diff --git a/salt/elasticfleet/defaults.yaml b/salt/elasticfleet/defaults.yaml index bce028235..952662600 100644 --- a/salt/elasticfleet/defaults.yaml +++ b/salt/elasticfleet/defaults.yaml @@ -53,6 +53,7 @@ elasticfleet: - citrix_adc - citrix_waf - cloudflare + - cloudflare_logpush - crowdstrike - darktrace - elastic_agent diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml index 22da47337..45ac8d1ea 100644 --- a/salt/elasticsearch/defaults.yaml +++ b/salt/elasticsearch/defaults.yaml @@ -3671,6 +3671,834 @@ elasticsearch: set_priority: priority: 50 min_age: 30d + so-logs-cloudflare_logpush_x_access_request: + index_sorting: false + index_template: + composed_of: + - logs-cloudflare_logpush.access_request@package + - logs-cloudflare_logpush.access_request@custom + - so-fleet_globals-1 + - so-fleet_agent_id_verification-1 + data_stream: + hidden: false + allow_custom_routing: false + ignore_missing_component_templates: + - logs-cloudflare_logpush.access_request@custom + index_patterns: + - logs-cloudflare_logpush.access_request-* + priority: 501 + template: + settings: + index: + lifecycle: + name: so-logs-cloudflare_logpush.access_request-logs + number_of_replicas: 0 + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 60d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d + so-logs-cloudflare_logpush_x_audit: + index_sorting: false + index_template: + composed_of: + - logs-cloudflare_logpush.audit@package + - logs-cloudflare_logpush.audit@custom + - so-fleet_globals-1 + - so-fleet_agent_id_verification-1 + data_stream: + hidden: false + allow_custom_routing: false + ignore_missing_component_templates: + - logs-cloudflare_logpush.audit@custom + index_patterns: + - logs-cloudflare_logpush.audit-* + priority: 501 + template: + settings: + index: + lifecycle: + name: so-logs-cloudflare_logpush.audit-logs + number_of_replicas: 0 + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 60d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d + so-logs-cloudflare_logpush_x_casb: + index_sorting: false + index_template: + composed_of: + - logs-cloudflare_logpush.casb@package + - logs-cloudflare_logpush.casb@custom + - so-fleet_globals-1 + - so-fleet_agent_id_verification-1 + data_stream: + hidden: false + allow_custom_routing: false + ignore_missing_component_templates: + - logs-cloudflare_logpush.casb@custom + index_patterns: + - logs-cloudflare_logpush.casb-* + priority: 501 + template: + settings: + index: + lifecycle: + name: so-logs-cloudflare_logpush.casb-logs + number_of_replicas: 0 + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 60d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d + so-logs-cloudflare_logpush_x_device_posture: + index_sorting: false + index_template: + composed_of: + - logs-cloudflare_logpush.device_posture@package + - logs-cloudflare_logpush.device_posture@custom + - so-fleet_globals-1 + - so-fleet_agent_id_verification-1 + data_stream: + hidden: false + allow_custom_routing: false + ignore_missing_component_templates: + - logs-cloudflare_logpush.device_posture@custom + index_patterns: + - logs-cloudflare_logpush.device_posture-* + priority: 501 + template: + settings: + index: + lifecycle: + name: so-logs-cloudflare_logpush.device_posture-logs + number_of_replicas: 0 + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 60d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d + so-logs-cloudflare_logpush_x_dns: + index_sorting: false + index_template: + composed_of: + - logs-cloudflare_logpush.dns@package + - logs-cloudflare_logpush.dns@custom + - so-fleet_globals-1 + - so-fleet_agent_id_verification-1 + data_stream: + hidden: false + allow_custom_routing: false + ignore_missing_component_templates: + - logs-cloudflare_logpush.dns@custom + index_patterns: + - logs-cloudflare_logpush.dns-* + priority: 501 + template: + settings: + index: + lifecycle: + name: so-logs-cloudflare_logpush.dns-logs + number_of_replicas: 0 + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 60d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d + so-logs-cloudflare_logpush_x_dns_firewall: + index_sorting: false + index_template: + composed_of: + - logs-cloudflare_logpush.dns_firewall@package + - logs-cloudflare_logpush.dns_firewall@custom + - so-fleet_globals-1 + - so-fleet_agent_id_verification-1 + data_stream: + hidden: false + allow_custom_routing: false + ignore_missing_component_templates: + - logs-cloudflare_logpush.dns_firewall@custom + index_patterns: + - logs-cloudflare_logpush.dns_firewall-* + priority: 501 + template: + settings: + index: + lifecycle: + name: so-logs-cloudflare_logpush.dns_firewall-logs + number_of_replicas: 0 + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 60d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d + so-logs-cloudflare_logpush_x_firewall_event: + index_sorting: false + index_template: + composed_of: + - logs-cloudflare_logpush.firewall_event@package + - logs-cloudflare_logpush.firewall_event@custom + - so-fleet_globals-1 + - so-fleet_agent_id_verification-1 + data_stream: + hidden: false + allow_custom_routing: false + ignore_missing_component_templates: + - logs-cloudflare_logpush.firewall_event@custom + index_patterns: + - logs-cloudflare_logpush.firewall_event-* + priority: 501 + template: + settings: + index: + lifecycle: + name: so-logs-cloudflare_logpush.firewall_event-logs + number_of_replicas: 0 + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 60d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d + so-logs-cloudflare_logpush_x_gateway_dns: + index_sorting: false + index_template: + composed_of: + - logs-cloudflare_logpush.gateway_dns@package + - logs-cloudflare_logpush.gateway_dns@custom + - so-fleet_globals-1 + - so-fleet_agent_id_verification-1 + data_stream: + hidden: false + allow_custom_routing: false + ignore_missing_component_templates: + - logs-cloudflare_logpush.gateway_dns@custom + index_patterns: + - logs-cloudflare_logpush.gateway_dns-* + priority: 501 + template: + settings: + index: + lifecycle: + name: so-logs-cloudflare_logpush.gateway_dns-logs + number_of_replicas: 0 + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 60d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d + so-logs-cloudflare_logpush_x_gateway_http: + index_sorting: false + index_template: + composed_of: + - logs-cloudflare_logpush.gateway_http@package + - logs-cloudflare_logpush.gateway_http@custom + - so-fleet_globals-1 + - so-fleet_agent_id_verification-1 + data_stream: + hidden: false + allow_custom_routing: false + ignore_missing_component_templates: + - logs-cloudflare_logpush.gateway_http@custom + index_patterns: + - logs-cloudflare_logpush.gateway_http-* + priority: 501 + template: + settings: + index: + lifecycle: + name: so-logs-cloudflare_logpush.gateway_http-logs + number_of_replicas: 0 + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 60d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d + so-logs-cloudflare_logpush_x_gateway_network: + index_sorting: false + index_template: + composed_of: + - logs-cloudflare_logpush.gateway_network@package + - logs-cloudflare_logpush.gateway_network@custom + - so-fleet_globals-1 + - so-fleet_agent_id_verification-1 + data_stream: + hidden: false + allow_custom_routing: false + ignore_missing_component_templates: + - logs-cloudflare_logpush.gateway_network@custom + index_patterns: + - logs-cloudflare_logpush.gateway_network-* + priority: 501 + template: + settings: + index: + lifecycle: + name: so-logs-cloudflare_logpush.gateway_network-logs + number_of_replicas: 0 + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 60d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d + so-logs-cloudflare_logpush_x_http_request: + index_sorting: false + index_template: + composed_of: + - logs-cloudflare_logpush.http_request@package + - logs-cloudflare_logpush.http_request@custom + - so-fleet_globals-1 + - so-fleet_agent_id_verification-1 + data_stream: + hidden: false + allow_custom_routing: false + ignore_missing_component_templates: + - logs-cloudflare_logpush.http_request@custom + index_patterns: + - logs-cloudflare_logpush.http_request-* + priority: 501 + template: + settings: + index: + lifecycle: + name: so-logs-cloudflare_logpush.http_request-logs + number_of_replicas: 0 + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 60d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d + so-logs-cloudflare_logpush_x_magic_ids: + index_sorting: false + index_template: + composed_of: + - logs-cloudflare_logpush.magic_ids@package + - logs-cloudflare_logpush.magic_ids@custom + - so-fleet_globals-1 + - so-fleet_agent_id_verification-1 + data_stream: + hidden: false + allow_custom_routing: false + ignore_missing_component_templates: + - logs-cloudflare_logpush.magic_ids@custom + index_patterns: + - logs-cloudflare_logpush.magic_ids-* + priority: 501 + template: + settings: + index: + lifecycle: + name: so-logs-cloudflare_logpush.magic_ids-logs + number_of_replicas: 0 + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 60d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d + so-logs-cloudflare_logpush_x_nel_report: + index_sorting: false + index_template: + composed_of: + - logs-cloudflare_logpush.nel_report@package + - logs-cloudflare_logpush.nel_report@custom + - so-fleet_globals-1 + - so-fleet_agent_id_verification-1 + data_stream: + hidden: false + allow_custom_routing: false + ignore_missing_component_templates: + - logs-cloudflare_logpush.nel_report@custom + index_patterns: + - logs-cloudflare_logpush.nel_report-* + priority: 501 + template: + settings: + index: + lifecycle: + name: so-logs-cloudflare_logpush.nel_report-logs + number_of_replicas: 0 + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 60d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d + so-logs-cloudflare_logpush_x_network_analytics: + index_sorting: false + index_template: + composed_of: + - logs-cloudflare_logpush.network_analytics@package + - logs-cloudflare_logpush.network_analytics@custom + - so-fleet_globals-1 + - so-fleet_agent_id_verification-1 + data_stream: + hidden: false + allow_custom_routing: false + ignore_missing_component_templates: + - logs-cloudflare_logpush.network_analytics@custom + index_patterns: + - logs-cloudflare_logpush.network_analytics-* + priority: 501 + template: + settings: + index: + lifecycle: + name: so-logs-cloudflare_logpush.network_analytics-logs + number_of_replicas: 0 + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 60d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d + so-logs-cloudflare_logpush_x_network_session: + index_sorting: false + index_template: + composed_of: + - logs-cloudflare_logpush.network_session@package + - logs-cloudflare_logpush.network_session@custom + - so-fleet_globals-1 + - so-fleet_agent_id_verification-1 + data_stream: + hidden: false + allow_custom_routing: false + ignore_missing_component_templates: + - logs-cloudflare_logpush.network_session@custom + index_patterns: + - logs-cloudflare_logpush.network_session-* + priority: 501 + template: + settings: + index: + lifecycle: + name: so-logs-cloudflare_logpush.network_session-logs + number_of_replicas: 0 + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 60d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d + so-logs-cloudflare_logpush_x_sinkhole_http: + index_sorting: false + index_template: + composed_of: + - logs-cloudflare_logpush.sinkhole_http@package + - logs-cloudflare_logpush.sinkhole_http@custom + - so-fleet_globals-1 + - so-fleet_agent_id_verification-1 + data_stream: + hidden: false + allow_custom_routing: false + ignore_missing_component_templates: + - logs-cloudflare_logpush.sinkhole_http@custom + index_patterns: + - logs-cloudflare_logpush.sinkhole_http-* + priority: 501 + template: + settings: + index: + lifecycle: + name: so-logs-cloudflare_logpush.sinkhole_http-logs + number_of_replicas: 0 + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 60d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d + so-logs-cloudflare_logpush_x_spectrum_event: + index_sorting: false + index_template: + composed_of: + - logs-cloudflare_logpush.spectrum_event@package + - logs-cloudflare_logpush.spectrum_event@custom + - so-fleet_globals-1 + - so-fleet_agent_id_verification-1 + data_stream: + hidden: false + allow_custom_routing: false + ignore_missing_component_templates: + - logs-cloudflare_logpush.spectrum_event@custom + index_patterns: + - logs-cloudflare_logpush.spectrum_event-* + priority: 501 + template: + settings: + index: + lifecycle: + name: so-logs-cloudflare_logpush.spectrum_event-logs + number_of_replicas: 0 + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 60d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d + so-logs-cloudflare_logpush_x_workers_trace: + index_sorting: false + index_template: + composed_of: + - logs-cloudflare_logpush.workers_trace@package + - logs-cloudflare_logpush.workers_trace@custom + - so-fleet_globals-1 + - so-fleet_agent_id_verification-1 + data_stream: + hidden: false + allow_custom_routing: false + ignore_missing_component_templates: + - logs-cloudflare_logpush.workers_trace@custom + index_patterns: + - logs-cloudflare_logpush.workers_trace-* + priority: 501 + template: + settings: + index: + lifecycle: + name: so-logs-cloudflare_logpush.workers_trace-logs + number_of_replicas: 0 + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 60d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d so-logs-crowdstrike_x_alert: index_sorting: False index_template: diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.access_request@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.access_request@custom.json new file mode 100644 index 000000000..17319ab9f --- /dev/null +++ b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.access_request@custom.json @@ -0,0 +1,36 @@ +{ + "template": { + "mappings": { + "properties": { + "host": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "related": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "destination": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "source": { + "properties":{ + "ip": { + "type": "ip" + } + } + } + } + } + } +} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.audit@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.audit@custom.json new file mode 100644 index 000000000..17319ab9f --- /dev/null +++ b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.audit@custom.json @@ -0,0 +1,36 @@ +{ + "template": { + "mappings": { + "properties": { + "host": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "related": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "destination": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "source": { + "properties":{ + "ip": { + "type": "ip" + } + } + } + } + } + } +} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.casb@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.casb@custom.json new file mode 100644 index 000000000..17319ab9f --- /dev/null +++ b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.casb@custom.json @@ -0,0 +1,36 @@ +{ + "template": { + "mappings": { + "properties": { + "host": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "related": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "destination": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "source": { + "properties":{ + "ip": { + "type": "ip" + } + } + } + } + } + } +} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.device_posture@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.device_posture@custom.json new file mode 100644 index 000000000..17319ab9f --- /dev/null +++ b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.device_posture@custom.json @@ -0,0 +1,36 @@ +{ + "template": { + "mappings": { + "properties": { + "host": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "related": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "destination": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "source": { + "properties":{ + "ip": { + "type": "ip" + } + } + } + } + } + } +} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.dns@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.dns@custom.json new file mode 100644 index 000000000..17319ab9f --- /dev/null +++ b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.dns@custom.json @@ -0,0 +1,36 @@ +{ + "template": { + "mappings": { + "properties": { + "host": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "related": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "destination": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "source": { + "properties":{ + "ip": { + "type": "ip" + } + } + } + } + } + } +} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.dns_firewall@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.dns_firewall@custom.json new file mode 100644 index 000000000..17319ab9f --- /dev/null +++ b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.dns_firewall@custom.json @@ -0,0 +1,36 @@ +{ + "template": { + "mappings": { + "properties": { + "host": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "related": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "destination": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "source": { + "properties":{ + "ip": { + "type": "ip" + } + } + } + } + } + } +} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.firewall_event@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.firewall_event@custom.json new file mode 100644 index 000000000..17319ab9f --- /dev/null +++ b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.firewall_event@custom.json @@ -0,0 +1,36 @@ +{ + "template": { + "mappings": { + "properties": { + "host": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "related": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "destination": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "source": { + "properties":{ + "ip": { + "type": "ip" + } + } + } + } + } + } +} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.gateway_dns@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.gateway_dns@custom.json new file mode 100644 index 000000000..17319ab9f --- /dev/null +++ b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.gateway_dns@custom.json @@ -0,0 +1,36 @@ +{ + "template": { + "mappings": { + "properties": { + "host": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "related": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "destination": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "source": { + "properties":{ + "ip": { + "type": "ip" + } + } + } + } + } + } +} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.gateway_http@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.gateway_http@custom.json new file mode 100644 index 000000000..17319ab9f --- /dev/null +++ b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.gateway_http@custom.json @@ -0,0 +1,36 @@ +{ + "template": { + "mappings": { + "properties": { + "host": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "related": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "destination": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "source": { + "properties":{ + "ip": { + "type": "ip" + } + } + } + } + } + } +} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.gateway_network@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.gateway_network@custom.json new file mode 100644 index 000000000..17319ab9f --- /dev/null +++ b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.gateway_network@custom.json @@ -0,0 +1,36 @@ +{ + "template": { + "mappings": { + "properties": { + "host": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "related": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "destination": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "source": { + "properties":{ + "ip": { + "type": "ip" + } + } + } + } + } + } +} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.http_request@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.http_request@custom.json new file mode 100644 index 000000000..17319ab9f --- /dev/null +++ b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.http_request@custom.json @@ -0,0 +1,36 @@ +{ + "template": { + "mappings": { + "properties": { + "host": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "related": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "destination": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "source": { + "properties":{ + "ip": { + "type": "ip" + } + } + } + } + } + } +} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.magic_ids@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.magic_ids@custom.json new file mode 100644 index 000000000..17319ab9f --- /dev/null +++ b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.magic_ids@custom.json @@ -0,0 +1,36 @@ +{ + "template": { + "mappings": { + "properties": { + "host": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "related": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "destination": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "source": { + "properties":{ + "ip": { + "type": "ip" + } + } + } + } + } + } +} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.nel_report@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.nel_report@custom.json new file mode 100644 index 000000000..17319ab9f --- /dev/null +++ b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.nel_report@custom.json @@ -0,0 +1,36 @@ +{ + "template": { + "mappings": { + "properties": { + "host": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "related": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "destination": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "source": { + "properties":{ + "ip": { + "type": "ip" + } + } + } + } + } + } +} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.network_analytics@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.network_analytics@custom.json new file mode 100644 index 000000000..17319ab9f --- /dev/null +++ b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.network_analytics@custom.json @@ -0,0 +1,36 @@ +{ + "template": { + "mappings": { + "properties": { + "host": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "related": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "destination": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "source": { + "properties":{ + "ip": { + "type": "ip" + } + } + } + } + } + } +} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.network_session@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.network_session@custom.json new file mode 100644 index 000000000..17319ab9f --- /dev/null +++ b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.network_session@custom.json @@ -0,0 +1,36 @@ +{ + "template": { + "mappings": { + "properties": { + "host": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "related": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "destination": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "source": { + "properties":{ + "ip": { + "type": "ip" + } + } + } + } + } + } +} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.sinkhole_http@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.sinkhole_http@custom.json new file mode 100644 index 000000000..17319ab9f --- /dev/null +++ b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.sinkhole_http@custom.json @@ -0,0 +1,36 @@ +{ + "template": { + "mappings": { + "properties": { + "host": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "related": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "destination": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "source": { + "properties":{ + "ip": { + "type": "ip" + } + } + } + } + } + } +} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.spectrum_event@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.spectrum_event@custom.json new file mode 100644 index 000000000..17319ab9f --- /dev/null +++ b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.spectrum_event@custom.json @@ -0,0 +1,36 @@ +{ + "template": { + "mappings": { + "properties": { + "host": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "related": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "destination": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "source": { + "properties":{ + "ip": { + "type": "ip" + } + } + } + } + } + } +} diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.workers_trace@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.workers_trace@custom.json new file mode 100644 index 000000000..17319ab9f --- /dev/null +++ b/salt/elasticsearch/templates/component/elastic-agent/logs-cloudflare_logpush.workers_trace@custom.json @@ -0,0 +1,36 @@ +{ + "template": { + "mappings": { + "properties": { + "host": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "related": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "destination": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "source": { + "properties":{ + "ip": { + "type": "ip" + } + } + } + } + } + } +}