PUT _template/microsoft.dns
{
  "index_patterns": ["microsoft.dns-*"],
  "version": 1,
  "order": 1,
  "settings": {
    "number_of_shards": 1, 
    "number_of_replicas": 1, 
    "index": {
      "refresh_interval": "5s",
      "lifecycle": {
        "name": "microsoft.dns",
          "rollover_alias": "microsoft.dns"
      }
    }
  }, 
  "mappings": {
    "numeric_detection": true,
    "properties": {
      "source": {
        "properties": {
         "ip": {
          "type": "ip"
          }
        }
      },
      "destination": {
        "properties": {
          "ip": {
            "type": "ip"
          }
        }
      },
      "dns": {
        "properties": {
          "resolved_ip": {
            "type": "ip"
          },
          "id": {
            "type": "keyword"
          }
        }
      },
      "related": {
        "properties": {
          "ip": {
            "type": "ip"
          }
        }
      }
    }
  }
}