Fields

GET - /mapi/fields

Returns the (very long) list of fields known to Malcolm, comprised of data from Arkime’s fields table, the Malcolm OpenSearch template and the OpenSearch Dashboards index pattern API.

Example output:

{
    "fields": {
        "@timestamp": {
            "type": "date"
        },
…
        "zeek.x509.san_uri": {
            "description": "Subject Alternative Name URI",
            "type": "string"
        },
        "zeek.x509.san_uri.text": {
            "type": "string"
        }
    },
    "total": 2005
}