Initial support for local lookup

2025-12-10 03:02:58 +01:00 · 2024-10-29 10:27:54 -04:00
parent 6a3e5415cf
commit 4c5099d429
3 changed files with 84 additions and 26 deletions
--- a/salt/logstash/pipelines/config/so/9805_output_elastic_agent.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9805_output_elastic_agent.conf.jinja
@@ -1,18 +1,45 @@
 output {
-  if "elastic-agent" in [tags] {
-    if [metadata][pipeline] {
-      if [metadata][_id] {
-        elasticsearch {
-          hosts => "{{ GLOBALS.hostname }}"
-          ecs_compatibility => v8
-          data_stream => true
-          user => "{{ ES_USER }}"
-          password => "{{ ES_PASS }}"
-          document_id => "%{[metadata][_id]}"
-          pipeline => "%{[metadata][pipeline]}"
-          silence_errors_in_log => ["version_conflict_engine_exception"]
-          ssl => true
-          ssl_certificate_verification => false
+  if "elastic-agent" in [tags] and "so-ip-mappings" in [tags] {
+    elasticsearch {
+      hosts => "{{ GLOBALS.hostname }}"
+      data_stream => false
+      user => "{{ ES_USER }}"
+      password => "{{ ES_PASS }}"
+      document_id => "%{[metadata][_id]}"
+      index => "so-ip-mappings"
+      silence_errors_in_log => ["version_conflict_engine_exception"]
+      ssl => true
+      ssl_certificate_verification => false
+    }
+  }
+  else {
+    if "elastic-agent" in [tags] {
+      if [metadata][pipeline] {
+        if [metadata][_id] {
+          elasticsearch {
+            hosts => "{{ GLOBALS.hostname }}"
+            ecs_compatibility => v8
+            data_stream => true
+            user => "{{ ES_USER }}"
+            password => "{{ ES_PASS }}"
+            document_id => "%{[metadata][_id]}"
+            pipeline => "%{[metadata][pipeline]}"
+            silence_errors_in_log => ["version_conflict_engine_exception"]
+            ssl => true
+            ssl_certificate_verification => false
+          }
+        }
+        else {
+          elasticsearch {
+            hosts => "{{ GLOBALS.hostname }}"
+            ecs_compatibility => v8
+            data_stream => true
+            user => "{{ ES_USER }}"
+            password => "{{ ES_PASS }}"
+            pipeline => "%{[metadata][pipeline]}"
+            ssl => true
+            ssl_certificate_verification => false
+          }
        }
      }
      else {
@@ -22,22 +49,10 @@ output {
          data_stream => true
          user => "{{ ES_USER }}"
          password => "{{ ES_PASS }}"
-          pipeline => "%{[metadata][pipeline]}"
          ssl => true
          ssl_certificate_verification => false
        }
      }
    }
-    else {
-      elasticsearch {
-        hosts => "{{ GLOBALS.hostname }}"
-        ecs_compatibility => v8
-        data_stream => true
-        user => "{{ ES_USER }}"
-        password => "{{ ES_PASS }}"
-        ssl => true
-        ssl_certificate_verification => false
-      }
-    }
  }
 }