Merge pull request #15028 from Security-Onion-Solutions/reyesj2/ea-alerter

agent monitor template & dataset name update
2025-12-06 17:22:49 +01:00 · 2025-09-12 14:45:20 -05:00
parent bb984e05e3 0606c0a454
commit 4d24c57903
2 changed files with 4 additions and 6 deletions
--- a/salt/elasticfleet/files/integrations/grid-nodes_general/elastic-agent-monitor.json
+++ b/salt/elasticfleet/files/integrations/grid-nodes_general/elastic-agent-monitor.json
@@ -21,7 +21,7 @@
            "paths": [
              "/opt/so/log/agents/agent-monitor.log"
            ],
-            "data_stream.dataset": "agent-monitor",
+            "data_stream.dataset": "agentmonitor",
            "pipeline": "elasticagent.monitor",
            "parsers": "",
            "exclude_files": [
--- a/salt/elasticsearch/defaults.yaml
+++ b/salt/elasticsearch/defaults.yaml
@@ -1323,7 +1323,7 @@ elasticsearch:
              set_priority:
                priority: 50
            min_age: 30d
-    so-logs-agent-monitor:
+    so-elastic-agent-monitor:
      index_sorting: false
      index_template:
        composed_of:
@@ -1335,10 +1335,8 @@ elasticsearch:
        data_stream:
          allow_custom_routing: false
          hidden: false
-        ignore_missing_component_templates:
-        - logs-agent-monitor@custom
        index_patterns:
-        - logs-agent-monitor-*
+        - logs-agentmonitor-*
        priority: 501
        template:
          mappings:
@@ -1350,7 +1348,7 @@ elasticsearch:
          settings:
            index:
              lifecycle:
-                name: so-logs-agent-monitor-logs
+                name: so-elastic-agent-monitor-logs
              mapping:
                total_fields:
                  limit: 5000