CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #15201 from Security-Onion-Solutions/reyesj2-patch-5

Browse Source 
update so-elasticsearch-retention-estimate
This commit is contained in:
Jorge Reyes
2025-11-06 08:18:38 -06:00
committed by GitHub
parent f859fe6517 1aa871ec94
commit 202b03b32b
1 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
salt/elasticsearch/tools/sbin/so-elasticsearch-retention-estimate
View File

@@ -41,13 +41,13 @@ create_temp_file() {
} }
log_title() { log_title() {
if [ $1 == "LOG" ]; then if [ "$1" == "LOG" ]; then
echo -e "\n${BOLD}================ $2 ================${NC}\n" echo -e "\n${BOLD}================ $2 ================${NC}\n"
elif [ $1 == "OK" ]; then elif [ "$1" == "OK" ]; then
echo -e "${GREEN} $2 ${NC}" echo -e "${GREEN} $2 ${NC}"
elif [ $1 == "WARN" ]; then elif [ "$1" == "WARN" ]; then
echo -e "${YELLOW} $2 ${NC}" echo -e "${YELLOW} $2 ${NC}"
elif [ $1 == "ERROR" ]; then elif [ "$1" == "ERROR" ]; then
echo -e "${RED} $2 ${NC}" echo -e "${RED} $2 ${NC}"
fi fi
} }
@@ -756,7 +756,7 @@ if [ "$should_trigger_recommendations" = true ]; then
ilm_output=$(so-elasticsearch-query "${index}/_ilm/explain" --fail 2>/dev/null) || true ilm_output=$(so-elasticsearch-query "${index}/_ilm/explain" --fail 2>/dev/null) || true
if [ -n "$ilm_output" ]; then if [ -n "$ilm_output" ]; then
policy=$(echo "$ilm_output" | jq -r ".indices.\"$index\".policy // empty" 2>/dev/null) policy=$(echo "$ilm_output" | jq --arg idx "$index" -r ".indices[$idx].policy // empty" 2>/dev/null)
fi fi
if [ -n "$policy" ] && [ -n "${policy_ages[$policy]:-}" ]; then if [ -n "$policy" ] && [ -n "${policy_ages[$policy]:-}" ]; then
delete_min_age=${policy_ages[$policy]} delete_min_age=${policy_ages[$policy]}
@@ -1134,8 +1134,9 @@ else
for i in "${!scheduled_indices_names[@]}"; do for i in "${!scheduled_indices_names[@]}"; do
sorted_indices+=("${scheduled_indices_days[$i]}|${scheduled_indices_names[$i]}|${scheduled_indices_sizes[$i]}") sorted_indices+=("${scheduled_indices_days[$i]}|${scheduled_indices_names[$i]}|${scheduled_indices_sizes[$i]}")
done done
OLD_IFS="$IFS"
IFS=$'\n' sorted_indices=($(sort -t'|' -k1 -n <<<"${sorted_indices[*]}")) IFS=$'\n' sorted_indices=($(sort -t'|' -k1 -n <<<"${sorted_indices[*]}"))
unset IFS IFS="$OLD_IFS"
for entry in "${sorted_indices[@]}"; do for entry in "${sorted_indices[@]}"; do
IFS='|' read -r days_until index_name size_bytes <<< "$entry" IFS='|' read -r days_until index_name size_bytes <<< "$entry"