From 3fba27a0d469ea8ff8828f492125e0639c1926c2 Mon Sep 17 00:00:00 2001 From: Wes Date: Wed, 22 Mar 2023 20:45:33 +0000 Subject: [PATCH] Ensure component template files are in the correct directory --- .../so-data-streams-mappings.json | 0 .../{ => elastic-agent}/so-logs-mappings.json | 0 .../{ => elastic-agent}/so-logs-settings.json | 0 .../logs-elastic_agent.apm_server@custom.json | 12 - ...logs-elastic_agent.apm_server@package.json | 505 ----------------- .../logs-elastic_agent.auditbeat@custom.json | 12 - .../logs-elastic_agent.auditbeat@package.json | 505 ----------------- .../logs-elastic_agent.cloudbeat@custom.json | 12 - .../logs-elastic_agent.cloudbeat@package.json | 510 ------------------ ...lastic_agent.endpoint_security@custom.json | 12 - ...astic_agent.endpoint_security@package.json | 505 ----------------- .../logs-elastic_agent.filebeat@custom.json | 12 - .../logs-elastic_agent.filebeat@package.json | 505 ----------------- ...ogs-elastic_agent.fleet_server@custom.json | 12 - ...gs-elastic_agent.fleet_server@package.json | 505 ----------------- .../logs-elastic_agent.heartbeat@custom.json | 12 - .../logs-elastic_agent.heartbeat@package.json | 505 ----------------- .../logs-elastic_agent.metricbeat@custom.json | 12 - ...logs-elastic_agent.metricbeat@package.json | 505 ----------------- ...logs-elastic_agent.osquerybeat@custom.json | 12 - ...ogs-elastic_agent.osquerybeat@package.json | 505 ----------------- .../logs-elastic_agent.packetbeat@custom.json | 12 - ...logs-elastic_agent.packetbeat@package.json | 498 ----------------- .../component/logs-elastic_agent@custom.json | 12 - .../component/logs-elastic_agent@package.json | 505 ----------------- .../so-fleet_agent_id_verification-1.json | 67 --- .../component/so-fleet_globals-1.json | 66 --- 27 files changed, 5818 deletions(-) rename salt/elasticsearch/templates/component/{ => elastic-agent}/so-data-streams-mappings.json (100%) rename salt/elasticsearch/templates/component/{ => elastic-agent}/so-logs-mappings.json (100%) rename salt/elasticsearch/templates/component/{ => elastic-agent}/so-logs-settings.json (100%) delete mode 100644 salt/elasticsearch/templates/component/logs-elastic_agent.apm_server@custom.json delete mode 100644 salt/elasticsearch/templates/component/logs-elastic_agent.apm_server@package.json delete mode 100644 salt/elasticsearch/templates/component/logs-elastic_agent.auditbeat@custom.json delete mode 100644 salt/elasticsearch/templates/component/logs-elastic_agent.auditbeat@package.json delete mode 100644 salt/elasticsearch/templates/component/logs-elastic_agent.cloudbeat@custom.json delete mode 100644 salt/elasticsearch/templates/component/logs-elastic_agent.cloudbeat@package.json delete mode 100644 salt/elasticsearch/templates/component/logs-elastic_agent.endpoint_security@custom.json delete mode 100644 salt/elasticsearch/templates/component/logs-elastic_agent.endpoint_security@package.json delete mode 100644 salt/elasticsearch/templates/component/logs-elastic_agent.filebeat@custom.json delete mode 100644 salt/elasticsearch/templates/component/logs-elastic_agent.filebeat@package.json delete mode 100644 salt/elasticsearch/templates/component/logs-elastic_agent.fleet_server@custom.json delete mode 100644 salt/elasticsearch/templates/component/logs-elastic_agent.fleet_server@package.json delete mode 100644 salt/elasticsearch/templates/component/logs-elastic_agent.heartbeat@custom.json delete mode 100644 salt/elasticsearch/templates/component/logs-elastic_agent.heartbeat@package.json delete mode 100644 salt/elasticsearch/templates/component/logs-elastic_agent.metricbeat@custom.json delete mode 100644 salt/elasticsearch/templates/component/logs-elastic_agent.metricbeat@package.json delete mode 100644 salt/elasticsearch/templates/component/logs-elastic_agent.osquerybeat@custom.json delete mode 100644 salt/elasticsearch/templates/component/logs-elastic_agent.osquerybeat@package.json delete mode 100644 salt/elasticsearch/templates/component/logs-elastic_agent.packetbeat@custom.json delete mode 100644 salt/elasticsearch/templates/component/logs-elastic_agent.packetbeat@package.json delete mode 100644 salt/elasticsearch/templates/component/logs-elastic_agent@custom.json delete mode 100644 salt/elasticsearch/templates/component/logs-elastic_agent@package.json delete mode 100644 salt/elasticsearch/templates/component/so-fleet_agent_id_verification-1.json delete mode 100644 salt/elasticsearch/templates/component/so-fleet_globals-1.json diff --git a/salt/elasticsearch/templates/component/so-data-streams-mappings.json b/salt/elasticsearch/templates/component/elastic-agent/so-data-streams-mappings.json similarity index 100% rename from salt/elasticsearch/templates/component/so-data-streams-mappings.json rename to salt/elasticsearch/templates/component/elastic-agent/so-data-streams-mappings.json diff --git a/salt/elasticsearch/templates/component/so-logs-mappings.json b/salt/elasticsearch/templates/component/elastic-agent/so-logs-mappings.json similarity index 100% rename from salt/elasticsearch/templates/component/so-logs-mappings.json rename to salt/elasticsearch/templates/component/elastic-agent/so-logs-mappings.json diff --git a/salt/elasticsearch/templates/component/so-logs-settings.json b/salt/elasticsearch/templates/component/elastic-agent/so-logs-settings.json similarity index 100% rename from salt/elasticsearch/templates/component/so-logs-settings.json rename to salt/elasticsearch/templates/component/elastic-agent/so-logs-settings.json diff --git a/salt/elasticsearch/templates/component/logs-elastic_agent.apm_server@custom.json b/salt/elasticsearch/templates/component/logs-elastic_agent.apm_server@custom.json deleted file mode 100644 index fe77af1db..000000000 --- a/salt/elasticsearch/templates/component/logs-elastic_agent.apm_server@custom.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "template": { - "settings": {} - }, - "_meta": { - "package": { - "name": "elastic_agent" - }, - "managed_by": "fleet", - "managed": true - } -} diff --git a/salt/elasticsearch/templates/component/logs-elastic_agent.apm_server@package.json b/salt/elasticsearch/templates/component/logs-elastic_agent.apm_server@package.json deleted file mode 100644 index 9fd8c928f..000000000 --- a/salt/elasticsearch/templates/component/logs-elastic_agent.apm_server@package.json +++ /dev/null @@ -1,505 +0,0 @@ -{ - "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - }, - "index": { - "lifecycle": { - "name": "logs" - }, - "codec": "best_compression", - "mapping": { - "total_fields": { - "limit": "10000" - } - }, - "query": { - "default_field": [ - "cloud.account.id", - "cloud.availability_zone", - "cloud.instance.id", - "cloud.instance.name", - "cloud.machine.type", - "cloud.provider", - "cloud.region", - "cloud.project.id", - "cloud.image.id", - "container.id", - "container.image.name", - "container.name", - "host.architecture", - "host.domain", - "host.hostname", - "host.id", - "host.mac", - "host.name", - "host.os.family", - "host.os.kernel", - "host.os.name", - "host.os.platform", - "host.os.version", - "host.os.build", - "host.os.codename", - "host.type", - "log.level", - "message", - "elastic_agent.id", - "elastic_agent.process", - "elastic_agent.version" - ] - } - } - }, - "mappings": { - "dynamic": false, - "properties": { - "cloud": { - "properties": { - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "instance": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "machine": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "project": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "region": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "account": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - } - } - }, - "container": { - "properties": { - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "labels": { - "type": "object" - } - } - }, - "@timestamp": { - "type": "date" - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "log": { - "properties": { - "level": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "data_stream": { - "properties": { - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - }, - "dataset": { - "type": "constant_keyword" - } - } - }, - "host": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - -"security": { -"type": "text", -"analyzer": "es_security_analyzer"}, - "text": { - "type": "text" - } - } - }, - "family": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "version": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "ip": { - "type": "ip" - }, - "containerized": { - "type": "boolean" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "type": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "architecture": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "elastic_agent": { - "properties": { - "process": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "version": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "snapshot": { - "type": "boolean" - } - } - }, - "event": { - "properties": { - "dataset": { - "type": "constant_keyword" - } - } - }, - "message": { - "type": "text" - } - } - } - }, - "_meta": { - "package": { - "name": "elastic_agent" - }, - "managed_by": "fleet", - "managed": true - } -} diff --git a/salt/elasticsearch/templates/component/logs-elastic_agent.auditbeat@custom.json b/salt/elasticsearch/templates/component/logs-elastic_agent.auditbeat@custom.json deleted file mode 100644 index fe77af1db..000000000 --- a/salt/elasticsearch/templates/component/logs-elastic_agent.auditbeat@custom.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "template": { - "settings": {} - }, - "_meta": { - "package": { - "name": "elastic_agent" - }, - "managed_by": "fleet", - "managed": true - } -} diff --git a/salt/elasticsearch/templates/component/logs-elastic_agent.auditbeat@package.json b/salt/elasticsearch/templates/component/logs-elastic_agent.auditbeat@package.json deleted file mode 100644 index 9fd8c928f..000000000 --- a/salt/elasticsearch/templates/component/logs-elastic_agent.auditbeat@package.json +++ /dev/null @@ -1,505 +0,0 @@ -{ - "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - }, - "index": { - "lifecycle": { - "name": "logs" - }, - "codec": "best_compression", - "mapping": { - "total_fields": { - "limit": "10000" - } - }, - "query": { - "default_field": [ - "cloud.account.id", - "cloud.availability_zone", - "cloud.instance.id", - "cloud.instance.name", - "cloud.machine.type", - "cloud.provider", - "cloud.region", - "cloud.project.id", - "cloud.image.id", - "container.id", - "container.image.name", - "container.name", - "host.architecture", - "host.domain", - "host.hostname", - "host.id", - "host.mac", - "host.name", - "host.os.family", - "host.os.kernel", - "host.os.name", - "host.os.platform", - "host.os.version", - "host.os.build", - "host.os.codename", - "host.type", - "log.level", - "message", - "elastic_agent.id", - "elastic_agent.process", - "elastic_agent.version" - ] - } - } - }, - "mappings": { - "dynamic": false, - "properties": { - "cloud": { - "properties": { - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "instance": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "machine": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "project": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "region": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "account": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - } - } - }, - "container": { - "properties": { - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "labels": { - "type": "object" - } - } - }, - "@timestamp": { - "type": "date" - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "log": { - "properties": { - "level": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "data_stream": { - "properties": { - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - }, - "dataset": { - "type": "constant_keyword" - } - } - }, - "host": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - -"security": { -"type": "text", -"analyzer": "es_security_analyzer"}, - "text": { - "type": "text" - } - } - }, - "family": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "version": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "ip": { - "type": "ip" - }, - "containerized": { - "type": "boolean" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "type": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "architecture": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "elastic_agent": { - "properties": { - "process": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "version": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "snapshot": { - "type": "boolean" - } - } - }, - "event": { - "properties": { - "dataset": { - "type": "constant_keyword" - } - } - }, - "message": { - "type": "text" - } - } - } - }, - "_meta": { - "package": { - "name": "elastic_agent" - }, - "managed_by": "fleet", - "managed": true - } -} diff --git a/salt/elasticsearch/templates/component/logs-elastic_agent.cloudbeat@custom.json b/salt/elasticsearch/templates/component/logs-elastic_agent.cloudbeat@custom.json deleted file mode 100644 index fe77af1db..000000000 --- a/salt/elasticsearch/templates/component/logs-elastic_agent.cloudbeat@custom.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "template": { - "settings": {} - }, - "_meta": { - "package": { - "name": "elastic_agent" - }, - "managed_by": "fleet", - "managed": true - } -} diff --git a/salt/elasticsearch/templates/component/logs-elastic_agent.cloudbeat@package.json b/salt/elasticsearch/templates/component/logs-elastic_agent.cloudbeat@package.json deleted file mode 100644 index c4874ed3c..000000000 --- a/salt/elasticsearch/templates/component/logs-elastic_agent.cloudbeat@package.json +++ /dev/null @@ -1,510 +0,0 @@ -{ - "template": { - "settings": { -"analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - }, - "index": { - "lifecycle": { - "name": "logs" - }, - "codec": "best_compression", - "mapping": { - "total_fields": { - "limit": "10000" - } - }, - "query": { - "default_field": [ - "cloud.account.id", - "cloud.availability_zone", - "cloud.instance.id", - "cloud.instance.name", - "cloud.machine.type", - "cloud.provider", - "cloud.region", - "cloud.project.id", - "cloud.image.id", - "container.id", - "container.image.name", - "container.name", - "host.architecture", - "host.domain", - "host.hostname", - "host.id", - "host.mac", - "host.name", - "host.os.family", - "host.os.kernel", - "host.os.name", - "host.os.platform", - "host.os.version", - "host.os.build", - "host.os.codename", - "host.type", - "elastic_agent.id", - "elastic_agent.process", - "elastic_agent.version" - ] - } - } - }, - "mappings": { - "dynamic": false, - "properties": { - "cloud": { - "properties": { - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "instance": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "machine": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "project": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "region": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "account": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - } - } - }, - "container": { - "properties": { - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "labels": { - "type": "object" - } - } - }, - "@timestamp": { - "type": "date" - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "log": { - "properties": { - "level": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "data_stream": { - "properties": { - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - }, - "dataset": { - "type": "constant_keyword" - } - } - }, - "host": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - -"security": { -"type": "text", -"analyzer": "es_security_analyzer"}, - "text": { - "type": "text" - } - } - }, - "family": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "version": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "ip": { - "type": "ip" - }, - "containerized": { - "type": "boolean" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "type": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "architecture": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "elastic_agent": { - "properties": { - "process": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "version": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "snapshot": { - "type": "boolean" - } - } - }, - "event": { - "properties": { - "dataset": { - "type": "constant_keyword" - } - } - }, - "message": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - } - }, - "_meta": { - "package": { - "name": "elastic_agent" - }, - "managed_by": "fleet", - "managed": true - } -} diff --git a/salt/elasticsearch/templates/component/logs-elastic_agent.endpoint_security@custom.json b/salt/elasticsearch/templates/component/logs-elastic_agent.endpoint_security@custom.json deleted file mode 100644 index fe77af1db..000000000 --- a/salt/elasticsearch/templates/component/logs-elastic_agent.endpoint_security@custom.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "template": { - "settings": {} - }, - "_meta": { - "package": { - "name": "elastic_agent" - }, - "managed_by": "fleet", - "managed": true - } -} diff --git a/salt/elasticsearch/templates/component/logs-elastic_agent.endpoint_security@package.json b/salt/elasticsearch/templates/component/logs-elastic_agent.endpoint_security@package.json deleted file mode 100644 index 36978b0d8..000000000 --- a/salt/elasticsearch/templates/component/logs-elastic_agent.endpoint_security@package.json +++ /dev/null @@ -1,505 +0,0 @@ -{ - "template": { - "settings": { -"analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - }, - "index": { - "lifecycle": { - "name": "logs" - }, - "codec": "best_compression", - "mapping": { - "total_fields": { - "limit": "10000" - } - }, - "query": { - "default_field": [ - "cloud.account.id", - "cloud.availability_zone", - "cloud.instance.id", - "cloud.instance.name", - "cloud.machine.type", - "cloud.provider", - "cloud.region", - "cloud.project.id", - "cloud.image.id", - "container.id", - "container.image.name", - "container.name", - "host.architecture", - "host.domain", - "host.hostname", - "host.id", - "host.mac", - "host.name", - "host.os.family", - "host.os.kernel", - "host.os.name", - "host.os.platform", - "host.os.version", - "host.os.build", - "host.os.codename", - "host.type", - "log.level", - "message", - "elastic_agent.id", - "elastic_agent.process", - "elastic_agent.version" - ] - } - } - }, - "mappings": { - "dynamic": false, - "properties": { - "cloud": { - "properties": { - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "instance": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "machine": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "project": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "region": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "account": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - } - } - }, - "container": { - "properties": { - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "labels": { - "type": "object" - } - } - }, - "@timestamp": { - "type": "date" - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "log": { - "properties": { - "level": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "data_stream": { - "properties": { - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - }, - "dataset": { - "type": "constant_keyword" - } - } - }, - "host": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - -"security": { -"type": "text", -"analyzer": "es_security_analyzer"}, - "text": { - "type": "text" - } - } - }, - "family": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "version": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "ip": { - "type": "ip" - }, - "containerized": { - "type": "boolean" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "type": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "architecture": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "elastic_agent": { - "properties": { - "process": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "version": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "snapshot": { - "type": "boolean" - } - } - }, - "event": { - "properties": { - "dataset": { - "type": "constant_keyword" - } - } - }, - "message": { - "type": "text" - } - } - } - }, - "_meta": { - "package": { - "name": "elastic_agent" - }, - "managed_by": "fleet", - "managed": true - } -} diff --git a/salt/elasticsearch/templates/component/logs-elastic_agent.filebeat@custom.json b/salt/elasticsearch/templates/component/logs-elastic_agent.filebeat@custom.json deleted file mode 100644 index fe77af1db..000000000 --- a/salt/elasticsearch/templates/component/logs-elastic_agent.filebeat@custom.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "template": { - "settings": {} - }, - "_meta": { - "package": { - "name": "elastic_agent" - }, - "managed_by": "fleet", - "managed": true - } -} diff --git a/salt/elasticsearch/templates/component/logs-elastic_agent.filebeat@package.json b/salt/elasticsearch/templates/component/logs-elastic_agent.filebeat@package.json deleted file mode 100644 index 36978b0d8..000000000 --- a/salt/elasticsearch/templates/component/logs-elastic_agent.filebeat@package.json +++ /dev/null @@ -1,505 +0,0 @@ -{ - "template": { - "settings": { -"analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - }, - "index": { - "lifecycle": { - "name": "logs" - }, - "codec": "best_compression", - "mapping": { - "total_fields": { - "limit": "10000" - } - }, - "query": { - "default_field": [ - "cloud.account.id", - "cloud.availability_zone", - "cloud.instance.id", - "cloud.instance.name", - "cloud.machine.type", - "cloud.provider", - "cloud.region", - "cloud.project.id", - "cloud.image.id", - "container.id", - "container.image.name", - "container.name", - "host.architecture", - "host.domain", - "host.hostname", - "host.id", - "host.mac", - "host.name", - "host.os.family", - "host.os.kernel", - "host.os.name", - "host.os.platform", - "host.os.version", - "host.os.build", - "host.os.codename", - "host.type", - "log.level", - "message", - "elastic_agent.id", - "elastic_agent.process", - "elastic_agent.version" - ] - } - } - }, - "mappings": { - "dynamic": false, - "properties": { - "cloud": { - "properties": { - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "instance": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "machine": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "project": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "region": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "account": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - } - } - }, - "container": { - "properties": { - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "labels": { - "type": "object" - } - } - }, - "@timestamp": { - "type": "date" - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "log": { - "properties": { - "level": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "data_stream": { - "properties": { - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - }, - "dataset": { - "type": "constant_keyword" - } - } - }, - "host": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - -"security": { -"type": "text", -"analyzer": "es_security_analyzer"}, - "text": { - "type": "text" - } - } - }, - "family": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "version": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "ip": { - "type": "ip" - }, - "containerized": { - "type": "boolean" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "type": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "architecture": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "elastic_agent": { - "properties": { - "process": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "version": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "snapshot": { - "type": "boolean" - } - } - }, - "event": { - "properties": { - "dataset": { - "type": "constant_keyword" - } - } - }, - "message": { - "type": "text" - } - } - } - }, - "_meta": { - "package": { - "name": "elastic_agent" - }, - "managed_by": "fleet", - "managed": true - } -} diff --git a/salt/elasticsearch/templates/component/logs-elastic_agent.fleet_server@custom.json b/salt/elasticsearch/templates/component/logs-elastic_agent.fleet_server@custom.json deleted file mode 100644 index fe77af1db..000000000 --- a/salt/elasticsearch/templates/component/logs-elastic_agent.fleet_server@custom.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "template": { - "settings": {} - }, - "_meta": { - "package": { - "name": "elastic_agent" - }, - "managed_by": "fleet", - "managed": true - } -} diff --git a/salt/elasticsearch/templates/component/logs-elastic_agent.fleet_server@package.json b/salt/elasticsearch/templates/component/logs-elastic_agent.fleet_server@package.json deleted file mode 100644 index 36978b0d8..000000000 --- a/salt/elasticsearch/templates/component/logs-elastic_agent.fleet_server@package.json +++ /dev/null @@ -1,505 +0,0 @@ -{ - "template": { - "settings": { -"analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - }, - "index": { - "lifecycle": { - "name": "logs" - }, - "codec": "best_compression", - "mapping": { - "total_fields": { - "limit": "10000" - } - }, - "query": { - "default_field": [ - "cloud.account.id", - "cloud.availability_zone", - "cloud.instance.id", - "cloud.instance.name", - "cloud.machine.type", - "cloud.provider", - "cloud.region", - "cloud.project.id", - "cloud.image.id", - "container.id", - "container.image.name", - "container.name", - "host.architecture", - "host.domain", - "host.hostname", - "host.id", - "host.mac", - "host.name", - "host.os.family", - "host.os.kernel", - "host.os.name", - "host.os.platform", - "host.os.version", - "host.os.build", - "host.os.codename", - "host.type", - "log.level", - "message", - "elastic_agent.id", - "elastic_agent.process", - "elastic_agent.version" - ] - } - } - }, - "mappings": { - "dynamic": false, - "properties": { - "cloud": { - "properties": { - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "instance": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "machine": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "project": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "region": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "account": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - } - } - }, - "container": { - "properties": { - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "labels": { - "type": "object" - } - } - }, - "@timestamp": { - "type": "date" - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "log": { - "properties": { - "level": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "data_stream": { - "properties": { - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - }, - "dataset": { - "type": "constant_keyword" - } - } - }, - "host": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - -"security": { -"type": "text", -"analyzer": "es_security_analyzer"}, - "text": { - "type": "text" - } - } - }, - "family": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "version": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "ip": { - "type": "ip" - }, - "containerized": { - "type": "boolean" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "type": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "architecture": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "elastic_agent": { - "properties": { - "process": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "version": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "snapshot": { - "type": "boolean" - } - } - }, - "event": { - "properties": { - "dataset": { - "type": "constant_keyword" - } - } - }, - "message": { - "type": "text" - } - } - } - }, - "_meta": { - "package": { - "name": "elastic_agent" - }, - "managed_by": "fleet", - "managed": true - } -} diff --git a/salt/elasticsearch/templates/component/logs-elastic_agent.heartbeat@custom.json b/salt/elasticsearch/templates/component/logs-elastic_agent.heartbeat@custom.json deleted file mode 100644 index fe77af1db..000000000 --- a/salt/elasticsearch/templates/component/logs-elastic_agent.heartbeat@custom.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "template": { - "settings": {} - }, - "_meta": { - "package": { - "name": "elastic_agent" - }, - "managed_by": "fleet", - "managed": true - } -} diff --git a/salt/elasticsearch/templates/component/logs-elastic_agent.heartbeat@package.json b/salt/elasticsearch/templates/component/logs-elastic_agent.heartbeat@package.json deleted file mode 100644 index f353ac542..000000000 --- a/salt/elasticsearch/templates/component/logs-elastic_agent.heartbeat@package.json +++ /dev/null @@ -1,505 +0,0 @@ -{ - "template": { - "settings": { -"analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - }, - "index": { - "lifecycle": { - "name": "logs" - }, - "codec": "best_compression", - "mapping": { - "total_fields": { - "limit": "10000" - } - }, - "query": { - "default_field": [ - "cloud.account.id", - "cloud.availability_zone", - "cloud.instance.id", - "cloud.instance.name", - "cloud.machine.type", - "cloud.provider", - "cloud.region", - "cloud.project.id", - "cloud.image.id", - "container.id", - "container.image.name", - "container.name", - "host.architecture", - "host.domain", - "host.hostname", - "host.id", - "host.mac", - "host.name", - "host.os.family", - "host.os.kernel", - "host.os.name", - "host.os.platform", - "host.os.version", - "host.os.build", - "host.os.codename", - "host.type", - "log.level", - "message", - "elastic_agent.id", - "elastic_agent.process", - "elastic_agent.version" - ] - } - } - }, - "mappings": { - "dynamic": false, - "properties": { - "cloud": { - "properties": { - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "instance": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "machine": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "project": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "region": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "account": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - } - } - }, - "container": { - "properties": { - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "labels": { - "type": "object" - } - } - }, - "@timestamp": { - "type": "date" - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "log": { - "properties": { - "level": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "data_stream": { - "properties": { - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - }, - "dataset": { - "type": "constant_keyword" - } - } - }, - "host": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - -"security": { -"type": "text", -"analyzer": "es_security_analyzer"}, - "text": { - "type": "text" - } - } - }, - "family": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "version": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "ip": { - "type": "ip" - }, - "containerized": { - "type": "boolean" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "type": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "architecture": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "elastic_agent": { - "properties": { - "process": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "version": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "snapshot": { - "type": "boolean" - } - } - }, - "message": { - "type": "text" - }, - "event": { - "properties": { - "dataset": { - "type": "constant_keyword" - } - } - } - } - } - }, - "_meta": { - "package": { - "name": "elastic_agent" - }, - "managed_by": "fleet", - "managed": true - } -} diff --git a/salt/elasticsearch/templates/component/logs-elastic_agent.metricbeat@custom.json b/salt/elasticsearch/templates/component/logs-elastic_agent.metricbeat@custom.json deleted file mode 100644 index fe77af1db..000000000 --- a/salt/elasticsearch/templates/component/logs-elastic_agent.metricbeat@custom.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "template": { - "settings": {} - }, - "_meta": { - "package": { - "name": "elastic_agent" - }, - "managed_by": "fleet", - "managed": true - } -} diff --git a/salt/elasticsearch/templates/component/logs-elastic_agent.metricbeat@package.json b/salt/elasticsearch/templates/component/logs-elastic_agent.metricbeat@package.json deleted file mode 100644 index 36978b0d8..000000000 --- a/salt/elasticsearch/templates/component/logs-elastic_agent.metricbeat@package.json +++ /dev/null @@ -1,505 +0,0 @@ -{ - "template": { - "settings": { -"analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - }, - "index": { - "lifecycle": { - "name": "logs" - }, - "codec": "best_compression", - "mapping": { - "total_fields": { - "limit": "10000" - } - }, - "query": { - "default_field": [ - "cloud.account.id", - "cloud.availability_zone", - "cloud.instance.id", - "cloud.instance.name", - "cloud.machine.type", - "cloud.provider", - "cloud.region", - "cloud.project.id", - "cloud.image.id", - "container.id", - "container.image.name", - "container.name", - "host.architecture", - "host.domain", - "host.hostname", - "host.id", - "host.mac", - "host.name", - "host.os.family", - "host.os.kernel", - "host.os.name", - "host.os.platform", - "host.os.version", - "host.os.build", - "host.os.codename", - "host.type", - "log.level", - "message", - "elastic_agent.id", - "elastic_agent.process", - "elastic_agent.version" - ] - } - } - }, - "mappings": { - "dynamic": false, - "properties": { - "cloud": { - "properties": { - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "instance": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "machine": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "project": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "region": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "account": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - } - } - }, - "container": { - "properties": { - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "labels": { - "type": "object" - } - } - }, - "@timestamp": { - "type": "date" - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "log": { - "properties": { - "level": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "data_stream": { - "properties": { - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - }, - "dataset": { - "type": "constant_keyword" - } - } - }, - "host": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - -"security": { -"type": "text", -"analyzer": "es_security_analyzer"}, - "text": { - "type": "text" - } - } - }, - "family": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "version": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "ip": { - "type": "ip" - }, - "containerized": { - "type": "boolean" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "type": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "architecture": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "elastic_agent": { - "properties": { - "process": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "version": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "snapshot": { - "type": "boolean" - } - } - }, - "event": { - "properties": { - "dataset": { - "type": "constant_keyword" - } - } - }, - "message": { - "type": "text" - } - } - } - }, - "_meta": { - "package": { - "name": "elastic_agent" - }, - "managed_by": "fleet", - "managed": true - } -} diff --git a/salt/elasticsearch/templates/component/logs-elastic_agent.osquerybeat@custom.json b/salt/elasticsearch/templates/component/logs-elastic_agent.osquerybeat@custom.json deleted file mode 100644 index fe77af1db..000000000 --- a/salt/elasticsearch/templates/component/logs-elastic_agent.osquerybeat@custom.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "template": { - "settings": {} - }, - "_meta": { - "package": { - "name": "elastic_agent" - }, - "managed_by": "fleet", - "managed": true - } -} diff --git a/salt/elasticsearch/templates/component/logs-elastic_agent.osquerybeat@package.json b/salt/elasticsearch/templates/component/logs-elastic_agent.osquerybeat@package.json deleted file mode 100644 index 36978b0d8..000000000 --- a/salt/elasticsearch/templates/component/logs-elastic_agent.osquerybeat@package.json +++ /dev/null @@ -1,505 +0,0 @@ -{ - "template": { - "settings": { -"analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - }, - "index": { - "lifecycle": { - "name": "logs" - }, - "codec": "best_compression", - "mapping": { - "total_fields": { - "limit": "10000" - } - }, - "query": { - "default_field": [ - "cloud.account.id", - "cloud.availability_zone", - "cloud.instance.id", - "cloud.instance.name", - "cloud.machine.type", - "cloud.provider", - "cloud.region", - "cloud.project.id", - "cloud.image.id", - "container.id", - "container.image.name", - "container.name", - "host.architecture", - "host.domain", - "host.hostname", - "host.id", - "host.mac", - "host.name", - "host.os.family", - "host.os.kernel", - "host.os.name", - "host.os.platform", - "host.os.version", - "host.os.build", - "host.os.codename", - "host.type", - "log.level", - "message", - "elastic_agent.id", - "elastic_agent.process", - "elastic_agent.version" - ] - } - } - }, - "mappings": { - "dynamic": false, - "properties": { - "cloud": { - "properties": { - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "instance": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "machine": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "project": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "region": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "account": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - } - } - }, - "container": { - "properties": { - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "labels": { - "type": "object" - } - } - }, - "@timestamp": { - "type": "date" - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "log": { - "properties": { - "level": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "data_stream": { - "properties": { - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - }, - "dataset": { - "type": "constant_keyword" - } - } - }, - "host": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - -"security": { -"type": "text", -"analyzer": "es_security_analyzer"}, - "text": { - "type": "text" - } - } - }, - "family": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "version": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "ip": { - "type": "ip" - }, - "containerized": { - "type": "boolean" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "type": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "architecture": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "elastic_agent": { - "properties": { - "process": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "version": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "snapshot": { - "type": "boolean" - } - } - }, - "event": { - "properties": { - "dataset": { - "type": "constant_keyword" - } - } - }, - "message": { - "type": "text" - } - } - } - }, - "_meta": { - "package": { - "name": "elastic_agent" - }, - "managed_by": "fleet", - "managed": true - } -} diff --git a/salt/elasticsearch/templates/component/logs-elastic_agent.packetbeat@custom.json b/salt/elasticsearch/templates/component/logs-elastic_agent.packetbeat@custom.json deleted file mode 100644 index fe77af1db..000000000 --- a/salt/elasticsearch/templates/component/logs-elastic_agent.packetbeat@custom.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "template": { - "settings": {} - }, - "_meta": { - "package": { - "name": "elastic_agent" - }, - "managed_by": "fleet", - "managed": true - } -} diff --git a/salt/elasticsearch/templates/component/logs-elastic_agent.packetbeat@package.json b/salt/elasticsearch/templates/component/logs-elastic_agent.packetbeat@package.json deleted file mode 100644 index 9e593d3f8..000000000 --- a/salt/elasticsearch/templates/component/logs-elastic_agent.packetbeat@package.json +++ /dev/null @@ -1,498 +0,0 @@ -{ - "template": { - "settings": { -"analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - }, - "index": { - "lifecycle": { - "name": "logs" - }, - "codec": "best_compression", - "mapping": { - "total_fields": { - "limit": "10000" - } - }, - "query": { - "default_field": [ - "cloud.account.id", - "cloud.availability_zone", - "cloud.instance.id", - "cloud.instance.name", - "cloud.machine.type", - "cloud.provider", - "cloud.region", - "cloud.project.id", - "cloud.image.id", - "container.id", - "container.image.name", - "container.name", - "host.architecture", - "host.domain", - "host.hostname", - "host.id", - "host.mac", - "host.name", - "host.os.family", - "host.os.kernel", - "host.os.name", - "host.os.platform", - "host.os.version", - "host.os.build", - "host.os.codename", - "host.type", - "log.level", - "message", - "elastic_agent.id", - "elastic_agent.process", - "elastic_agent.version" - ] - } - } - }, - "mappings": { - "dynamic": false, - "properties": { - "cloud": { - "properties": { - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "instance": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "machine": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "project": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "region": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "account": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - } - } - }, - "container": { - "properties": { - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "labels": { - "type": "object" - } - } - }, - "@timestamp": { - "type": "date" - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "log": { - "properties": { - "level": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "data_stream": { - "properties": { - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - }, - "dataset": { - "type": "constant_keyword" - } - } - }, - "host": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - -"security": { -"type": "text", -"analyzer": "es_security_analyzer"}, - "text": { - "type": "text" - } - } - }, - "family": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "version": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "ip": { - "type": "ip" - }, - "containerized": { - "type": "boolean" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "type": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "architecture": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "elastic_agent": { - "properties": { - "process": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "version": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "snapshot": { - "type": "boolean" - } - } - }, - "message": { - "type": "text" - } - } - } - }, - "_meta": { - "package": { - "name": "elastic_agent" - }, - "managed_by": "fleet", - "managed": true - } -} diff --git a/salt/elasticsearch/templates/component/logs-elastic_agent@custom.json b/salt/elasticsearch/templates/component/logs-elastic_agent@custom.json deleted file mode 100644 index fe77af1db..000000000 --- a/salt/elasticsearch/templates/component/logs-elastic_agent@custom.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "template": { - "settings": {} - }, - "_meta": { - "package": { - "name": "elastic_agent" - }, - "managed_by": "fleet", - "managed": true - } -} diff --git a/salt/elasticsearch/templates/component/logs-elastic_agent@package.json b/salt/elasticsearch/templates/component/logs-elastic_agent@package.json deleted file mode 100644 index 7df3309b1..000000000 --- a/salt/elasticsearch/templates/component/logs-elastic_agent@package.json +++ /dev/null @@ -1,505 +0,0 @@ -{ - "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - }, - "index": { - "lifecycle": { - "name": "logs" - }, - "codec": "best_compression", - "mapping": { - "total_fields": { - "limit": "10000" - } - }, - "query": { - "default_field": [ - "cloud.account.id", - "cloud.availability_zone", - "cloud.instance.id", - "cloud.instance.name", - "cloud.machine.type", - "cloud.provider", - "cloud.region", - "cloud.project.id", - "cloud.image.id", - "container.id", - "container.image.name", - "container.name", - "host.architecture", - "host.domain", - "host.hostname", - "host.id", - "host.mac", - "host.name", - "host.os.family", - "host.os.kernel", - "host.os.name", - "host.os.platform", - "host.os.version", - "host.os.build", - "host.os.codename", - "host.type", - "log.level", - "message", - "elastic_agent.id", - "elastic_agent.process", - "elastic_agent.version" - ] - } - } - }, - "mappings": { - "dynamic": false, - "properties": { - "cloud": { - "properties": { - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "instance": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "machine": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "project": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "region": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "account": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - } - } - }, - "container": { - "properties": { - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "labels": { - "type": "object" - } - } - }, - "@timestamp": { - "type": "date" - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "log": { - "properties": { - "level": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "data_stream": { - "properties": { - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - }, - "dataset": { - "type": "constant_keyword" - } - } - }, - "host": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - -"security": { -"type": "text", -"analyzer": "es_security_analyzer"}, - "text": { - "type": "text" - } - } - }, - "family": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "version": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "ip": { - "type": "ip" - }, - "containerized": { - "type": "boolean" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "type": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "architecture": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - } - } - }, - "elastic_agent": { - "properties": { - "process": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "id": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "version": { - "ignore_above": 1024, - "type": "keyword" -, -"fields": { -"security": { -"type": "text", -"analyzer": "es_security_analyzer"} -} - }, - "snapshot": { - "type": "boolean" - } - } - }, - "event": { - "properties": { - "dataset": { - "type": "constant_keyword" - } - } - }, - "message": { - "type": "text" - } - } - } - }, - "_meta": { - "package": { - "name": "elastic_agent" - }, - "managed_by": "fleet", - "managed": true - } -} diff --git a/salt/elasticsearch/templates/component/so-fleet_agent_id_verification-1.json b/salt/elasticsearch/templates/component/so-fleet_agent_id_verification-1.json deleted file mode 100644 index e2548d539..000000000 --- a/salt/elasticsearch/templates/component/so-fleet_agent_id_verification-1.json +++ /dev/null @@ -1,67 +0,0 @@ -{ - "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - }, - "index": { - "final_pipeline": ".fleet_final_pipeline-1" - } - }, - "mappings": { - "properties": { - "event": { - "properties": { - "agent_id_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "ingested": { - "format": "strict_date_time_no_millis||strict_date_optional_time||epoch_millis", - "type": "date" - } - } - } - } - } - }, - "_meta": { - "managed_by": "fleet", - "managed": true - } - } diff --git a/salt/elasticsearch/templates/component/so-fleet_globals-1.json b/salt/elasticsearch/templates/component/so-fleet_globals-1.json deleted file mode 100644 index e1529ba82..000000000 --- a/salt/elasticsearch/templates/component/so-fleet_globals-1.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, - "mappings": { - "_meta": { - "managed_by": "security_onion", - "managed": true - }, - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false - } - }, - "_meta": { - "managed_by": "security_onion", - "managed": true - } - }