From 05aa8b013aff434ec4109e8adbe71a5aa8eb1c8a Mon Sep 17 00:00:00 2001 From: Wes Date: Fri, 19 Jan 2024 22:02:39 +0000 Subject: [PATCH] Add additional integration to templates --- salt/elasticsearch/defaults.yaml | 440 +++++++++++++++++++++++++++++++ 1 file changed, 440 insertions(+) diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml index 45b4b7d94..e35cec326 100644 --- a/salt/elasticsearch/defaults.yaml +++ b/salt/elasticsearch/defaults.yaml @@ -2537,6 +2537,270 @@ elasticsearch: set_priority: priority: 50 min_age: 30d + so-logs-citrix_adc_x_interface: + index_sorting: False + index_template: + index_patterns: + - "logs-citrix_adc.interface-*" + template: + settings: + index: + lifecycle: + name: so-logs-citrix_adc.interface-logs + number_of_replicas: 0 + composed_of: + - "logs-citrix_adc.interface@package" + - "logs-citrix_adc.interface@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 30d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d + so-logs-citrix_adc_x_lbvserver: + index_sorting: False + index_template: + index_patterns: + - "logs-citrix_adc.lbvserver-*" + template: + settings: + index: + lifecycle: + name: so-logs-citrix_adc.lbvserver-logs + number_of_replicas: 0 + composed_of: + - "logs-citrix_adc.lbvserver@package" + - "logs-citrix_adc.lbvserver@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 30d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d + so-logs-citrix_adc_x_service: + index_sorting: False + index_template: + index_patterns: + - "logs-citrix_adc.service-*" + template: + settings: + index: + lifecycle: + name: so-logs-citrix_adc.service-logs + number_of_replicas: 0 + composed_of: + - "logs-citrix_adc.service@package" + - "logs-citrix_adc.service@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 30d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d + so-logs-citrix_adc_x_system: + index_sorting: False + index_template: + index_patterns: + - "logs-citrix_adc.system-*" + template: + settings: + index: + lifecycle: + name: so-logs-citrix_adc.system-logs + number_of_replicas: 0 + composed_of: + - "logs-citrix_adc.system@package" + - "logs-citrix_adc.system@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 30d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d + so-logs-citrix_adc_x_vpn: + index_sorting: False + index_template: + index_patterns: + - "logs-citrix_adc.vpn-*" + template: + settings: + index: + lifecycle: + name: so-logs-citrix_adc.vpn-logs + number_of_replicas: 0 + composed_of: + - "logs-citrix_adc.vpn@package" + - "logs-citrix_adc.vpn@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 30d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d + so-logs-citrix_waf_x_log: + index_sorting: False + index_template: + index_patterns: + - "logs-citrix_waf.log-*" + template: + settings: + index: + lifecycle: + name: so-logs-citrix_waf.log-logs + number_of_replicas: 0 + composed_of: + - "logs-citrix_waf.log@package" + - "logs-citrix_waf.log@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 30d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d so-logs-cloudflare_x_audit: index_sorting: false index_template: @@ -6659,6 +6923,138 @@ elasticsearch: set_priority: priority: 50 min_age: 30d + so-logs-nginx_x_access: + index_sorting: False + index_template: + index_patterns: + - "logs-nginx.access-*" + template: + settings: + index: + lifecycle: + name: so-logs-nginx.access-logs + number_of_replicas: 0 + composed_of: + - "logs-nginx.access@package" + - "logs-nginx.access@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 30d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d + so-logs-nginx_x_error: + index_sorting: False + index_template: + index_patterns: + - "logs-nginx.error-*" + template: + settings: + index: + lifecycle: + name: so-logs-nginx.error-logs + number_of_replicas: 0 + composed_of: + - "logs-nginx.error@package" + - "logs-nginx.error@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 30d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d + so-metrics-nginx_x_stubstatus: + index_sorting: False + index_template: + index_patterns: + - "metrics-nginx.stubstatus-*" + template: + settings: + index: + lifecycle: + name: so-metrics-nginx.stubstatus-logs + number_of_replicas: 0 + composed_of: + - "metrics-nginx.stubstatus@package" + - "metrics-nginx.stubstatus@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 30d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d so-logs-o365_x_audit: index_sorting: false index_template: @@ -8854,6 +9250,50 @@ elasticsearch: set_priority: priority: 50 min_age: 30d + so-logs-winlog_x_winlog: + index_sorting: False + index_template: + index_patterns: + - "logs-winlog.winlog-*" + template: + settings: + index: + lifecycle: + name: so-logs-winlog.winlog-logs + number_of_replicas: 0 + composed_of: + - "logs-winlog.winlog@package" + - "logs-winlog.winlog@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 30d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d so-logs-zscaler_zia_x_alerts: index_sorting: false index_template: