diff --git a/salt/elasticsearch/templates/index/so/so-aws-template.json.jinja b/salt/elasticsearch/templates/index/so/so-aws-template.json.jinja deleted file mode 100644 index 9751fb0f3..000000000 --- a/salt/elasticsearch/templates/index/so/so-aws-template.json.jinja +++ /dev/null @@ -1,105 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-aws:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-aws:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-aws:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-aws:field_limit', 3000) %} -{ - "index_patterns": [ - "so-aws*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "aws-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-azure-template.json.jinja b/salt/elasticsearch/templates/index/so/so-azure-template.json.jinja deleted file mode 100644 index f663e0b82..000000000 --- a/salt/elasticsearch/templates/index/so/so-azure-template.json.jinja +++ /dev/null @@ -1,105 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-azure:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-azure:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-azure:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-azure:field_limit', 3000) %} -{ - "index_patterns": [ - "so-azure*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "azure-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-barracuda-template.json.jinja b/salt/elasticsearch/templates/index/so/so-barracuda-template.json.jinja deleted file mode 100644 index bde70c190..000000000 --- a/salt/elasticsearch/templates/index/so/so-barracuda-template.json.jinja +++ /dev/null @@ -1,104 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-barracuda:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-barracuda:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-barracuda:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-barracuda:field_limit', 3000) %} -{ - "index_patterns": [ - "so-barracuda*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-beats-template.json.jinja b/salt/elasticsearch/templates/index/so/so-beats-template.json.jinja deleted file mode 100644 index 5f935d65b..000000000 --- a/salt/elasticsearch/templates/index/so/so-beats-template.json.jinja +++ /dev/null @@ -1,105 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-beats:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-beats:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-beats:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-beats:field_limit', 3000) %} -{ - "index_patterns": [ - "so-beats*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings", - "winlog-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-bluecoat-template.json.jinja b/salt/elasticsearch/templates/index/so/so-bluecoat-template.json.jinja deleted file mode 100644 index e0b69f24d..000000000 --- a/salt/elasticsearch/templates/index/so/so-bluecoat-template.json.jinja +++ /dev/null @@ -1,104 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-bluecoat:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-bluecoat:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-bluecoat:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-bluecoat:field_limit', 3000) %} -{ - "index_patterns": [ - "so-bluecoat*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-case-template.json.jinja b/salt/elasticsearch/templates/index/so/so-case-template.json.jinja deleted file mode 100644 index 3e526979d..000000000 --- a/salt/elasticsearch/templates/index/so/so-case-template.json.jinja +++ /dev/null @@ -1,53 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-case:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-case:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-case:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-case:field_limit', 2000) %} -{ - "index_patterns": [ - "so-case*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "case-mappings", - "case-settings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes Cases fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-cef-template.json.jinja b/salt/elasticsearch/templates/index/so/so-cef-template.json.jinja deleted file mode 100644 index 84e175a88..000000000 --- a/salt/elasticsearch/templates/index/so/so-cef-template.json.jinja +++ /dev/null @@ -1,105 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-cef:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-cef:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-cef:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-cef:field_limit', 3000) %} -{ - "index_patterns": [ - "so-cef*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "cef-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-checkpoint-template.json.jinja b/salt/elasticsearch/templates/index/so/so-checkpoint-template.json.jinja deleted file mode 100644 index ee76932d4..000000000 --- a/salt/elasticsearch/templates/index/so/so-checkpoint-template.json.jinja +++ /dev/null @@ -1,105 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-checkpoint:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-checkpoint:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-checkpoint:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-checkpoint:field_limit', 3000) %} -{ - "index_patterns": [ - "so-checkpoint*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "checkpoint-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-cisco-template.json.jinja b/salt/elasticsearch/templates/index/so/so-cisco-template.json.jinja deleted file mode 100644 index 6b8396815..000000000 --- a/salt/elasticsearch/templates/index/so/so-cisco-template.json.jinja +++ /dev/null @@ -1,106 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-cisco:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-cisco:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-cisco:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-cisco:field_limit', 3000) %} -{ - "index_templates": [ - { - "so-cisco*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "cisco-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-common-template.json.jinja b/salt/elasticsearch/templates/index/so/so-common-template.json.jinja deleted file mode 100644 index f549f6289..000000000 --- a/salt/elasticsearch/templates/index/so/so-common-template.json.jinja +++ /dev/null @@ -1,105 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-common:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-common:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-common:priority', 1) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-common:field_limit', 3000) %} -{ - "index_patterns": [ - "so-*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "sort.field": "@timestamp", - "sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "so-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-cyberark-template.json.jinja b/salt/elasticsearch/templates/index/so/so-cyberark-template.json.jinja deleted file mode 100644 index 6644f274b..000000000 --- a/salt/elasticsearch/templates/index/so/so-cyberark-template.json.jinja +++ /dev/null @@ -1,105 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-cyberark:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-cyberark:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-cyberark:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-cyberark:field_limit', 3000) %} -{ - "index_patterns": [ - "so-cyberark*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "cyberark-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-cylance-template.json.jinja b/salt/elasticsearch/templates/index/so/so-cylance-template.json.jinja deleted file mode 100644 index 910fea825..000000000 --- a/salt/elasticsearch/templates/index/so/so-cylance-template.json.jinja +++ /dev/null @@ -1,104 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-cylance:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-cylance:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-cylance:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-cylance:field_limit', 3000) %} -{ - "index_patterns": [ - "so-cylance*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-elasticsearch-template.json.jinja b/salt/elasticsearch/templates/index/so/so-elasticsearch-template.json.jinja deleted file mode 100644 index 62c9e1597..000000000 --- a/salt/elasticsearch/templates/index/so/so-elasticsearch-template.json.jinja +++ /dev/null @@ -1,105 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-elasticsearch:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-elasticsearch:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-elasticsearch:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-elasticsearch:field_limit', 3000) %} -{ - "index_patterns": [ - "so-elasticsearch*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "elasticsearch-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-endgame-template.json.jinja b/salt/elasticsearch/templates/index/so/so-endgame-template.json.jinja deleted file mode 100644 index 9de433b05..000000000 --- a/salt/elasticsearch/templates/index/so/so-endgame-template.json.jinja +++ /dev/null @@ -1,105 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-endgame:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-endgame:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-endgame:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-endgame:field_limit', 3000) %} -{ - "index_patterns": [ - "endgame*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "endgame-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-f5-template.json.jinja b/salt/elasticsearch/templates/index/so/so-f5-template.json.jinja deleted file mode 100644 index 6a558742f..000000000 --- a/salt/elasticsearch/templates/index/so/so-f5-template.json.jinja +++ /dev/null @@ -1,104 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-f5:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-f5:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-f5:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-f5:field_limit', 3000) %} -{ - "index_patterns": [ - "so-f5*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-firewall-template.json.jinja b/salt/elasticsearch/templates/index/so/so-firewall-template.json.jinja deleted file mode 100644 index cf489278e..000000000 --- a/salt/elasticsearch/templates/index/so/so-firewall-template.json.jinja +++ /dev/null @@ -1,104 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-firewall:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-firewall:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-firewall:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-firewall:field_limit', 3000) %} -{ - "index_patterns": [ - "so-firewall*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-flow-template.json.jinja b/salt/elasticsearch/templates/index/so/so-flow-template.json.jinja deleted file mode 100644 index 1fb892487..000000000 --- a/salt/elasticsearch/templates/index/so/so-flow-template.json.jinja +++ /dev/null @@ -1,104 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-flow:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-flow:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-flow:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-flow:field_limit', 3000) %} -{ - "index_patterns": [ - "so-flow*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-fortinet-template.json.jinja b/salt/elasticsearch/templates/index/so/so-fortinet-template.json.jinja deleted file mode 100644 index d04193d31..000000000 --- a/salt/elasticsearch/templates/index/so/so-fortinet-template.json.jinja +++ /dev/null @@ -1,105 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-fortinet:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-fortinet:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-fortinet:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-fortinet:field_limit', 3000) %} -{ - "index_patterns": [ - "so-fortinet*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "fortinet-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-gcp-template.json.jinja b/salt/elasticsearch/templates/index/so/so-gcp-template.json.jinja deleted file mode 100644 index 78a39f158..000000000 --- a/salt/elasticsearch/templates/index/so/so-gcp-template.json.jinja +++ /dev/null @@ -1,105 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-gcp:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-gcp:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-gcp:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-gcp:field_limit', 3000) %} -{ - "index_patterns": [ - "so-gcp*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "gcp-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-google_workspace-template.json.jinja b/salt/elasticsearch/templates/index/so/so-google_workspace-template.json.jinja deleted file mode 100644 index 1aa207d57..000000000 --- a/salt/elasticsearch/templates/index/so/so-google_workspace-template.json.jinja +++ /dev/null @@ -1,105 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-google_workspace:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-google_workspace:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-google_workspace:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-google_workspace:field_limit', 3000) %} -{ - "index_patterns": [ - "so-google_workspace*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "google_workspace-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-ids-template.json.jinja b/salt/elasticsearch/templates/index/so/so-ids-template.json.jinja deleted file mode 100644 index 400567e3e..000000000 --- a/salt/elasticsearch/templates/index/so/so-ids-template.json.jinja +++ /dev/null @@ -1,105 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-ids:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-ids:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-ids:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-ids:field_limit', 3000) %} -{ - "index_patterns": [ - "so-ids*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "suricata-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-imperva-template.json.jinja b/salt/elasticsearch/templates/index/so/so-imperva-template.json.jinja deleted file mode 100644 index bdc399121..000000000 --- a/salt/elasticsearch/templates/index/so/so-imperva-template.json.jinja +++ /dev/null @@ -1,104 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-imperva:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-imperva:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-imperva:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-imperva:field_limit', 3000) %} -{ - "index_patterns": [ - "so-imperva*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-import-template.json.jinja b/salt/elasticsearch/templates/index/so/so-import-template.json.jinja deleted file mode 100644 index d449009c9..000000000 --- a/salt/elasticsearch/templates/index/so/so-import-template.json.jinja +++ /dev/null @@ -1,104 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-import:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-import:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-import:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-import:field_limit', 3000) %} -{ - "index_patterns": [ - "so-import*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-infoblox-template.json.jinja b/salt/elasticsearch/templates/index/so/so-infoblox-template.json.jinja deleted file mode 100644 index f8e070b25..000000000 --- a/salt/elasticsearch/templates/index/so/so-infoblox-template.json.jinja +++ /dev/null @@ -1,104 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-infoblox:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-infoblox:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-infoblox:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-infoblox:field_limit', 3000) %} -{ - "index_patterns": [ - "so-infoblox*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-juniper-template.json.jinja b/salt/elasticsearch/templates/index/so/so-juniper-template.json.jinja deleted file mode 100644 index a1aaa5cd0..000000000 --- a/salt/elasticsearch/templates/index/so/so-juniper-template.json.jinja +++ /dev/null @@ -1,105 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-juniper:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-juniper:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-juniper:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-juniper:field_limit', 3000) %} -{ - "index_patterns": [ - "so-juniper*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "juniper-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-kibana-template.json.jinja b/salt/elasticsearch/templates/index/so/so-kibana-template.json.jinja deleted file mode 100644 index 670c934eb..000000000 --- a/salt/elasticsearch/templates/index/so/so-kibana-template.json.jinja +++ /dev/null @@ -1,105 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-kibana:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-kibana:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-kibana:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-kibana:field_limit', 3000) %} -{ - "index_patterns": [ - "so-kibana*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "kibana-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-logstash-template.json.jinja b/salt/elasticsearch/templates/index/so/so-logstash-template.json.jinja deleted file mode 100644 index b9744a01e..000000000 --- a/salt/elasticsearch/templates/index/so/so-logstash-template.json.jinja +++ /dev/null @@ -1,105 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-logstash:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-logstash:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-logstash:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-logstash:field_limit', 3000) %} -{ - "index_patterns": [ - "so-logstash*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "logstash-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-microsoft-template.json.jinja b/salt/elasticsearch/templates/index/so/so-microsoft-template.json.jinja deleted file mode 100644 index d0b7d2cbb..000000000 --- a/salt/elasticsearch/templates/index/so/so-microsoft-template.json.jinja +++ /dev/null @@ -1,105 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-microsoft:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-microsoft:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-microsoft:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-microsoft:field_limit', 3000) %} -{ - "index_patterns": [ - "so-microsoft*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "microsoft-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-misp-template.json.jinja b/salt/elasticsearch/templates/index/so/so-misp-template.json.jinja deleted file mode 100644 index 046ffa6e7..000000000 --- a/salt/elasticsearch/templates/index/so/so-misp-template.json.jinja +++ /dev/null @@ -1,105 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-misp:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-misp:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-misp:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-misp:field_limit', 3000) %} -{ - "index_patterns": [ - "so-misp*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "misp-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-netflow-template.json.jinja b/salt/elasticsearch/templates/index/so/so-netflow-template.json.jinja deleted file mode 100644 index e7d09abb7..000000000 --- a/salt/elasticsearch/templates/index/so/so-netflow-template.json.jinja +++ /dev/null @@ -1,105 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-netflow:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-netflow:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-netflow:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-netflow:field_limit', 3000) %} -{ - "index_patterns": [ - "so-netflow*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "netflow-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-netscout-template.json.jinja b/salt/elasticsearch/templates/index/so/so-netscout-template.json.jinja deleted file mode 100644 index 7670d5659..000000000 --- a/salt/elasticsearch/templates/index/so/so-netscout-template.json.jinja +++ /dev/null @@ -1,104 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-netscout:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-netscout:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-netscout:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-netscout:field_limit', 3000) %} -{ - "index_patterns": [ - "so-netscout*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-o365-template.json.jinja b/salt/elasticsearch/templates/index/so/so-o365-template.json.jinja deleted file mode 100644 index da688ea75..000000000 --- a/salt/elasticsearch/templates/index/so/so-o365-template.json.jinja +++ /dev/null @@ -1,105 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-o365:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-o365:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-o365:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-o365:field_limit', 3000) %} -{ - "index_patterns": [ - "so-o365*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "o365-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-okta-template.json.jinja b/salt/elasticsearch/templates/index/so/so-okta-template.json.jinja deleted file mode 100644 index 26488c4b2..000000000 --- a/salt/elasticsearch/templates/index/so/so-okta-template.json.jinja +++ /dev/null @@ -1,105 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-okta:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-okta:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-okta:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-okta:field_limit', 3000) %} -{ - "index_patterns": [ - "so-okta*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "okta-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-osquery-template.json.jinja b/salt/elasticsearch/templates/index/so/so-osquery-template.json.jinja deleted file mode 100644 index a7459abc3..000000000 --- a/salt/elasticsearch/templates/index/so/so-osquery-template.json.jinja +++ /dev/null @@ -1,105 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-osquery:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-osquery:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-osquery:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-osquery:field_limit', 3000) %} -{ - "index_patterns": [ - "so-osquery*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings", - "winlog-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-ossec-template.json.jinja b/salt/elasticsearch/templates/index/so/so-ossec-template.json.jinja deleted file mode 100644 index 3f78942c3..000000000 --- a/salt/elasticsearch/templates/index/so/so-ossec-template.json.jinja +++ /dev/null @@ -1,105 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-ossec:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-ossec:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-ossec:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-ossec:field_limit', 3000) %} -{ - "index_patterns": [ - "so-ossec*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings", - "winlog-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-proofpoint-template.json.jinja b/salt/elasticsearch/templates/index/so/so-proofpoint-template.json.jinja deleted file mode 100644 index a75ebc600..000000000 --- a/salt/elasticsearch/templates/index/so/so-proofpoint-template.json.jinja +++ /dev/null @@ -1,104 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-proofpoint:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-proofpoint:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-proofpoint:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-proofpoint:field_limit', 3000) %} -{ - "index_patterns": [ - "so-proofpoint*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-radware-template.json.jinja b/salt/elasticsearch/templates/index/so/so-radware-template.json.jinja deleted file mode 100644 index 19b7081e1..000000000 --- a/salt/elasticsearch/templates/index/so/so-radware-template.json.jinja +++ /dev/null @@ -1,104 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-radware:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-radware:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-radware:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-radware:field_limit', 3000) %} -{ - "index_patterns": [ - "so-radware*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-redis-template.json.jinja b/salt/elasticsearch/templates/index/so/so-redis-template.json.jinja deleted file mode 100644 index 8cf1a3777..000000000 --- a/salt/elasticsearch/templates/index/so/so-redis-template.json.jinja +++ /dev/null @@ -1,105 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-redis:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-redis:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-redis:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-redis:field_limit', 3000) %} -{ - "index_patterns": [ - "so-redis*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "redis-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-snort-template.json.jinja b/salt/elasticsearch/templates/index/so/so-snort-template.json.jinja deleted file mode 100644 index 63b2506f0..000000000 --- a/salt/elasticsearch/templates/index/so/so-snort-template.json.jinja +++ /dev/null @@ -1,104 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-snort:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-snort:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-snort:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-snort:field_limit', 3000) %} -{ - "index_patterns": [ - "so-snort*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-snyk-template.json.jinja b/salt/elasticsearch/templates/index/so/so-snyk-template.json.jinja deleted file mode 100644 index 42cff57ce..000000000 --- a/salt/elasticsearch/templates/index/so/so-snyk-template.json.jinja +++ /dev/null @@ -1,105 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-snyk:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-snyk:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-snyk:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-snyk:field_limit', 3000) %} -{ - "index_patterns": [ - "so-snyk*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "snyk-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-sonicwall-template.json.jinja b/salt/elasticsearch/templates/index/so/so-sonicwall-template.json.jinja deleted file mode 100644 index f2b9c558d..000000000 --- a/salt/elasticsearch/templates/index/so/so-sonicwall-template.json.jinja +++ /dev/null @@ -1,104 +0,0 @@ -i%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-sonicwall:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-sonicwall:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-sonicwall:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-sonicwall:field_limit', 3000) %} -{ - "index_patterns": [ - "so-sonicwall*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-sophos-template.json.jinja b/salt/elasticsearch/templates/index/so/so-sophos-template.json.jinja deleted file mode 100644 index c8c95f178..000000000 --- a/salt/elasticsearch/templates/index/so/so-sophos-template.json.jinja +++ /dev/null @@ -1,105 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-sophos:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-sophos:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-sophos:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-sophos:field_limit', 3000) %} -{ - "index_patterns": [ - "so-sophos*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "sophos-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-squid-template.json.jinja b/salt/elasticsearch/templates/index/so/so-squid-template.json.jinja deleted file mode 100644 index 3ec8fe067..000000000 --- a/salt/elasticsearch/templates/index/so/so-squid-template.json.jinja +++ /dev/null @@ -1,104 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-squid:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-squid:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-squid:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-squid:field_limit', 3000) %} -{ - "index_patterns": [ - "so-squid*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-strelka-template.json.jinja b/salt/elasticsearch/templates/index/so/so-strelka-template.json.jinja deleted file mode 100644 index 06783d3e8..000000000 --- a/salt/elasticsearch/templates/index/so/so-strelka-template.json.jinja +++ /dev/null @@ -1,105 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-strelka:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-strelka:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-strelka:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-strelka:field_limit', 3000) %} -{ - "index_patterns": [ - "so-strelka*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "so-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-syslog-template.json.jinja b/salt/elasticsearch/templates/index/so/so-syslog-template.json.jinja deleted file mode 100644 index 41215e262..000000000 --- a/salt/elasticsearch/templates/index/so/so-syslog-template.json.jinja +++ /dev/null @@ -1,105 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-syslog:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-syslog:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-syslog:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-syslog:field_limit', 3000) %} -{ - "index_patterns": [ - "so-syslog*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "syslog-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-tomcat-template.json.jinja b/salt/elasticsearch/templates/index/so/so-tomcat-template.json.jinja deleted file mode 100644 index af48c7540..000000000 --- a/salt/elasticsearch/templates/index/so/so-tomcat-template.json.jinja +++ /dev/null @@ -1,104 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-tomcat:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-tomcat:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-tomcat:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-tomcat:field_limit', 3000) %} -{ - "index_patterns": [ - "so-tomcat*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-zeek-template.json.jinja b/salt/elasticsearch/templates/index/so/so-zeek-template.json.jinja deleted file mode 100644 index 35f842a9c..000000000 --- a/salt/elasticsearch/templates/index/so/so-zeek-template.json.jinja +++ /dev/null @@ -1,105 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-zeek:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-zeek:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-zeek:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-zeek:field_limit', 3000) %} -{ - "index_patterns": [ - "so-zeek*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "zeek-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - } diff --git a/salt/elasticsearch/templates/index/so/so-zscaler-template.json.jinja b/salt/elasticsearch/templates/index/so/so-zscaler-template.json.jinja deleted file mode 100644 index abb475b6f..000000000 --- a/salt/elasticsearch/templates/index/so/so-zscaler-template.json.jinja +++ /dev/null @@ -1,104 +0,0 @@ -{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %} -{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} -{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-zscaler:shards', 1) %} -{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-zscaler:refresh', '30s') %} -{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-zscaler:priority', 500) %} -{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-zscaler:field_limit', 3000) %} -{ - "index_patterns": [ - "so-zscaler*" - ], - "template": { - "mappings": { - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - }, - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": {{ FIELD_LIMIT }} - } - }, - {%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", - {%- endif %} - "refresh_interval": "{{ REFRESH }}", - "number_of_shards": {{ SHARDS }}, - "number_of_replicas": {{ REPLICAS }} - } - } - }, - "composed_of": [ - "agent-mappings", - "dtc-agent-mappings", - "base-mappings", - "dtc-base-mappings", - "client-mappings", - "cloud-mappings", - "container-mappings", - "data_stream-mappings", - "destination-mappings", - "dll-mappings", - "dns-mappings", - "dtc-dns-mappings", - "ecs-mappings", - "dtc-ecs-mappings", - "error-mappings", - "event-mappings", - "dtc-event-mappings", - "file-mappings", - "dtc-file-mappings", - "group-mappings", - "host-mappings", - "dtc-host-mappings", - "http-mappings", - "dtc-http-mappings", - "log-mappings", - "network-mappings", - "dtc-network-mappings", - "observer-mappings", - "dtc-observer-mappings", - "orchestrator-mappings", - "organization-mappings", - "package-mappings", - "process-mappings", - "dtc-process-mappings", - "registry-mappings", - "related-mappings", - "rule-mappings", - "dtc-rule-mappings", - "server-mappings", - "service-mappings", - "dtc-service-mappings", - "source-mappings", - "threat-mappings", - "tls-mappings", - "tracing-mappings", - "url-mappings", - "user_agent-mappings", - "dtc-user_agent-mappings", - "user-mappings", - "dtc-user-mappings", - "vulnerability-mappings", - "common-settings", - "common-dynamic-mappings" - ], - "priority": {{ PRIORITY }}, - "_meta": { - "description": "Composable template that includes SO base fields", - "ecs_version": "1.12" - } - } - }