Yes, mapping APIs support data streams and index patterns. However, the endpoint you are using to create mappings, /_plugins/_security_analytics/mappings, is specific to the OpenSearch Security Analytics plugin and may not work with data streams. Additionally, you should use the POST method instead of PUT.
Here’s an example of how you can create a mapping using the correct endpoint and method:
POST /_plugins/_security_analytics/mapping
{
"index_name": "ntd.hunt-dns",
"mappings": {
"properties": {
"dns-response-code": {
"type": "alias",
"path": "dns.response.code"
}
}
}
}
This endpoint supports datastreams, so you can use it with datastream names as well.