ def save_json(file, data):
         jsonfile.write(json.dumps(data, indent=2, sort_keys=True))
 
 
-def default_template_settings():
+def default_template_settings(ecs_version):
     return {
         "index_patterns": ["try-ecs-*"],
+        "_meta": {"version": ecs_version},
         "order": 1,
         "settings": {
             "index": {
@@ -171,9 +172,8 @@ def default_template_settings():
     }
 
 
-def default_mapping_settings(ecs_version):
+def default_mapping_settings():
     return {
-        "_meta": {"version": ecs_version},
         "date_detection": False,
         "dynamic_templates": [
             {

From 2e2c8a9632dbf6dd6256d3bc02b3c438c3d93ca0 Mon Sep 17 00:00:00 2001
From: Mathieu Martin <mathieu.martin@elastic.co>
Date: Thu, 26 Nov 2020 11:33:22 -0500
Subject: [PATCH 07/27] Generate sample composable template that doesn't pull
 in anything yet

---
 generated/elasticsearch/template.json | 34 +++++++++++++++++++++++++++
 scripts/generator.py                  |  2 +-
 scripts/generators/es_template.py     | 27 ++++++++++++++++++---
 3 files changed, 59 insertions(+), 4 deletions(-)
 create mode 100644 generated/elasticsearch/template.json

diff --git a/generated/elasticsearch/template.json b/generated/elasticsearch/template.json
new file mode 100644
index 000000000..59169ba75
--- /dev/null
+++ b/generated/elasticsearch/template.json
@@ -0,0 +1,34 @@
+{
+  "_meta": {
+    "description": "Sample composable template that includes all ECS fields",
+    "ecs_version": "2.0.0-dev"
+  },
+  "composed_of": [],
+  "index_patterns": [
+    "try-ecs-*"
+  ],
+  "mappings": {
+    "date_detection": false,
+    "dynamic_templates": [
+      {
+        "strings_as_keyword": {
+          "mapping": {
+            "ignore_above": 1024,
+            "type": "keyword"
+          },
+          "match_mapping_type": "string"
+        }
+      }
+    ]
+  },
+  "priority": 1,
+  "settings": {
+    "index": {
+      "mapping": {
+        "total_fields": {
+          "limit": 10000
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/scripts/generator.py b/scripts/generator.py
index 47f94c4a8..b6d55abb8 100644
--- a/scripts/generator.py
+++ b/scripts/generator.py
@@ -56,7 +56,7 @@ def main():
         exit()
 
     csv_generator.generate(flat, ecs_version, out_dir)
-    es_template.generate(nested, ecs_version, out_dir, args.template_settings, args.mapping_settings)
+    es_template.generate(nested, ecs_version, out_dir, args.mapping_settings)
     es_template.generate_legacy(flat, ecs_version, out_dir, args.template_settings, args.mapping_settings)
     beats.generate(nested, ecs_version, out_dir)
     if args.include or args.subset:
diff --git a/scripts/generators/es_template.py b/scripts/generators/es_template.py
index 64c994b0f..9763778dc 100644
--- a/scripts/generators/es_template.py
+++ b/scripts/generators/es_template.py
@@ -9,14 +9,35 @@
 
 # Composable Template
 
-def generate(ecs_nested, ecs_version, out_dir, template_settings_file, mapping_settings_file):
+def generate(ecs_nested, ecs_version, out_dir, mapping_settings_file):
     """This generates all artifacts for the composable template approach"""
     all_component_templates(ecs_nested, ecs_version, out_dir)
+    composable_template(ecs_version, out_dir, mapping_settings_file)
 
 
-def composable_template(ecs_version, out_dir, template_settings_file, mapping_settings_file):
+def composable_template(ecs_version, out_dir, mapping_settings_file):
     """Generate the master sample composable template"""
-
+    template = {
+        "index_patterns": ["try-ecs-*"],
+        "composed_of": [],
+        "priority": 1, # Very low, as this is a sample template
+        "_meta": {
+            "ecs_version": ecs_version,
+            "description": "Sample composable template that includes all ECS fields"
+        },
+        "settings": {
+            "index": {
+                "mapping": {
+                    "total_fields": {
+                        "limit": 10000
+                    }
+                }
+            }
+        },
+        "mappings": mapping_settings(mapping_settings_file)
+    }
+    filename = join(out_dir, "elasticsearch/template.json")
+    save_json(filename, template)
 
 
 def all_component_templates(ecs_nested, ecs_version, out_dir):

From cd5de713b11714938ffdfb1ea821e8462231fa3a Mon Sep 17 00:00:00 2001
From: Mathieu Martin <mathieu.martin@elastic.co>
Date: Thu, 26 Nov 2020 13:06:37 -0500
Subject: [PATCH 08/27] Fill in the component names the sample template is
 composed of

---
 generated/elasticsearch/template.json | 46 ++++++++++++++++++++++++++-
 scripts/generators/es_template.py     | 15 +++++++--
 2 files changed, 57 insertions(+), 4 deletions(-)

diff --git a/generated/elasticsearch/template.json b/generated/elasticsearch/template.json
index 59169ba75..0c9f97759 100644
--- a/generated/elasticsearch/template.json
+++ b/generated/elasticsearch/template.json
@@ -3,7 +3,51 @@
     "description": "Sample composable template that includes all ECS fields",
     "ecs_version": "2.0.0-dev"
   },
-  "composed_of": [],
+  "composed_of": [
+    "ecs_2.0.0-dev_agent",
+    "ecs_2.0.0-dev_as",
+    "ecs_2.0.0-dev_base",
+    "ecs_2.0.0-dev_client",
+    "ecs_2.0.0-dev_cloud",
+    "ecs_2.0.0-dev_code_signature",
+    "ecs_2.0.0-dev_container",
+    "ecs_2.0.0-dev_destination",
+    "ecs_2.0.0-dev_dll",
+    "ecs_2.0.0-dev_dns",
+    "ecs_2.0.0-dev_ecs",
+    "ecs_2.0.0-dev_error",
+    "ecs_2.0.0-dev_event",
+    "ecs_2.0.0-dev_file",
+    "ecs_2.0.0-dev_geo",
+    "ecs_2.0.0-dev_group",
+    "ecs_2.0.0-dev_hash",
+    "ecs_2.0.0-dev_host",
+    "ecs_2.0.0-dev_http",
+    "ecs_2.0.0-dev_interface",
+    "ecs_2.0.0-dev_log",
+    "ecs_2.0.0-dev_network",
+    "ecs_2.0.0-dev_observer",
+    "ecs_2.0.0-dev_organization",
+    "ecs_2.0.0-dev_os",
+    "ecs_2.0.0-dev_package",
+    "ecs_2.0.0-dev_pe",
+    "ecs_2.0.0-dev_process",
+    "ecs_2.0.0-dev_registry",
+    "ecs_2.0.0-dev_related",
+    "ecs_2.0.0-dev_rule",
+    "ecs_2.0.0-dev_server",
+    "ecs_2.0.0-dev_service",
+    "ecs_2.0.0-dev_source",
+    "ecs_2.0.0-dev_threat",
+    "ecs_2.0.0-dev_tls",
+    "ecs_2.0.0-dev_tracing",
+    "ecs_2.0.0-dev_url",
+    "ecs_2.0.0-dev_user",
+    "ecs_2.0.0-dev_user_agent",
+    "ecs_2.0.0-dev_vlan",
+    "ecs_2.0.0-dev_vulnerability",
+    "ecs_2.0.0-dev_x509"
+  ],
   "index_patterns": [
     "try-ecs-*"
   ],
diff --git a/scripts/generators/es_template.py b/scripts/generators/es_template.py
index 9763778dc..17b3d5c5b 100644
--- a/scripts/generators/es_template.py
+++ b/scripts/generators/es_template.py
@@ -12,14 +12,15 @@
 def generate(ecs_nested, ecs_version, out_dir, mapping_settings_file):
     """This generates all artifacts for the composable template approach"""
     all_component_templates(ecs_nested, ecs_version, out_dir)
-    composable_template(ecs_version, out_dir, mapping_settings_file)
+    component_names = component_name_convention(ecs_version, ecs_nested)
+    composable_template(ecs_version, component_names, out_dir, mapping_settings_file)
 
 
-def composable_template(ecs_version, out_dir, mapping_settings_file):
+def composable_template(ecs_version, component_names, out_dir, mapping_settings_file):
     """Generate the master sample composable template"""
     template = {
         "index_patterns": ["try-ecs-*"],
-        "composed_of": [],
+        "composed_of": component_names,
         "priority": 1, # Very low, as this is a sample template
         "_meta": {
             "ecs_version": ecs_version,
@@ -60,6 +61,14 @@ def component_template(template_name, ecs_version, out_dir, field_mappings):
     template = {'template': {'mappings': {'properties': field_mappings}}}
     save_json(filename, template)
 
+
+def component_name_convention(ecs_version, ecs_nested):
+    names = []
+    for (fieldset_name, fieldset) in ecs_nested.items():
+        names.append("ecs_{}_{}".format(ecs_version, fieldset_name))
+    return names
+
+
 # Legacy template
 
 

From 5f22b96790ca8fe531605f9d265b26dcc99deaa6 Mon Sep 17 00:00:00 2001
From: Mathieu Martin <mathieu.martin@elastic.co>
Date: Thu, 26 Nov 2020 13:16:41 -0500
Subject: [PATCH 09/27] Adjust the version for experimental artifacts

---
 .../generated/elasticsearch/template.json     | 78 +++++++++++++++++++
 scripts/generators/es_template.py             |  3 +-
 2 files changed, 80 insertions(+), 1 deletion(-)
 create mode 100644 experimental/generated/elasticsearch/template.json

diff --git a/experimental/generated/elasticsearch/template.json b/experimental/generated/elasticsearch/template.json
new file mode 100644
index 000000000..8eae35c44
--- /dev/null
+++ b/experimental/generated/elasticsearch/template.json
@@ -0,0 +1,78 @@
+{
+  "_meta": {
+    "description": "Sample composable template that includes all ECS fields",
+    "ecs_version": "2.0.0-dev+exp"
+  },
+  "composed_of": [
+    "ecs_2.0.0-dev-exp_agent",
+    "ecs_2.0.0-dev-exp_as",
+    "ecs_2.0.0-dev-exp_base",
+    "ecs_2.0.0-dev-exp_client",
+    "ecs_2.0.0-dev-exp_cloud",
+    "ecs_2.0.0-dev-exp_code_signature",
+    "ecs_2.0.0-dev-exp_container",
+    "ecs_2.0.0-dev-exp_destination",
+    "ecs_2.0.0-dev-exp_dll",
+    "ecs_2.0.0-dev-exp_dns",
+    "ecs_2.0.0-dev-exp_ecs",
+    "ecs_2.0.0-dev-exp_error",
+    "ecs_2.0.0-dev-exp_event",
+    "ecs_2.0.0-dev-exp_file",
+    "ecs_2.0.0-dev-exp_geo",
+    "ecs_2.0.0-dev-exp_group",
+    "ecs_2.0.0-dev-exp_hash",
+    "ecs_2.0.0-dev-exp_host",
+    "ecs_2.0.0-dev-exp_http",
+    "ecs_2.0.0-dev-exp_interface",
+    "ecs_2.0.0-dev-exp_log",
+    "ecs_2.0.0-dev-exp_network",
+    "ecs_2.0.0-dev-exp_observer",
+    "ecs_2.0.0-dev-exp_organization",
+    "ecs_2.0.0-dev-exp_os",
+    "ecs_2.0.0-dev-exp_package",
+    "ecs_2.0.0-dev-exp_pe",
+    "ecs_2.0.0-dev-exp_process",
+    "ecs_2.0.0-dev-exp_registry",
+    "ecs_2.0.0-dev-exp_related",
+    "ecs_2.0.0-dev-exp_rule",
+    "ecs_2.0.0-dev-exp_server",
+    "ecs_2.0.0-dev-exp_service",
+    "ecs_2.0.0-dev-exp_source",
+    "ecs_2.0.0-dev-exp_threat",
+    "ecs_2.0.0-dev-exp_tls",
+    "ecs_2.0.0-dev-exp_tracing",
+    "ecs_2.0.0-dev-exp_url",
+    "ecs_2.0.0-dev-exp_user",
+    "ecs_2.0.0-dev-exp_user_agent",
+    "ecs_2.0.0-dev-exp_vlan",
+    "ecs_2.0.0-dev-exp_vulnerability",
+    "ecs_2.0.0-dev-exp_x509"
+  ],
+  "index_patterns": [
+    "try-ecs-*"
+  ],
+  "mappings": {
+    "date_detection": false,
+    "dynamic_templates": [
+      {
+        "strings_as_keyword": {
+          "mapping": {
+            "ignore_above": 1024,
+            "type": "keyword"
+          },
+          "match_mapping_type": "string"
+        }
+      }
+    ]
+  },
+  "priority": 1,
+  "settings": {
+    "index": {
+      "mapping": {
+        "total_fields": {
+          "limit": 10000
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/scripts/generators/es_template.py b/scripts/generators/es_template.py
index 17b3d5c5b..c798e8ede 100644
--- a/scripts/generators/es_template.py
+++ b/scripts/generators/es_template.py
@@ -63,9 +63,10 @@ def component_template(template_name, ecs_version, out_dir, field_mappings):
 
 
 def component_name_convention(ecs_version, ecs_nested):
+    version = ecs_version.replace('+', '-')
     names = []
     for (fieldset_name, fieldset) in ecs_nested.items():
-        names.append("ecs_{}_{}".format(ecs_version, fieldset_name))
+        names.append("ecs_{}_{}".format(version, fieldset_name))
     return names
 
 

From 996fad9736750acc43044caef1db81176e655dcf Mon Sep 17 00:00:00 2001
From: Mathieu Martin <mathieu.martin@elastic.co>
Date: Thu, 26 Nov 2020 13:18:26 -0500
Subject: [PATCH 10/27] code format

---
 scripts/generators/es_template.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/generators/es_template.py b/scripts/generators/es_template.py
index c798e8ede..27a3ac452 100644
--- a/scripts/generators/es_template.py
+++ b/scripts/generators/es_template.py
@@ -21,7 +21,7 @@ def composable_template(ecs_version, component_names, out_dir, mapping_settings_
     template = {
         "index_patterns": ["try-ecs-*"],
         "composed_of": component_names,
-        "priority": 1, # Very low, as this is a sample template
+        "priority": 1,  # Very low, as this is a sample template
         "_meta": {
             "ecs_version": ecs_version,
             "description": "Sample composable template that includes all ECS fields"

From e58ad8a6c40ebd09aec75f5e3e411a9ed60b52fc Mon Sep 17 00:00:00 2001
From: Mathieu Martin <mathieu.martin@elastic.co>
Date: Thu, 26 Nov 2020 13:41:25 -0500
Subject: [PATCH 11/27] Drop that field limit

---
 scripts/generators/es_template.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/generators/es_template.py b/scripts/generators/es_template.py
index 27a3ac452..9d6e2defc 100644
--- a/scripts/generators/es_template.py
+++ b/scripts/generators/es_template.py
@@ -30,7 +30,7 @@ def composable_template(ecs_version, component_names, out_dir, mapping_settings_
             "index": {
                 "mapping": {
                     "total_fields": {
-                        "limit": 10000
+                        "limit": 2000
                     }
                 }
             }

From 44bac6c269077de4e825471f2eff5cd5673f103f Mon Sep 17 00:00:00 2001
From: Mathieu Martin <mathieu.martin@elastic.co>
Date: Thu, 26 Nov 2020 15:13:10 -0500
Subject: [PATCH 12/27] Fix nesting of the settings and mappings section in the
 composable template

---
 .../generated/elasticsearch/template.json     | 40 ++++++++++---------
 generated/elasticsearch/template.json         | 40 ++++++++++---------
 scripts/generators/es_template.py             | 18 +++++----
 3 files changed, 52 insertions(+), 46 deletions(-)

diff --git a/experimental/generated/elasticsearch/template.json b/experimental/generated/elasticsearch/template.json
index 8eae35c44..ba5614931 100644
--- a/experimental/generated/elasticsearch/template.json
+++ b/experimental/generated/elasticsearch/template.json
@@ -51,26 +51,28 @@
   "index_patterns": [
     "try-ecs-*"
   ],
-  "mappings": {
-    "date_detection": false,
-    "dynamic_templates": [
-      {
-        "strings_as_keyword": {
-          "mapping": {
-            "ignore_above": 1024,
-            "type": "keyword"
-          },
-          "match_mapping_type": "string"
-        }
-      }
-    ]
-  },
   "priority": 1,
-  "settings": {
-    "index": {
-      "mapping": {
-        "total_fields": {
-          "limit": 10000
+  "template": {
+    "mappings": {
+      "date_detection": false,
+      "dynamic_templates": [
+        {
+          "strings_as_keyword": {
+            "mapping": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "match_mapping_type": "string"
+          }
+        }
+      ]
+    },
+    "settings": {
+      "index": {
+        "mapping": {
+          "total_fields": {
+            "limit": 2000
+          }
         }
       }
     }
diff --git a/generated/elasticsearch/template.json b/generated/elasticsearch/template.json
index 0c9f97759..4c51d85b5 100644
--- a/generated/elasticsearch/template.json
+++ b/generated/elasticsearch/template.json
@@ -51,26 +51,28 @@
   "index_patterns": [
     "try-ecs-*"
   ],
-  "mappings": {
-    "date_detection": false,
-    "dynamic_templates": [
-      {
-        "strings_as_keyword": {
-          "mapping": {
-            "ignore_above": 1024,
-            "type": "keyword"
-          },
-          "match_mapping_type": "string"
-        }
-      }
-    ]
-  },
   "priority": 1,
-  "settings": {
-    "index": {
-      "mapping": {
-        "total_fields": {
-          "limit": 10000
+  "template": {
+    "mappings": {
+      "date_detection": false,
+      "dynamic_templates": [
+        {
+          "strings_as_keyword": {
+            "mapping": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "match_mapping_type": "string"
+          }
+        }
+      ]
+    },
+    "settings": {
+      "index": {
+        "mapping": {
+          "total_fields": {
+            "limit": 2000
+          }
         }
       }
     }
diff --git a/scripts/generators/es_template.py b/scripts/generators/es_template.py
index 9d6e2defc..4022e666e 100644
--- a/scripts/generators/es_template.py
+++ b/scripts/generators/es_template.py
@@ -26,16 +26,18 @@ def composable_template(ecs_version, component_names, out_dir, mapping_settings_
             "ecs_version": ecs_version,
             "description": "Sample composable template that includes all ECS fields"
         },
-        "settings": {
-            "index": {
-                "mapping": {
-                    "total_fields": {
-                        "limit": 2000
+        "template": {
+            "settings": {
+                "index": {
+                    "mapping": {
+                        "total_fields": {
+                            "limit": 2000
+                        }
                     }
                 }
-            }
-        },
-        "mappings": mapping_settings(mapping_settings_file)
+            },
+            "mappings": mapping_settings(mapping_settings_file)
+        }
     }
     filename = join(out_dir, "elasticsearch/template.json")
     save_json(filename, template)

From 64aff3f23e9bad35e5bcc476f269d5ac63ba1de7 Mon Sep 17 00:00:00 2001
From: Mathieu Martin <mathieu.martin@elastic.co>
Date: Thu, 26 Nov 2020 15:13:46 -0500
Subject: [PATCH 13/27] Bash instructions to load the component templates and
 optionally the composable template

---
 generated/elasticsearch/README.md | 87 +++++++++++++++++++++++++++++--
 1 file changed, 83 insertions(+), 4 deletions(-)

diff --git a/generated/elasticsearch/README.md b/generated/elasticsearch/README.md
index 40579d141..c74789f13 100644
--- a/generated/elasticsearch/README.md
+++ b/generated/elasticsearch/README.md
@@ -8,7 +8,7 @@ please check out [USAGE.md](../../USAGE.md).
 
 ## Notes on index naming
 
-This sample Elasticsearch template will apply to any index named `try-ecs-*`.
+These sample Elasticsearch templates will apply to any index named `try-ecs-*`.
 This is good for experimentation.
 
 Note that an index following ECS can be named however you need. There's no requirement
@@ -16,27 +16,106 @@ to have "ecs" in the index name.
 
 ## Instructions
 
+Elasticsearch 7.8 introduced
+[composable index templates](https://www.elastic.co/guide/en/elasticsearch/reference/current/index-templates.html)
+as the new default way to craft index templates.
+
+The following instructions let you use either approach.
+
+### Composable index templates
+
+Beta | These artifacts are newly introduced in the ECS repository. Please try them out and give us feedback if you encounter any issues.
+
+If you want to play with a specific version of ECS, check out the proper branch first.
+
+```
+git checkout 1.7
+```
+
+First load all component templates in Elasticsearch. The following script creates
+one reusable component template per ECS field set (one for "event" fields, one for "base" fields, etc.)
+
+They will be named according to the following naming convention: `_component_template/ecs_{ecs version}_{field set name}`.
+
+Authenticate your API calls appropriately by adjusting the username:password in this variable.
+
+```bash
+auth="elastic:elastic"
+```
+
+```bash
+version="$(cat version)"
+for file in `ls generated/elasticsearch/component/*.json`
+do
+  fieldset=`echo $file | cut -d/ -f4 | cut -d. -f1`
+  component_name="ecs_${version}_${fieldset}"
+  api="_component_template/${component_name}"
+
+  # echo "$file => $api"
+  curl --user "$auth" -XPUT "localhost:9200/$api" --header "Content-Type: application/json" -d @"$file"
+done
+```
+
+A component template for each ECS field set is now loaded. You could stop here and
+craft a composable template with the settings you need, that loads only the ECS
+fields your index needs via `composed_of`. You can look at [template.json](template.json) for an example.
+
+If you'd like to load this sample composable template for experimentation:
+
+```bash
+api="_index_template/try-ecs"
+file="generated/elasticsearch/template.json"
+curl --user "$auth" -XPUT "localhost:9200/$api" --header "Content-Type: application/json" -d @"$file"
+```
+
+#### Play from Kibana Dev Tools
+
+```
+# Look at the ECS component templates 👀
+GET _component_template/ecs_*
+# And if you created the sample index template
+GET _index_template/try-ecs
+
+# index a document
+PUT try-ecs-test
+GET try-ecs-test
+POST try-ecs-test/_doc
+{ "@timestamp": "2020-10-26T22:38:39.000Z", "message": "Hello ECS World", "host": { "ip": "10.42.42.42"} }
+
+# enjoy
+GET try-ecs-test/_search
+{ "query": { "term": { "host.ip": "10.0.0.0/8" } } }
+```
+
+### Legacy index templates
+
 If you want to play with a specific version of ECS, check out the proper branch first.
 
 ```
 git checkout 1.6
 ```
 
+Authenticate your API calls appropriately by adjusting the username:password in this variable.
+
+```bash
+auth="elastic:elastic"
+```
+
 Load the template in Elasticsearch from your shell.
 
 ```bash
 # Elasticsearch 7
-curl -XPOST 'localhost:9200/_template/try-ecs' \
+curl --user $"$auth" -XPOST 'localhost:9200/_template/try-ecs' \
   --header "Content-Type: application/json" \
   -d @'generated/elasticsearch/7/template.json'
 
 # or Elasticsearch 6
-curl -XPOST 'localhost:9200/_template/try-ecs' \
+curl --user $"$auth" -XPOST 'localhost:9200/_template/try-ecs' \
   --header "Content-Type: application/json" \
   -d @'generated/elasticsearch/6/template.json'
 ```
 
-Play from Kibana Dev Tools
+#### Play from Kibana Dev Tools
 
 ```
 # Look at the template you just uploaded 👀

From 6d34541d015169c5e5867d19273d8ee96c442bc4 Mon Sep 17 00:00:00 2001
From: Mathieu Martin <mathieu.martin@elastic.co>
Date: Thu, 26 Nov 2020 15:32:54 -0500
Subject: [PATCH 14/27] How to compose templates

---
 generated/elasticsearch/README.md | 46 +++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)

diff --git a/generated/elasticsearch/README.md b/generated/elasticsearch/README.md
index c74789f13..527801fae 100644
--- a/generated/elasticsearch/README.md
+++ b/generated/elasticsearch/README.md
@@ -87,6 +87,52 @@ GET try-ecs-test/_search
 { "query": { "term": { "host.ip": "10.0.0.0/8" } } }
 ```
 
+#### How to compose templates
+
+Most event sources should include the ECS basics:
+
+- base
+- ecs
+- event
+- log
+
+Most event sources should also include fields that capture "where it's happening",
+but depending on whether you use containers or the cloud, you may want to omit some in this list:
+
+- host (actually don't omit this one)
+- container
+- cloud
+
+Depending on whether the index contains events captured by an agent or an observer, include one or both of:
+
+- agent
+- observer
+
+Most of the other field sets will depend on which kind of documents will be in your index.
+
+If the documents refer to network-related events, you'll likely want to pick among:
+
+- client & server
+- source & destination
+- network
+- dns, http, tls
+
+If users are involved in the events:
+
+- user
+- group
+
+And so on.
+
+For a concrete example, an index containing your web server logs, should contain at least:
+
+- base, ecs, event, log
+- host, cloud and/or container as needed
+- agent
+- source, destination, client, server, network, http, tls
+- user
+- url, user\_agent
+
 ### Legacy index templates
 
 If you want to play with a specific version of ECS, check out the proper branch first.

From 49a56c0ca568eba25f37609825b731d7961787e0 Mon Sep 17 00:00:00 2001
From: Mathieu Martin <mathieu.martin@elastic.co>
Date: Thu, 26 Nov 2020 15:35:39 -0500
Subject: [PATCH 15/27] Adjust the newness warning

---
 generated/elasticsearch/README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/generated/elasticsearch/README.md b/generated/elasticsearch/README.md
index 527801fae..7bb21a43d 100644
--- a/generated/elasticsearch/README.md
+++ b/generated/elasticsearch/README.md
@@ -24,7 +24,8 @@ The following instructions let you use either approach.
 
 ### Composable index templates
 
-Beta | These artifacts are newly introduced in the ECS repository. Please try them out and give us feedback if you encounter any issues.
+**Warning**: The artifacts based on coposable templates are newly introduced in the ECS repository.
+Please try them out and give us feedback if you encounter any issues.
 
 If you want to play with a specific version of ECS, check out the proper branch first.
 

From 93720787bbb77041e3d3e989fae3463216dbe21e Mon Sep 17 00:00:00 2001
From: Mathieu Martin <mathieu.martin@elastic.co>
Date: Thu, 26 Nov 2020 15:41:40 -0500
Subject: [PATCH 16/27] Note: Available for ECS 1.7 or newer only

---
 generated/elasticsearch/README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/generated/elasticsearch/README.md b/generated/elasticsearch/README.md
index 7bb21a43d..d79b783cd 100644
--- a/generated/elasticsearch/README.md
+++ b/generated/elasticsearch/README.md
@@ -28,6 +28,7 @@ The following instructions let you use either approach.
 Please try them out and give us feedback if you encounter any issues.
 
 If you want to play with a specific version of ECS, check out the proper branch first.
+Note that the composable index templates are available in the ECS 1.7 branch or newer.
 
 ```
 git checkout 1.7

From ec3bf509139040d051f4cd04d4ce1eeedca60342 Mon Sep 17 00:00:00 2001
From: Mathieu Martin <mathieu.martin@elastic.co>
Date: Thu, 26 Nov 2020 15:56:22 -0500
Subject: [PATCH 17/27] Don't generate component templates for field sets only
 meant to nest elsewhere

---
 Makefile                                      |   2 +-
 .../generated/elasticsearch/component/as.json |  28 -----
 .../component/code_signature.json             |  29 -----
 .../elasticsearch/component/geo.json          |  42 -------
 .../elasticsearch/component/hash.json         |  28 -----
 .../elasticsearch/component/interface.json    |  24 ----
 .../generated/elasticsearch/component/os.json |  50 --------
 .../generated/elasticsearch/component/pe.json |  39 ------
 .../elasticsearch/component/vlan.json         |  20 ---
 .../elasticsearch/component/x509.json         | 112 -----------------
 .../generated/elasticsearch/template.json     |  11 +-
 generated/elasticsearch/component/as.json     |  29 -----
 .../component/code_signature.json             |  29 -----
 generated/elasticsearch/component/geo.json    |  43 -------
 generated/elasticsearch/component/hash.json   |  28 -----
 .../elasticsearch/component/interface.json    |  24 ----
 generated/elasticsearch/component/os.json     |  52 --------
 generated/elasticsearch/component/pe.json     |  40 ------
 generated/elasticsearch/component/vlan.json   |  20 ---
 generated/elasticsearch/component/x509.json   | 114 ------------------
 generated/elasticsearch/template.json         |  11 +-
 scripts/generators/es_template.py             |  23 +++-
 22 files changed, 20 insertions(+), 778 deletions(-)
 delete mode 100644 experimental/generated/elasticsearch/component/as.json
 delete mode 100644 experimental/generated/elasticsearch/component/code_signature.json
 delete mode 100644 experimental/generated/elasticsearch/component/geo.json
 delete mode 100644 experimental/generated/elasticsearch/component/hash.json
 delete mode 100644 experimental/generated/elasticsearch/component/interface.json
 delete mode 100644 experimental/generated/elasticsearch/component/os.json
 delete mode 100644 experimental/generated/elasticsearch/component/pe.json
 delete mode 100644 experimental/generated/elasticsearch/component/vlan.json
 delete mode 100644 experimental/generated/elasticsearch/component/x509.json
 delete mode 100644 generated/elasticsearch/component/as.json
 delete mode 100644 generated/elasticsearch/component/code_signature.json
 delete mode 100644 generated/elasticsearch/component/geo.json
 delete mode 100644 generated/elasticsearch/component/hash.json
 delete mode 100644 generated/elasticsearch/component/interface.json
 delete mode 100644 generated/elasticsearch/component/os.json
 delete mode 100644 generated/elasticsearch/component/pe.json
 delete mode 100644 generated/elasticsearch/component/vlan.json
 delete mode 100644 generated/elasticsearch/component/x509.json

diff --git a/Makefile b/Makefile
index 67ee219d8..327f64b49 100644
--- a/Makefile
+++ b/Makefile
@@ -34,7 +34,7 @@ check-license-headers:
 # Clean deletes all temporary and generated content.
 .PHONY: clean
 clean:
-	rm -rf build
+	rm -rf build generated/elasticsearch/component experimental/generated/elasticsearch/component
 	# Clean all markdown files for use-cases
 	find ./use-cases -type f -name '*.md' -not -name 'README.md' -print0 | xargs -0 rm --
 
diff --git a/experimental/generated/elasticsearch/component/as.json b/experimental/generated/elasticsearch/component/as.json
deleted file mode 100644
index 85b465e03..000000000
--- a/experimental/generated/elasticsearch/component/as.json
+++ /dev/null
@@ -1,28 +0,0 @@
-{
-  "template": {
-    "mappings": {
-      "properties": {
-        "as": {
-          "properties": {
-            "number": {
-              "type": "long"
-            },
-            "organization": {
-              "properties": {
-                "name": {
-                  "fields": {
-                    "text": {
-                      "norms": false,
-                      "type": "text"
-                    }
-                  },
-                  "type": "wildcard"
-                }
-              }
-            }
-          }
-        }
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/code_signature.json b/experimental/generated/elasticsearch/component/code_signature.json
deleted file mode 100644
index 66c183f3f..000000000
--- a/experimental/generated/elasticsearch/component/code_signature.json
+++ /dev/null
@@ -1,29 +0,0 @@
-{
-  "template": {
-    "mappings": {
-      "properties": {
-        "code_signature": {
-          "properties": {
-            "exists": {
-              "type": "boolean"
-            },
-            "status": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "subject_name": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "trusted": {
-              "type": "boolean"
-            },
-            "valid": {
-              "type": "boolean"
-            }
-          }
-        }
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/geo.json b/experimental/generated/elasticsearch/component/geo.json
deleted file mode 100644
index 81dc5defc..000000000
--- a/experimental/generated/elasticsearch/component/geo.json
+++ /dev/null
@@ -1,42 +0,0 @@
-{
-  "template": {
-    "mappings": {
-      "properties": {
-        "geo": {
-          "properties": {
-            "city_name": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "continent_name": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "country_iso_code": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "country_name": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "location": {
-              "type": "geo_point"
-            },
-            "name": {
-              "type": "wildcard"
-            },
-            "region_iso_code": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "region_name": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            }
-          }
-        }
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/hash.json b/experimental/generated/elasticsearch/component/hash.json
deleted file mode 100644
index d7776dcf1..000000000
--- a/experimental/generated/elasticsearch/component/hash.json
+++ /dev/null
@@ -1,28 +0,0 @@
-{
-  "template": {
-    "mappings": {
-      "properties": {
-        "hash": {
-          "properties": {
-            "md5": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "sha1": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "sha256": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "sha512": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            }
-          }
-        }
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/interface.json b/experimental/generated/elasticsearch/component/interface.json
deleted file mode 100644
index 67b95e8dc..000000000
--- a/experimental/generated/elasticsearch/component/interface.json
+++ /dev/null
@@ -1,24 +0,0 @@
-{
-  "template": {
-    "mappings": {
-      "properties": {
-        "interface": {
-          "properties": {
-            "alias": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "id": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "name": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            }
-          }
-        }
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/os.json b/experimental/generated/elasticsearch/component/os.json
deleted file mode 100644
index db3eca753..000000000
--- a/experimental/generated/elasticsearch/component/os.json
+++ /dev/null
@@ -1,50 +0,0 @@
-{
-  "template": {
-    "mappings": {
-      "properties": {
-        "os": {
-          "properties": {
-            "family": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "full": {
-              "fields": {
-                "text": {
-                  "norms": false,
-                  "type": "text"
-                }
-              },
-              "type": "wildcard"
-            },
-            "kernel": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "name": {
-              "fields": {
-                "text": {
-                  "norms": false,
-                  "type": "text"
-                }
-              },
-              "type": "wildcard"
-            },
-            "platform": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "type": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "version": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            }
-          }
-        }
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/pe.json b/experimental/generated/elasticsearch/component/pe.json
deleted file mode 100644
index b5ca655c9..000000000
--- a/experimental/generated/elasticsearch/component/pe.json
+++ /dev/null
@@ -1,39 +0,0 @@
-{
-  "template": {
-    "mappings": {
-      "properties": {
-        "pe": {
-          "properties": {
-            "architecture": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "company": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "description": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "file_version": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "imphash": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "original_file_name": {
-              "type": "wildcard"
-            },
-            "product": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            }
-          }
-        }
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/vlan.json b/experimental/generated/elasticsearch/component/vlan.json
deleted file mode 100644
index 3cddf5221..000000000
--- a/experimental/generated/elasticsearch/component/vlan.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  "template": {
-    "mappings": {
-      "properties": {
-        "vlan": {
-          "properties": {
-            "id": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "name": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            }
-          }
-        }
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/component/x509.json b/experimental/generated/elasticsearch/component/x509.json
deleted file mode 100644
index d6ea1c8df..000000000
--- a/experimental/generated/elasticsearch/component/x509.json
+++ /dev/null
@@ -1,112 +0,0 @@
-{
-  "template": {
-    "mappings": {
-      "properties": {
-        "x509": {
-          "properties": {
-            "alternative_names": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "issuer": {
-              "properties": {
-                "common_name": {
-                  "ignore_above": 1024,
-                  "type": "keyword"
-                },
-                "country": {
-                  "ignore_above": 1024,
-                  "type": "keyword"
-                },
-                "distinguished_name": {
-                  "type": "wildcard"
-                },
-                "locality": {
-                  "ignore_above": 1024,
-                  "type": "keyword"
-                },
-                "organization": {
-                  "ignore_above": 1024,
-                  "type": "keyword"
-                },
-                "organizational_unit": {
-                  "ignore_above": 1024,
-                  "type": "keyword"
-                },
-                "state_or_province": {
-                  "ignore_above": 1024,
-                  "type": "keyword"
-                }
-              }
-            },
-            "not_after": {
-              "type": "date"
-            },
-            "not_before": {
-              "type": "date"
-            },
-            "public_key_algorithm": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "public_key_curve": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "public_key_exponent": {
-              "doc_values": false,
-              "index": false,
-              "type": "long"
-            },
-            "public_key_size": {
-              "type": "long"
-            },
-            "serial_number": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "signature_algorithm": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "subject": {
-              "properties": {
-                "common_name": {
-                  "ignore_above": 1024,
-                  "type": "keyword"
-                },
-                "country": {
-                  "ignore_above": 1024,
-                  "type": "keyword"
-                },
-                "distinguished_name": {
-                  "type": "wildcard"
-                },
-                "locality": {
-                  "ignore_above": 1024,
-                  "type": "keyword"
-                },
-                "organization": {
-                  "ignore_above": 1024,
-                  "type": "keyword"
-                },
-                "organizational_unit": {
-                  "ignore_above": 1024,
-                  "type": "keyword"
-                },
-                "state_or_province": {
-                  "ignore_above": 1024,
-                  "type": "keyword"
-                }
-              }
-            },
-            "version_number": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            }
-          }
-        }
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/experimental/generated/elasticsearch/template.json b/experimental/generated/elasticsearch/template.json
index ba5614931..41ebc2ac3 100644
--- a/experimental/generated/elasticsearch/template.json
+++ b/experimental/generated/elasticsearch/template.json
@@ -5,11 +5,9 @@
   },
   "composed_of": [
     "ecs_2.0.0-dev-exp_agent",
-    "ecs_2.0.0-dev-exp_as",
     "ecs_2.0.0-dev-exp_base",
     "ecs_2.0.0-dev-exp_client",
     "ecs_2.0.0-dev-exp_cloud",
-    "ecs_2.0.0-dev-exp_code_signature",
     "ecs_2.0.0-dev-exp_container",
     "ecs_2.0.0-dev-exp_destination",
     "ecs_2.0.0-dev-exp_dll",
@@ -18,19 +16,14 @@
     "ecs_2.0.0-dev-exp_error",
     "ecs_2.0.0-dev-exp_event",
     "ecs_2.0.0-dev-exp_file",
-    "ecs_2.0.0-dev-exp_geo",
     "ecs_2.0.0-dev-exp_group",
-    "ecs_2.0.0-dev-exp_hash",
     "ecs_2.0.0-dev-exp_host",
     "ecs_2.0.0-dev-exp_http",
-    "ecs_2.0.0-dev-exp_interface",
     "ecs_2.0.0-dev-exp_log",
     "ecs_2.0.0-dev-exp_network",
     "ecs_2.0.0-dev-exp_observer",
     "ecs_2.0.0-dev-exp_organization",
-    "ecs_2.0.0-dev-exp_os",
     "ecs_2.0.0-dev-exp_package",
-    "ecs_2.0.0-dev-exp_pe",
     "ecs_2.0.0-dev-exp_process",
     "ecs_2.0.0-dev-exp_registry",
     "ecs_2.0.0-dev-exp_related",
@@ -44,9 +37,7 @@
     "ecs_2.0.0-dev-exp_url",
     "ecs_2.0.0-dev-exp_user",
     "ecs_2.0.0-dev-exp_user_agent",
-    "ecs_2.0.0-dev-exp_vlan",
-    "ecs_2.0.0-dev-exp_vulnerability",
-    "ecs_2.0.0-dev-exp_x509"
+    "ecs_2.0.0-dev-exp_vulnerability"
   ],
   "index_patterns": [
     "try-ecs-*"
diff --git a/generated/elasticsearch/component/as.json b/generated/elasticsearch/component/as.json
deleted file mode 100644
index 1f8f48b72..000000000
--- a/generated/elasticsearch/component/as.json
+++ /dev/null
@@ -1,29 +0,0 @@
-{
-  "template": {
-    "mappings": {
-      "properties": {
-        "as": {
-          "properties": {
-            "number": {
-              "type": "long"
-            },
-            "organization": {
-              "properties": {
-                "name": {
-                  "fields": {
-                    "text": {
-                      "norms": false,
-                      "type": "text"
-                    }
-                  },
-                  "ignore_above": 1024,
-                  "type": "keyword"
-                }
-              }
-            }
-          }
-        }
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/code_signature.json b/generated/elasticsearch/component/code_signature.json
deleted file mode 100644
index 66c183f3f..000000000
--- a/generated/elasticsearch/component/code_signature.json
+++ /dev/null
@@ -1,29 +0,0 @@
-{
-  "template": {
-    "mappings": {
-      "properties": {
-        "code_signature": {
-          "properties": {
-            "exists": {
-              "type": "boolean"
-            },
-            "status": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "subject_name": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "trusted": {
-              "type": "boolean"
-            },
-            "valid": {
-              "type": "boolean"
-            }
-          }
-        }
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/geo.json b/generated/elasticsearch/component/geo.json
deleted file mode 100644
index 55cdb3be3..000000000
--- a/generated/elasticsearch/component/geo.json
+++ /dev/null
@@ -1,43 +0,0 @@
-{
-  "template": {
-    "mappings": {
-      "properties": {
-        "geo": {
-          "properties": {
-            "city_name": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "continent_name": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "country_iso_code": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "country_name": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "location": {
-              "type": "geo_point"
-            },
-            "name": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "region_iso_code": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "region_name": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            }
-          }
-        }
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/hash.json b/generated/elasticsearch/component/hash.json
deleted file mode 100644
index d7776dcf1..000000000
--- a/generated/elasticsearch/component/hash.json
+++ /dev/null
@@ -1,28 +0,0 @@
-{
-  "template": {
-    "mappings": {
-      "properties": {
-        "hash": {
-          "properties": {
-            "md5": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "sha1": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "sha256": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "sha512": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            }
-          }
-        }
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/interface.json b/generated/elasticsearch/component/interface.json
deleted file mode 100644
index 67b95e8dc..000000000
--- a/generated/elasticsearch/component/interface.json
+++ /dev/null
@@ -1,24 +0,0 @@
-{
-  "template": {
-    "mappings": {
-      "properties": {
-        "interface": {
-          "properties": {
-            "alias": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "id": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "name": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            }
-          }
-        }
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/os.json b/generated/elasticsearch/component/os.json
deleted file mode 100644
index 4d23c2613..000000000
--- a/generated/elasticsearch/component/os.json
+++ /dev/null
@@ -1,52 +0,0 @@
-{
-  "template": {
-    "mappings": {
-      "properties": {
-        "os": {
-          "properties": {
-            "family": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "full": {
-              "fields": {
-                "text": {
-                  "norms": false,
-                  "type": "text"
-                }
-              },
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "kernel": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "name": {
-              "fields": {
-                "text": {
-                  "norms": false,
-                  "type": "text"
-                }
-              },
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "platform": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "type": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "version": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            }
-          }
-        }
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/pe.json b/generated/elasticsearch/component/pe.json
deleted file mode 100644
index bbdae948d..000000000
--- a/generated/elasticsearch/component/pe.json
+++ /dev/null
@@ -1,40 +0,0 @@
-{
-  "template": {
-    "mappings": {
-      "properties": {
-        "pe": {
-          "properties": {
-            "architecture": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "company": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "description": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "file_version": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "imphash": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "original_file_name": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "product": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            }
-          }
-        }
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/vlan.json b/generated/elasticsearch/component/vlan.json
deleted file mode 100644
index 3cddf5221..000000000
--- a/generated/elasticsearch/component/vlan.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  "template": {
-    "mappings": {
-      "properties": {
-        "vlan": {
-          "properties": {
-            "id": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "name": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            }
-          }
-        }
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/generated/elasticsearch/component/x509.json b/generated/elasticsearch/component/x509.json
deleted file mode 100644
index 874b47ffe..000000000
--- a/generated/elasticsearch/component/x509.json
+++ /dev/null
@@ -1,114 +0,0 @@
-{
-  "template": {
-    "mappings": {
-      "properties": {
-        "x509": {
-          "properties": {
-            "alternative_names": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "issuer": {
-              "properties": {
-                "common_name": {
-                  "ignore_above": 1024,
-                  "type": "keyword"
-                },
-                "country": {
-                  "ignore_above": 1024,
-                  "type": "keyword"
-                },
-                "distinguished_name": {
-                  "ignore_above": 1024,
-                  "type": "keyword"
-                },
-                "locality": {
-                  "ignore_above": 1024,
-                  "type": "keyword"
-                },
-                "organization": {
-                  "ignore_above": 1024,
-                  "type": "keyword"
-                },
-                "organizational_unit": {
-                  "ignore_above": 1024,
-                  "type": "keyword"
-                },
-                "state_or_province": {
-                  "ignore_above": 1024,
-                  "type": "keyword"
-                }
-              }
-            },
-            "not_after": {
-              "type": "date"
-            },
-            "not_before": {
-              "type": "date"
-            },
-            "public_key_algorithm": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "public_key_curve": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "public_key_exponent": {
-              "doc_values": false,
-              "index": false,
-              "type": "long"
-            },
-            "public_key_size": {
-              "type": "long"
-            },
-            "serial_number": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "signature_algorithm": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "subject": {
-              "properties": {
-                "common_name": {
-                  "ignore_above": 1024,
-                  "type": "keyword"
-                },
-                "country": {
-                  "ignore_above": 1024,
-                  "type": "keyword"
-                },
-                "distinguished_name": {
-                  "ignore_above": 1024,
-                  "type": "keyword"
-                },
-                "locality": {
-                  "ignore_above": 1024,
-                  "type": "keyword"
-                },
-                "organization": {
-                  "ignore_above": 1024,
-                  "type": "keyword"
-                },
-                "organizational_unit": {
-                  "ignore_above": 1024,
-                  "type": "keyword"
-                },
-                "state_or_province": {
-                  "ignore_above": 1024,
-                  "type": "keyword"
-                }
-              }
-            },
-            "version_number": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            }
-          }
-        }
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/generated/elasticsearch/template.json b/generated/elasticsearch/template.json
index 4c51d85b5..f8e8a919f 100644
--- a/generated/elasticsearch/template.json
+++ b/generated/elasticsearch/template.json
@@ -5,11 +5,9 @@
   },
   "composed_of": [
     "ecs_2.0.0-dev_agent",
-    "ecs_2.0.0-dev_as",
     "ecs_2.0.0-dev_base",
     "ecs_2.0.0-dev_client",
     "ecs_2.0.0-dev_cloud",
-    "ecs_2.0.0-dev_code_signature",
     "ecs_2.0.0-dev_container",
     "ecs_2.0.0-dev_destination",
     "ecs_2.0.0-dev_dll",
@@ -18,19 +16,14 @@
     "ecs_2.0.0-dev_error",
     "ecs_2.0.0-dev_event",
     "ecs_2.0.0-dev_file",
-    "ecs_2.0.0-dev_geo",
     "ecs_2.0.0-dev_group",
-    "ecs_2.0.0-dev_hash",
     "ecs_2.0.0-dev_host",
     "ecs_2.0.0-dev_http",
-    "ecs_2.0.0-dev_interface",
     "ecs_2.0.0-dev_log",
     "ecs_2.0.0-dev_network",
     "ecs_2.0.0-dev_observer",
     "ecs_2.0.0-dev_organization",
-    "ecs_2.0.0-dev_os",
     "ecs_2.0.0-dev_package",
-    "ecs_2.0.0-dev_pe",
     "ecs_2.0.0-dev_process",
     "ecs_2.0.0-dev_registry",
     "ecs_2.0.0-dev_related",
@@ -44,9 +37,7 @@
     "ecs_2.0.0-dev_url",
     "ecs_2.0.0-dev_user",
     "ecs_2.0.0-dev_user_agent",
-    "ecs_2.0.0-dev_vlan",
-    "ecs_2.0.0-dev_vulnerability",
-    "ecs_2.0.0-dev_x509"
+    "ecs_2.0.0-dev_vulnerability"
   ],
   "index_patterns": [
     "try-ecs-*"
diff --git a/scripts/generators/es_template.py b/scripts/generators/es_template.py
index 4022e666e..e3e218acc 100644
--- a/scripts/generators/es_template.py
+++ b/scripts/generators/es_template.py
@@ -13,10 +13,10 @@ def generate(ecs_nested, ecs_version, out_dir, mapping_settings_file):
     """This generates all artifacts for the composable template approach"""
     all_component_templates(ecs_nested, ecs_version, out_dir)
     component_names = component_name_convention(ecs_version, ecs_nested)
-    composable_template(ecs_version, component_names, out_dir, mapping_settings_file)
+    save_composable_template(ecs_version, component_names, out_dir, mapping_settings_file)
 
 
-def composable_template(ecs_version, component_names, out_dir, mapping_settings_file):
+def save_composable_template(ecs_version, component_names, out_dir, mapping_settings_file):
     """Generate the master sample composable template"""
     template = {
         "index_patterns": ["try-ecs-*"],
@@ -48,16 +48,16 @@ def all_component_templates(ecs_nested, ecs_version, out_dir):
     component_dir = join(out_dir, 'elasticsearch/component')
     ecs_helpers.make_dirs(component_dir)
 
-    for (fieldset_name, fieldset) in ecs_nested.items():
+    for (fieldset_name, fieldset) in candidate_components(ecs_nested).items():
         field_mappings = {}
         for (flat_name, field) in fieldset['fields'].items():
             name_parts = flat_name.split('.')
             dict_add_nested(field_mappings, name_parts, entry_for(field))
 
-        component_template(fieldset_name, ecs_version, component_dir, field_mappings)
+        save_component_template(fieldset_name, ecs_version, component_dir, field_mappings)
 
 
-def component_template(template_name, ecs_version, out_dir, field_mappings):
+def save_component_template(template_name, ecs_version, out_dir, field_mappings):
     filename = join(out_dir, template_name) + ".json"
 
     template = {'template': {'mappings': {'properties': field_mappings}}}
@@ -67,11 +67,22 @@ def component_template(template_name, ecs_version, out_dir, field_mappings):
 def component_name_convention(ecs_version, ecs_nested):
     version = ecs_version.replace('+', '-')
     names = []
-    for (fieldset_name, fieldset) in ecs_nested.items():
+    for (fieldset_name, fieldset) in candidate_components(ecs_nested).items():
         names.append("ecs_{}_{}".format(version, fieldset_name))
     return names
 
 
+def candidate_components(ecs_nested):
+    """Returns same structure as ecs_nested, but skips all field sets with reusable.top_level: False"""
+    components = {}
+    for (fieldset_name, fieldset) in ecs_nested.items():
+        if fieldset.get('reusable', None):
+            if not fieldset['reusable']['top_level']:
+                continue
+        components[fieldset_name] = fieldset
+    return components
+
+
 # Legacy template
 
 

From 0e1d75de15b14fc9f44927b1a3ef49627c5539d5 Mon Sep 17 00:00:00 2001
From: Mathieu Martin <mathieu.martin@elastic.co>
Date: Thu, 26 Nov 2020 16:17:01 -0500
Subject: [PATCH 18/27] Add reference URL to the component templates. This
 one's for @a03nikki

---
 .../generated/elasticsearch/component/agent.json         | 4 ++++
 experimental/generated/elasticsearch/component/base.json | 4 ++++
 .../generated/elasticsearch/component/client.json        | 4 ++++
 .../generated/elasticsearch/component/cloud.json         | 4 ++++
 .../generated/elasticsearch/component/container.json     | 4 ++++
 .../generated/elasticsearch/component/destination.json   | 4 ++++
 experimental/generated/elasticsearch/component/dll.json  | 4 ++++
 experimental/generated/elasticsearch/component/dns.json  | 4 ++++
 experimental/generated/elasticsearch/component/ecs.json  | 4 ++++
 .../generated/elasticsearch/component/error.json         | 4 ++++
 .../generated/elasticsearch/component/event.json         | 4 ++++
 experimental/generated/elasticsearch/component/file.json | 4 ++++
 .../generated/elasticsearch/component/group.json         | 4 ++++
 experimental/generated/elasticsearch/component/host.json | 4 ++++
 experimental/generated/elasticsearch/component/http.json | 4 ++++
 experimental/generated/elasticsearch/component/log.json  | 4 ++++
 .../generated/elasticsearch/component/network.json       | 4 ++++
 .../generated/elasticsearch/component/observer.json      | 4 ++++
 .../generated/elasticsearch/component/organization.json  | 4 ++++
 .../generated/elasticsearch/component/package.json       | 4 ++++
 .../generated/elasticsearch/component/process.json       | 4 ++++
 .../generated/elasticsearch/component/registry.json      | 4 ++++
 .../generated/elasticsearch/component/related.json       | 4 ++++
 experimental/generated/elasticsearch/component/rule.json | 4 ++++
 .../generated/elasticsearch/component/server.json        | 4 ++++
 .../generated/elasticsearch/component/service.json       | 4 ++++
 .../generated/elasticsearch/component/source.json        | 4 ++++
 .../generated/elasticsearch/component/threat.json        | 4 ++++
 experimental/generated/elasticsearch/component/tls.json  | 4 ++++
 .../generated/elasticsearch/component/tracing.json       | 4 ++++
 experimental/generated/elasticsearch/component/url.json  | 4 ++++
 experimental/generated/elasticsearch/component/user.json | 4 ++++
 .../generated/elasticsearch/component/user_agent.json    | 4 ++++
 .../generated/elasticsearch/component/vulnerability.json | 4 ++++
 generated/elasticsearch/component/agent.json             | 4 ++++
 generated/elasticsearch/component/base.json              | 4 ++++
 generated/elasticsearch/component/client.json            | 4 ++++
 generated/elasticsearch/component/cloud.json             | 4 ++++
 generated/elasticsearch/component/container.json         | 4 ++++
 generated/elasticsearch/component/destination.json       | 4 ++++
 generated/elasticsearch/component/dll.json               | 4 ++++
 generated/elasticsearch/component/dns.json               | 4 ++++
 generated/elasticsearch/component/ecs.json               | 4 ++++
 generated/elasticsearch/component/error.json             | 4 ++++
 generated/elasticsearch/component/event.json             | 4 ++++
 generated/elasticsearch/component/file.json              | 4 ++++
 generated/elasticsearch/component/group.json             | 4 ++++
 generated/elasticsearch/component/host.json              | 4 ++++
 generated/elasticsearch/component/http.json              | 4 ++++
 generated/elasticsearch/component/log.json               | 4 ++++
 generated/elasticsearch/component/network.json           | 4 ++++
 generated/elasticsearch/component/observer.json          | 4 ++++
 generated/elasticsearch/component/organization.json      | 4 ++++
 generated/elasticsearch/component/package.json           | 4 ++++
 generated/elasticsearch/component/process.json           | 4 ++++
 generated/elasticsearch/component/registry.json          | 4 ++++
 generated/elasticsearch/component/related.json           | 4 ++++
 generated/elasticsearch/component/rule.json              | 4 ++++
 generated/elasticsearch/component/server.json            | 4 ++++
 generated/elasticsearch/component/service.json           | 4 ++++
 generated/elasticsearch/component/source.json            | 4 ++++
 generated/elasticsearch/component/threat.json            | 4 ++++
 generated/elasticsearch/component/tls.json               | 4 ++++
 generated/elasticsearch/component/tracing.json           | 4 ++++
 generated/elasticsearch/component/url.json               | 4 ++++
 generated/elasticsearch/component/user.json              | 4 ++++
 generated/elasticsearch/component/user_agent.json        | 4 ++++
 generated/elasticsearch/component/vulnerability.json     | 4 ++++
 scripts/generators/es_template.py                        | 9 ++++++++-
 69 files changed, 280 insertions(+), 1 deletion(-)

diff --git a/experimental/generated/elasticsearch/component/agent.json b/experimental/generated/elasticsearch/component/agent.json
index 66fe0572a..6a3e69283 100644
--- a/experimental/generated/elasticsearch/component/agent.json
+++ b/experimental/generated/elasticsearch/component/agent.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-agent.html",
+    "ecs_version": "2.0.0-dev+exp"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/experimental/generated/elasticsearch/component/base.json b/experimental/generated/elasticsearch/component/base.json
index d1818f4fa..13714edaf 100644
--- a/experimental/generated/elasticsearch/component/base.json
+++ b/experimental/generated/elasticsearch/component/base.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-base.html",
+    "ecs_version": "2.0.0-dev+exp"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/experimental/generated/elasticsearch/component/client.json b/experimental/generated/elasticsearch/component/client.json
index 5e628839f..e3d5e454a 100644
--- a/experimental/generated/elasticsearch/component/client.json
+++ b/experimental/generated/elasticsearch/component/client.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-client.html",
+    "ecs_version": "2.0.0-dev+exp"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/experimental/generated/elasticsearch/component/cloud.json b/experimental/generated/elasticsearch/component/cloud.json
index feb7e24db..85554bc39 100644
--- a/experimental/generated/elasticsearch/component/cloud.json
+++ b/experimental/generated/elasticsearch/component/cloud.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-cloud.html",
+    "ecs_version": "2.0.0-dev+exp"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/experimental/generated/elasticsearch/component/container.json b/experimental/generated/elasticsearch/component/container.json
index c9db58055..a2acf36a8 100644
--- a/experimental/generated/elasticsearch/component/container.json
+++ b/experimental/generated/elasticsearch/component/container.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-container.html",
+    "ecs_version": "2.0.0-dev+exp"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/experimental/generated/elasticsearch/component/destination.json b/experimental/generated/elasticsearch/component/destination.json
index d6b0c73c1..ce1277f97 100644
--- a/experimental/generated/elasticsearch/component/destination.json
+++ b/experimental/generated/elasticsearch/component/destination.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-destination.html",
+    "ecs_version": "2.0.0-dev+exp"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/experimental/generated/elasticsearch/component/dll.json b/experimental/generated/elasticsearch/component/dll.json
index c42dd2ae0..22dfccff9 100644
--- a/experimental/generated/elasticsearch/component/dll.json
+++ b/experimental/generated/elasticsearch/component/dll.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-dll.html",
+    "ecs_version": "2.0.0-dev+exp"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/experimental/generated/elasticsearch/component/dns.json b/experimental/generated/elasticsearch/component/dns.json
index c40e9ff2a..60e9350d2 100644
--- a/experimental/generated/elasticsearch/component/dns.json
+++ b/experimental/generated/elasticsearch/component/dns.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-dns.html",
+    "ecs_version": "2.0.0-dev+exp"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/experimental/generated/elasticsearch/component/ecs.json b/experimental/generated/elasticsearch/component/ecs.json
index df4b5d56e..0fe13f6d9 100644
--- a/experimental/generated/elasticsearch/component/ecs.json
+++ b/experimental/generated/elasticsearch/component/ecs.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-ecs.html",
+    "ecs_version": "2.0.0-dev+exp"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/experimental/generated/elasticsearch/component/error.json b/experimental/generated/elasticsearch/component/error.json
index 672692077..b75a45a70 100644
--- a/experimental/generated/elasticsearch/component/error.json
+++ b/experimental/generated/elasticsearch/component/error.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-error.html",
+    "ecs_version": "2.0.0-dev+exp"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/experimental/generated/elasticsearch/component/event.json b/experimental/generated/elasticsearch/component/event.json
index a8a6eb1f5..e7ed82555 100644
--- a/experimental/generated/elasticsearch/component/event.json
+++ b/experimental/generated/elasticsearch/component/event.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-event.html",
+    "ecs_version": "2.0.0-dev+exp"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/experimental/generated/elasticsearch/component/file.json b/experimental/generated/elasticsearch/component/file.json
index 67890178e..a51b7b2a8 100644
--- a/experimental/generated/elasticsearch/component/file.json
+++ b/experimental/generated/elasticsearch/component/file.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-file.html",
+    "ecs_version": "2.0.0-dev+exp"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/experimental/generated/elasticsearch/component/group.json b/experimental/generated/elasticsearch/component/group.json
index 7500ad89c..4d5b21545 100644
--- a/experimental/generated/elasticsearch/component/group.json
+++ b/experimental/generated/elasticsearch/component/group.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-group.html",
+    "ecs_version": "2.0.0-dev+exp"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/experimental/generated/elasticsearch/component/host.json b/experimental/generated/elasticsearch/component/host.json
index c77aaf43e..bcead9fd7 100644
--- a/experimental/generated/elasticsearch/component/host.json
+++ b/experimental/generated/elasticsearch/component/host.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-host.html",
+    "ecs_version": "2.0.0-dev+exp"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/experimental/generated/elasticsearch/component/http.json b/experimental/generated/elasticsearch/component/http.json
index 78885efce..15b72d0d8 100644
--- a/experimental/generated/elasticsearch/component/http.json
+++ b/experimental/generated/elasticsearch/component/http.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-http.html",
+    "ecs_version": "2.0.0-dev+exp"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/experimental/generated/elasticsearch/component/log.json b/experimental/generated/elasticsearch/component/log.json
index 05477692c..7b191fdd8 100644
--- a/experimental/generated/elasticsearch/component/log.json
+++ b/experimental/generated/elasticsearch/component/log.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-log.html",
+    "ecs_version": "2.0.0-dev+exp"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/experimental/generated/elasticsearch/component/network.json b/experimental/generated/elasticsearch/component/network.json
index 74a7b796e..d93ecbdbc 100644
--- a/experimental/generated/elasticsearch/component/network.json
+++ b/experimental/generated/elasticsearch/component/network.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-network.html",
+    "ecs_version": "2.0.0-dev+exp"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/experimental/generated/elasticsearch/component/observer.json b/experimental/generated/elasticsearch/component/observer.json
index 3e58dabf8..8019c93dd 100644
--- a/experimental/generated/elasticsearch/component/observer.json
+++ b/experimental/generated/elasticsearch/component/observer.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-observer.html",
+    "ecs_version": "2.0.0-dev+exp"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/experimental/generated/elasticsearch/component/organization.json b/experimental/generated/elasticsearch/component/organization.json
index 32cf3ab4f..f8159fb08 100644
--- a/experimental/generated/elasticsearch/component/organization.json
+++ b/experimental/generated/elasticsearch/component/organization.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-organization.html",
+    "ecs_version": "2.0.0-dev+exp"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/experimental/generated/elasticsearch/component/package.json b/experimental/generated/elasticsearch/component/package.json
index bc7324b6b..4346eed62 100644
--- a/experimental/generated/elasticsearch/component/package.json
+++ b/experimental/generated/elasticsearch/component/package.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-package.html",
+    "ecs_version": "2.0.0-dev+exp"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/experimental/generated/elasticsearch/component/process.json b/experimental/generated/elasticsearch/component/process.json
index d87851392..747affbff 100644
--- a/experimental/generated/elasticsearch/component/process.json
+++ b/experimental/generated/elasticsearch/component/process.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-process.html",
+    "ecs_version": "2.0.0-dev+exp"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/experimental/generated/elasticsearch/component/registry.json b/experimental/generated/elasticsearch/component/registry.json
index 315490a95..bc2fbef93 100644
--- a/experimental/generated/elasticsearch/component/registry.json
+++ b/experimental/generated/elasticsearch/component/registry.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-registry.html",
+    "ecs_version": "2.0.0-dev+exp"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/experimental/generated/elasticsearch/component/related.json b/experimental/generated/elasticsearch/component/related.json
index 0d5227f3c..53efeb86a 100644
--- a/experimental/generated/elasticsearch/component/related.json
+++ b/experimental/generated/elasticsearch/component/related.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-related.html",
+    "ecs_version": "2.0.0-dev+exp"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/experimental/generated/elasticsearch/component/rule.json b/experimental/generated/elasticsearch/component/rule.json
index 43de55f11..7994dd391 100644
--- a/experimental/generated/elasticsearch/component/rule.json
+++ b/experimental/generated/elasticsearch/component/rule.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-rule.html",
+    "ecs_version": "2.0.0-dev+exp"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/experimental/generated/elasticsearch/component/server.json b/experimental/generated/elasticsearch/component/server.json
index fcdbaaa7a..ad7f2be73 100644
--- a/experimental/generated/elasticsearch/component/server.json
+++ b/experimental/generated/elasticsearch/component/server.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-server.html",
+    "ecs_version": "2.0.0-dev+exp"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/experimental/generated/elasticsearch/component/service.json b/experimental/generated/elasticsearch/component/service.json
index c36de8112..210633e03 100644
--- a/experimental/generated/elasticsearch/component/service.json
+++ b/experimental/generated/elasticsearch/component/service.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-service.html",
+    "ecs_version": "2.0.0-dev+exp"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/experimental/generated/elasticsearch/component/source.json b/experimental/generated/elasticsearch/component/source.json
index 9fb01d365..f0215a838 100644
--- a/experimental/generated/elasticsearch/component/source.json
+++ b/experimental/generated/elasticsearch/component/source.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-source.html",
+    "ecs_version": "2.0.0-dev+exp"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/experimental/generated/elasticsearch/component/threat.json b/experimental/generated/elasticsearch/component/threat.json
index 6d7662b03..9d7cd6d7f 100644
--- a/experimental/generated/elasticsearch/component/threat.json
+++ b/experimental/generated/elasticsearch/component/threat.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-threat.html",
+    "ecs_version": "2.0.0-dev+exp"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/experimental/generated/elasticsearch/component/tls.json b/experimental/generated/elasticsearch/component/tls.json
index b4d7d730d..af20141c8 100644
--- a/experimental/generated/elasticsearch/component/tls.json
+++ b/experimental/generated/elasticsearch/component/tls.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-tls.html",
+    "ecs_version": "2.0.0-dev+exp"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/experimental/generated/elasticsearch/component/tracing.json b/experimental/generated/elasticsearch/component/tracing.json
index 9d9555d9f..66f39688d 100644
--- a/experimental/generated/elasticsearch/component/tracing.json
+++ b/experimental/generated/elasticsearch/component/tracing.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-tracing.html",
+    "ecs_version": "2.0.0-dev+exp"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/experimental/generated/elasticsearch/component/url.json b/experimental/generated/elasticsearch/component/url.json
index 567c86f3e..a2005b45d 100644
--- a/experimental/generated/elasticsearch/component/url.json
+++ b/experimental/generated/elasticsearch/component/url.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-url.html",
+    "ecs_version": "2.0.0-dev+exp"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/experimental/generated/elasticsearch/component/user.json b/experimental/generated/elasticsearch/component/user.json
index ff5bbdac7..55eeb53d1 100644
--- a/experimental/generated/elasticsearch/component/user.json
+++ b/experimental/generated/elasticsearch/component/user.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-user.html",
+    "ecs_version": "2.0.0-dev+exp"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/experimental/generated/elasticsearch/component/user_agent.json b/experimental/generated/elasticsearch/component/user_agent.json
index 85613440b..a3c27f923 100644
--- a/experimental/generated/elasticsearch/component/user_agent.json
+++ b/experimental/generated/elasticsearch/component/user_agent.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-user_agent.html",
+    "ecs_version": "2.0.0-dev+exp"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/experimental/generated/elasticsearch/component/vulnerability.json b/experimental/generated/elasticsearch/component/vulnerability.json
index a4e37d4b7..ce4746933 100644
--- a/experimental/generated/elasticsearch/component/vulnerability.json
+++ b/experimental/generated/elasticsearch/component/vulnerability.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-vulnerability.html",
+    "ecs_version": "2.0.0-dev+exp"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/generated/elasticsearch/component/agent.json b/generated/elasticsearch/component/agent.json
index 78158bbe9..5c52341b3 100644
--- a/generated/elasticsearch/component/agent.json
+++ b/generated/elasticsearch/component/agent.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-agent.html",
+    "ecs_version": "2.0.0-dev"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/generated/elasticsearch/component/base.json b/generated/elasticsearch/component/base.json
index d1818f4fa..5c7819710 100644
--- a/generated/elasticsearch/component/base.json
+++ b/generated/elasticsearch/component/base.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-base.html",
+    "ecs_version": "2.0.0-dev"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/generated/elasticsearch/component/client.json b/generated/elasticsearch/component/client.json
index 75edcb94a..4986a862f 100644
--- a/generated/elasticsearch/component/client.json
+++ b/generated/elasticsearch/component/client.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-client.html",
+    "ecs_version": "2.0.0-dev"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/generated/elasticsearch/component/cloud.json b/generated/elasticsearch/component/cloud.json
index feb7e24db..aa8590425 100644
--- a/generated/elasticsearch/component/cloud.json
+++ b/generated/elasticsearch/component/cloud.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-cloud.html",
+    "ecs_version": "2.0.0-dev"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/generated/elasticsearch/component/container.json b/generated/elasticsearch/component/container.json
index c9db58055..c9e2adfbe 100644
--- a/generated/elasticsearch/component/container.json
+++ b/generated/elasticsearch/component/container.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-container.html",
+    "ecs_version": "2.0.0-dev"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/generated/elasticsearch/component/destination.json b/generated/elasticsearch/component/destination.json
index 31237474f..48beef4e7 100644
--- a/generated/elasticsearch/component/destination.json
+++ b/generated/elasticsearch/component/destination.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-destination.html",
+    "ecs_version": "2.0.0-dev"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/generated/elasticsearch/component/dll.json b/generated/elasticsearch/component/dll.json
index 9bbc77114..b13e8cbcb 100644
--- a/generated/elasticsearch/component/dll.json
+++ b/generated/elasticsearch/component/dll.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-dll.html",
+    "ecs_version": "2.0.0-dev"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/generated/elasticsearch/component/dns.json b/generated/elasticsearch/component/dns.json
index 1814577b1..0544bfe1e 100644
--- a/generated/elasticsearch/component/dns.json
+++ b/generated/elasticsearch/component/dns.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-dns.html",
+    "ecs_version": "2.0.0-dev"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/generated/elasticsearch/component/ecs.json b/generated/elasticsearch/component/ecs.json
index df4b5d56e..220db8c24 100644
--- a/generated/elasticsearch/component/ecs.json
+++ b/generated/elasticsearch/component/ecs.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-ecs.html",
+    "ecs_version": "2.0.0-dev"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/generated/elasticsearch/component/error.json b/generated/elasticsearch/component/error.json
index 0f2b5e12f..edf50187e 100644
--- a/generated/elasticsearch/component/error.json
+++ b/generated/elasticsearch/component/error.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-error.html",
+    "ecs_version": "2.0.0-dev"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/generated/elasticsearch/component/event.json b/generated/elasticsearch/component/event.json
index a8a6eb1f5..180c1117d 100644
--- a/generated/elasticsearch/component/event.json
+++ b/generated/elasticsearch/component/event.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-event.html",
+    "ecs_version": "2.0.0-dev"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/generated/elasticsearch/component/file.json b/generated/elasticsearch/component/file.json
index ca5a80a6c..9959b20f6 100644
--- a/generated/elasticsearch/component/file.json
+++ b/generated/elasticsearch/component/file.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-file.html",
+    "ecs_version": "2.0.0-dev"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/generated/elasticsearch/component/group.json b/generated/elasticsearch/component/group.json
index 7500ad89c..d707637a7 100644
--- a/generated/elasticsearch/component/group.json
+++ b/generated/elasticsearch/component/group.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-group.html",
+    "ecs_version": "2.0.0-dev"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/generated/elasticsearch/component/host.json b/generated/elasticsearch/component/host.json
index de7d5d653..c9be5fc22 100644
--- a/generated/elasticsearch/component/host.json
+++ b/generated/elasticsearch/component/host.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-host.html",
+    "ecs_version": "2.0.0-dev"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/generated/elasticsearch/component/http.json b/generated/elasticsearch/component/http.json
index 5a52dd9e9..0e9794b9e 100644
--- a/generated/elasticsearch/component/http.json
+++ b/generated/elasticsearch/component/http.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-http.html",
+    "ecs_version": "2.0.0-dev"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/generated/elasticsearch/component/log.json b/generated/elasticsearch/component/log.json
index fe0261dc1..adfb23877 100644
--- a/generated/elasticsearch/component/log.json
+++ b/generated/elasticsearch/component/log.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-log.html",
+    "ecs_version": "2.0.0-dev"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/generated/elasticsearch/component/network.json b/generated/elasticsearch/component/network.json
index 74a7b796e..43aadbde0 100644
--- a/generated/elasticsearch/component/network.json
+++ b/generated/elasticsearch/component/network.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-network.html",
+    "ecs_version": "2.0.0-dev"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/generated/elasticsearch/component/observer.json b/generated/elasticsearch/component/observer.json
index 8c5b98955..23f5042f7 100644
--- a/generated/elasticsearch/component/observer.json
+++ b/generated/elasticsearch/component/observer.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-observer.html",
+    "ecs_version": "2.0.0-dev"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/generated/elasticsearch/component/organization.json b/generated/elasticsearch/component/organization.json
index befa6f313..51e911c11 100644
--- a/generated/elasticsearch/component/organization.json
+++ b/generated/elasticsearch/component/organization.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-organization.html",
+    "ecs_version": "2.0.0-dev"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/generated/elasticsearch/component/package.json b/generated/elasticsearch/component/package.json
index bc7324b6b..a3b150557 100644
--- a/generated/elasticsearch/component/package.json
+++ b/generated/elasticsearch/component/package.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-package.html",
+    "ecs_version": "2.0.0-dev"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/generated/elasticsearch/component/process.json b/generated/elasticsearch/component/process.json
index 91b462048..389fa91f6 100644
--- a/generated/elasticsearch/component/process.json
+++ b/generated/elasticsearch/component/process.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-process.html",
+    "ecs_version": "2.0.0-dev"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/generated/elasticsearch/component/registry.json b/generated/elasticsearch/component/registry.json
index fd43b911a..599d017e8 100644
--- a/generated/elasticsearch/component/registry.json
+++ b/generated/elasticsearch/component/registry.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-registry.html",
+    "ecs_version": "2.0.0-dev"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/generated/elasticsearch/component/related.json b/generated/elasticsearch/component/related.json
index 0d5227f3c..1a2aac11a 100644
--- a/generated/elasticsearch/component/related.json
+++ b/generated/elasticsearch/component/related.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-related.html",
+    "ecs_version": "2.0.0-dev"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/generated/elasticsearch/component/rule.json b/generated/elasticsearch/component/rule.json
index 43de55f11..d4b26ced4 100644
--- a/generated/elasticsearch/component/rule.json
+++ b/generated/elasticsearch/component/rule.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-rule.html",
+    "ecs_version": "2.0.0-dev"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/generated/elasticsearch/component/server.json b/generated/elasticsearch/component/server.json
index 9e4c219fd..54a110e69 100644
--- a/generated/elasticsearch/component/server.json
+++ b/generated/elasticsearch/component/server.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-server.html",
+    "ecs_version": "2.0.0-dev"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/generated/elasticsearch/component/service.json b/generated/elasticsearch/component/service.json
index c36de8112..1d107d634 100644
--- a/generated/elasticsearch/component/service.json
+++ b/generated/elasticsearch/component/service.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-service.html",
+    "ecs_version": "2.0.0-dev"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/generated/elasticsearch/component/source.json b/generated/elasticsearch/component/source.json
index 9193ba6fd..79969ec8f 100644
--- a/generated/elasticsearch/component/source.json
+++ b/generated/elasticsearch/component/source.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-source.html",
+    "ecs_version": "2.0.0-dev"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/generated/elasticsearch/component/threat.json b/generated/elasticsearch/component/threat.json
index 6d7662b03..4f3a4a36c 100644
--- a/generated/elasticsearch/component/threat.json
+++ b/generated/elasticsearch/component/threat.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-threat.html",
+    "ecs_version": "2.0.0-dev"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/generated/elasticsearch/component/tls.json b/generated/elasticsearch/component/tls.json
index 255ea45e1..0ae903236 100644
--- a/generated/elasticsearch/component/tls.json
+++ b/generated/elasticsearch/component/tls.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-tls.html",
+    "ecs_version": "2.0.0-dev"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/generated/elasticsearch/component/tracing.json b/generated/elasticsearch/component/tracing.json
index 9d9555d9f..d994e194c 100644
--- a/generated/elasticsearch/component/tracing.json
+++ b/generated/elasticsearch/component/tracing.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-tracing.html",
+    "ecs_version": "2.0.0-dev"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/generated/elasticsearch/component/url.json b/generated/elasticsearch/component/url.json
index e4dfeaf5b..4aa0820ef 100644
--- a/generated/elasticsearch/component/url.json
+++ b/generated/elasticsearch/component/url.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-url.html",
+    "ecs_version": "2.0.0-dev"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/generated/elasticsearch/component/user.json b/generated/elasticsearch/component/user.json
index 60d82d698..ebcc64976 100644
--- a/generated/elasticsearch/component/user.json
+++ b/generated/elasticsearch/component/user.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-user.html",
+    "ecs_version": "2.0.0-dev"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/generated/elasticsearch/component/user_agent.json b/generated/elasticsearch/component/user_agent.json
index 2a9f1e830..84e2b6ef9 100644
--- a/generated/elasticsearch/component/user_agent.json
+++ b/generated/elasticsearch/component/user_agent.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-user_agent.html",
+    "ecs_version": "2.0.0-dev"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/generated/elasticsearch/component/vulnerability.json b/generated/elasticsearch/component/vulnerability.json
index a4e37d4b7..3820fb35e 100644
--- a/generated/elasticsearch/component/vulnerability.json
+++ b/generated/elasticsearch/component/vulnerability.json
@@ -1,4 +1,8 @@
 {
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-vulnerability.html",
+    "ecs_version": "2.0.0-dev"
+  },
   "template": {
     "mappings": {
       "properties": {
diff --git a/scripts/generators/es_template.py b/scripts/generators/es_template.py
index e3e218acc..58a4141f6 100644
--- a/scripts/generators/es_template.py
+++ b/scripts/generators/es_template.py
@@ -59,8 +59,15 @@ def all_component_templates(ecs_nested, ecs_version, out_dir):
 
 def save_component_template(template_name, ecs_version, out_dir, field_mappings):
     filename = join(out_dir, template_name) + ".json"
+    reference_url = "https://www.elastic.co/guide/en/ecs/current/ecs-{}.html".format(template_name)
 
-    template = {'template': {'mappings': {'properties': field_mappings}}}
+    template = {
+        'template': {'mappings': {'properties': field_mappings}},
+        '_meta': {
+            'ecs_version': ecs_version,
+            'documentation': reference_url
+        }
+    }
     save_json(filename, template)
 
 

From 5d37d9969872d3561d8461af43ba428efeb8acf1 Mon Sep 17 00:00:00 2001
From: Mathieu Martin <mathieu.martin@elastic.co>
Date: Thu, 26 Nov 2020 16:22:51 -0500
Subject: [PATCH 19/27] Changelog

---
 CHANGELOG.next.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md
index a6b982ad0..30af368e3 100644
--- a/CHANGELOG.next.md
+++ b/CHANGELOG.next.md
@@ -39,6 +39,7 @@ Thanks, you're awesome :-) -->
 * Added support in the generated Go source go for `wildcard`, `version`, and `constant_keyword` data types. #1050
 * Added support for marking fields, field sets, or field reuse as beta in the documentation. #1051
 * Added support for `constant_keyword`'s optional parameter `value`. #1112
+* Added component templates for ECS field sets. #1156
 
 #### Improvements
 

From 85a825c865f288a435a42005f764713ab37922b7 Mon Sep 17 00:00:00 2001
From: Mathieu Martin <mathieu.martin@elastic.co>
Date: Tue, 8 Dec 2020 12:59:13 -0500
Subject: [PATCH 20/27] Rebuild artifacts for newly merged host metrics &
 multi-user

---
 .../elasticsearch/component/host.json         |  50 +++++
 generated/elasticsearch/component/user.json   | 180 ++++++++++++++++++
 2 files changed, 230 insertions(+)

diff --git a/experimental/generated/elasticsearch/component/host.json b/experimental/generated/elasticsearch/component/host.json
index bcead9fd7..e5bf20b97 100644
--- a/experimental/generated/elasticsearch/component/host.json
+++ b/experimental/generated/elasticsearch/component/host.json
@@ -12,6 +12,32 @@
               "ignore_above": 1024,
               "type": "keyword"
             },
+            "cpu": {
+              "properties": {
+                "usage": {
+                  "scaling_factor": 1000,
+                  "type": "scaled_float"
+                }
+              }
+            },
+            "disk": {
+              "properties": {
+                "read": {
+                  "properties": {
+                    "bytes": {
+                      "type": "long"
+                    }
+                  }
+                },
+                "write": {
+                  "properties": {
+                    "bytes": {
+                      "type": "long"
+                    }
+                  }
+                }
+              }
+            },
             "domain": {
               "ignore_above": 1024,
               "type": "keyword"
@@ -68,6 +94,30 @@
               "ignore_above": 1024,
               "type": "keyword"
             },
+            "network": {
+              "properties": {
+                "egress": {
+                  "properties": {
+                    "bytes": {
+                      "type": "long"
+                    },
+                    "packets": {
+                      "type": "long"
+                    }
+                  }
+                },
+                "ingress": {
+                  "properties": {
+                    "bytes": {
+                      "type": "long"
+                    },
+                    "packets": {
+                      "type": "long"
+                    }
+                  }
+                }
+              }
+            },
             "os": {
               "properties": {
                 "family": {
diff --git a/generated/elasticsearch/component/user.json b/generated/elasticsearch/component/user.json
index ebcc64976..f07896297 100644
--- a/generated/elasticsearch/component/user.json
+++ b/generated/elasticsearch/component/user.json
@@ -8,10 +8,130 @@
       "properties": {
         "user": {
           "properties": {
+            "changes": {
+              "properties": {
+                "domain": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "email": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "group": {
+                  "properties": {
+                    "domain": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "id": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "hash": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "roles": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
             "domain": {
               "ignore_above": 1024,
               "type": "keyword"
             },
+            "effective": {
+              "properties": {
+                "domain": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "email": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "group": {
+                  "properties": {
+                    "domain": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "id": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "hash": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "roles": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
             "email": {
               "ignore_above": 1024,
               "type": "keyword"
@@ -63,6 +183,66 @@
             "roles": {
               "ignore_above": 1024,
               "type": "keyword"
+            },
+            "target": {
+              "properties": {
+                "domain": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "email": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "group": {
+                  "properties": {
+                    "domain": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "id": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    },
+                    "name": {
+                      "ignore_above": 1024,
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "hash": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "fields": {
+                    "text": {
+                      "norms": false,
+                      "type": "text"
+                    }
+                  },
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "roles": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
             }
           }
         }

From 4407565d2f10b97307bec18e910002fd3d8f6dc8 Mon Sep 17 00:00:00 2001
From: Mathieu Martin <webmat@gmail.com>
Date: Tue, 8 Dec 2020 10:37:36 -0500
Subject: [PATCH 21/27] Fix typo

Co-authored-by: Eric Beahan <ebeahan@gmail.com>
---
 generated/elasticsearch/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/generated/elasticsearch/README.md b/generated/elasticsearch/README.md
index d79b783cd..269c47fee 100644
--- a/generated/elasticsearch/README.md
+++ b/generated/elasticsearch/README.md
@@ -24,7 +24,7 @@ The following instructions let you use either approach.
 
 ### Composable index templates
 
-**Warning**: The artifacts based on coposable templates are newly introduced in the ECS repository.
+**Warning**: The artifacts based on composable templates are newly introduced in the ECS repository.
 Please try them out and give us feedback if you encounter any issues.
 
 If you want to play with a specific version of ECS, check out the proper branch first.

From 6f47df1ff8f4d7c87f55d4491ef2824135d0dd59 Mon Sep 17 00:00:00 2001
From: Mathieu Martin <mathieu.martin@elastic.co>
Date: Tue, 8 Dec 2020 14:31:54 -0500
Subject: [PATCH 22/27] Rewrite the pointer to the ES templates in
 generated/README

---
 generated/README.md | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/generated/README.md b/generated/README.md
index 3972963ba..646b1adb6 100644
--- a/generated/README.md
+++ b/generated/README.md
@@ -18,9 +18,11 @@ in a spreadsheet.
   default values are filled in, all fields being reused elsewhere are made explicit,
   additional attributes are computed.
 
-* `elasticsearch/{6,7}/template.json`: Sample Elasticsearch templates to get
-  started using ECS. Check out how to use them in
-  [generated/elasticsearch/README.md](elasticsearch).
+* `elasticsearch/`: Reference Elasticsearch component templates and a sample legacy
+  all-in-one template to get started using ECS. Check out how to use them in
+  [generated/elasticsearch/README.md](elasticsearch). Note that you can adjust
+  the fields included in these templates by following instructions in
+  [USAGE.md](/USAGE.md)
 
 If you'd like to share your own generator with the ECS community, you're welcome
 to look at our [contribution guidelines](/CONTRIBUTING.md), and then at the

From b0cd15a90ffd8cfdbff7e6701278c117f6c9a1cb Mon Sep 17 00:00:00 2001
From: Mathieu Martin <mathieu.martin@elastic.co>
Date: Tue, 8 Dec 2020 14:41:19 -0500
Subject: [PATCH 23/27] Rewrite bullet points:

- to start with a link instead of monospace file globs
- add a bit of context to some of the artifacts
---
 generated/README.md | 27 ++++++++++++++-------------
 1 file changed, 14 insertions(+), 13 deletions(-)

diff --git a/generated/README.md b/generated/README.md
index 646b1adb6..abe116832 100644
--- a/generated/README.md
+++ b/generated/README.md
@@ -4,25 +4,26 @@ Various kinds of files or programs can be generated directly based on ECS.
 
 In this directory, you'll find the following:
 
-* `beats/fields.ecs.yml`: The YAML field definition file used by Beats to import ECS in it's broader
-  field schema.
+* [beats/fields.ecs.yml](beats/fields.ecs.yml): The YAML field definition file
+  used by Beats to import ECS in it's broader field schema. This might be useful
+  to community Beats maintainers.
 
-* `csv/fields.csv`: A csv file you can use to import ECS field definitions
-in a spreadsheet.
+* [csv/fields.csv](csv/fields.csv): A csv file you can use to import ECS field
+  definitions in a spreadsheet. GitHub's csv rendering also lets you filter
+  the fields, too.
 
-* `ecs/*.yml`: These are the files you should use, if you need to consume ECS
-  programmatically. This repo's artifact generators all operate based off of one
-  of these two representations (documentation, csv, Elasticsearch
-  template, etc).
+* [ecs/\*.yml](ecs/*.yml): These are the files to use when you need to consume ECS
+  programmatically. The code generating the other ECS artifacts all operate on one
+  of these two representations (documentation, csv, Elasticsearch template, etc).
   The two files are the fully fleshed out representation of ECS:
   default values are filled in, all fields being reused elsewhere are made explicit,
   additional attributes are computed.
 
-* `elasticsearch/`: Reference Elasticsearch component templates and a sample legacy
-  all-in-one template to get started using ECS. Check out how to use them in
-  [generated/elasticsearch/README.md](elasticsearch). Note that you can adjust
-  the fields included in these templates by following instructions in
-  [USAGE.md](/USAGE.md)
+* [elasticsearch/](elasticsearch/): Reference Elasticsearch component templates
+  and a sample legacy all-in-one template to get started using ECS.
+  Check out how to use them in [elasticsearch/README.md](elasticsearch#readme).
+  Note that you can customize the content of these templates by following the
+  instructions in [USAGE.md](/USAGE.md)
 
 If you'd like to share your own generator with the ECS community, you're welcome
 to look at our [contribution guidelines](/CONTRIBUTING.md), and then at the

From 511413f63ac123c5686a3f4f07b482994583d194 Mon Sep 17 00:00:00 2001
From: Mathieu Martin <mathieu.martin@elastic.co>
Date: Tue, 8 Dec 2020 14:47:23 -0500
Subject: [PATCH 24/27] Adjust links a tad

---
 generated/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/generated/README.md b/generated/README.md
index abe116832..80c7e7d65 100644
--- a/generated/README.md
+++ b/generated/README.md
@@ -12,14 +12,14 @@ In this directory, you'll find the following:
   definitions in a spreadsheet. GitHub's csv rendering also lets you filter
   the fields, too.
 
-* [ecs/\*.yml](ecs/*.yml): These are the files to use when you need to consume ECS
+* [ecs/\*.yml](ecs/): These are the files to use when you need to consume ECS
   programmatically. The code generating the other ECS artifacts all operate on one
   of these two representations (documentation, csv, Elasticsearch template, etc).
   The two files are the fully fleshed out representation of ECS:
   default values are filled in, all fields being reused elsewhere are made explicit,
   additional attributes are computed.
 
-* [elasticsearch/](elasticsearch/): Reference Elasticsearch component templates
+* [elasticsearch/](elasticsearch#readme): Reference Elasticsearch component templates
   and a sample legacy all-in-one template to get started using ECS.
   Check out how to use them in [elasticsearch/README.md](elasticsearch#readme).
   Note that you can customize the content of these templates by following the

From 1297cd4716f0991ebed8bf8b8da1c15060981357 Mon Sep 17 00:00:00 2001
From: Mathieu Martin <mathieu.martin@elastic.co>
Date: Tue, 8 Dec 2020 14:48:59 -0500
Subject: [PATCH 25/27] =?UTF-8?q?Emphasis=20mine=20=E2=9B=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 generated/README.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/generated/README.md b/generated/README.md
index 80c7e7d65..6fe651efc 100644
--- a/generated/README.md
+++ b/generated/README.md
@@ -5,21 +5,21 @@ Various kinds of files or programs can be generated directly based on ECS.
 In this directory, you'll find the following:
 
 * [beats/fields.ecs.yml](beats/fields.ecs.yml): The YAML field definition file
-  used by Beats to import ECS in it's broader field schema. This might be useful
-  to community Beats maintainers.
+  used by **Beats to import ECS** in it's broader field schema. This might also
+  be useful to community Beats maintainers.
 
 * [csv/fields.csv](csv/fields.csv): A csv file you can use to import ECS field
-  definitions in a spreadsheet. GitHub's csv rendering also lets you filter
+  definitions in a **spreadsheet**. GitHub's csv rendering also lets you filter
   the fields, too.
 
-* [ecs/\*.yml](ecs/): These are the files to use when you need to consume ECS
-  programmatically. The code generating the other ECS artifacts all operate on one
+* [ecs/\*.yml](ecs/): These are the files to use when you need to **consume ECS
+  programmatically**. The code generating the other ECS artifacts all operate on one
   of these two representations (documentation, csv, Elasticsearch template, etc).
   The two files are the fully fleshed out representation of ECS:
   default values are filled in, all fields being reused elsewhere are made explicit,
   additional attributes are computed.
 
-* [elasticsearch/](elasticsearch#readme): Reference Elasticsearch component templates
+* [elasticsearch/](elasticsearch#readme): Reference Elasticsearch **component templates**
   and a sample legacy all-in-one template to get started using ECS.
   Check out how to use them in [elasticsearch/README.md](elasticsearch#readme).
   Note that you can customize the content of these templates by following the

From 41551a6ca202de9710d6e121ae3c04d93bd37777 Mon Sep 17 00:00:00 2001
From: Mathieu Martin <mathieu.martin@elastic.co>
Date: Tue, 8 Dec 2020 14:56:41 -0500
Subject: [PATCH 26/27] Better explain how to interpret the templates

- component = reference
- all-in-ones (legacy and composable) = sample templates
---
 generated/elasticsearch/README.md | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/generated/elasticsearch/README.md b/generated/elasticsearch/README.md
index 269c47fee..4ad26d45d 100644
--- a/generated/elasticsearch/README.md
+++ b/generated/elasticsearch/README.md
@@ -6,7 +6,14 @@ point for experimentation.
 When you're ready to customize this template to the precise needs of your use case,
 please check out [USAGE.md](../../USAGE.md).
 
-## Notes on index naming
+The component index templates described below should be considered reference templates for ECS.
+
+The composable template that brings them together, and the legacy all-in-one index
+template should be considered sample templates. Both of them include all ECS fields,
+which is great for experimentation, but is not actually recommended. The best practice
+is to craft your index templates to contain only the field you needs.
+
+## Index naming
 
 These sample Elasticsearch templates will apply to any index named `try-ecs-*`.
 This is good for experimentation.
@@ -22,7 +29,7 @@ as the new default way to craft index templates.
 
 The following instructions let you use either approach.
 
-### Composable index templates
+### Composable and component index templates
 
 **Warning**: The artifacts based on composable templates are newly introduced in the ECS repository.
 Please try them out and give us feedback if you encounter any issues.
@@ -59,10 +66,11 @@ done
 ```
 
 A component template for each ECS field set is now loaded. You could stop here and
-craft a composable template with the settings you need, that loads only the ECS
+craft a composable template with the settings you need, which loads only the ECS
 fields your index needs via `composed_of`. You can look at [template.json](template.json) for an example.
 
-If you'd like to load this sample composable template for experimentation:
+If you'd like, you can load a sample composable template that contains all ECS fields,
+for experimentation:
 
 ```bash
 api="_index_template/try-ecs"

From fa0fc7619ff1838455caca432bbe1db078e07f4f Mon Sep 17 00:00:00 2001
From: Mathieu Martin <mathieu.martin@elastic.co>
Date: Tue, 8 Dec 2020 15:59:09 -0500
Subject: [PATCH 27/27] Remove one of the two ways of saying 'also'

---
 generated/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/generated/README.md b/generated/README.md
index 6fe651efc..89b5f34a9 100644
--- a/generated/README.md
+++ b/generated/README.md
@@ -9,7 +9,7 @@ In this directory, you'll find the following:
   be useful to community Beats maintainers.
 
 * [csv/fields.csv](csv/fields.csv): A csv file you can use to import ECS field
-  definitions in a **spreadsheet**. GitHub's csv rendering also lets you filter
+  definitions in a **spreadsheet**. GitHub's csv rendering lets you filter
   the fields, too.
 
 * [ecs/\*.yml](ecs/): These are the files to use when you need to **consume ECS