CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 18:22:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Don't predefine index date for Filebeat ES outputs

Browse Source
This commit is contained in:
Wes Lambert
2020-10-12 15:44:00 +00:00
parent 884cc2d054
commit 4fc4913d1e
1 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
salt/filebeat/etc/filebeat.yml
View File

@@ -82,7 +82,7 @@ filebeat.inputs:
module: syslog
dataset: syslog
pipeline: "syslog"
index: "so-syslog-%{+yyyy.MM.dd}"
index: "so-syslog"
processors:
- drop_fields:
fields: ["source", "prospector", "input", "offset", "beat"]
@@ -95,7 +95,7 @@ filebeat.inputs:
module: syslog
dataset: syslog
pipeline: "syslog"
index: "so-syslog-%{+yyyy.MM.dd}"
index: "so-syslog"
processors:
- drop_fields:
fields: ["source", "prospector", "input", "offset", "beat"]
@@ -259,22 +259,22 @@ output.elasticsearch:
pipelines:
- pipeline: "%{[module]}.%{[dataset]}"
indices:
- index: "so-import-%{+yyyy.MM.dd}"
- index: "so-import"
when.contains:
tags: "import"
- index: "so-zeek-%{+yyyy.MM.dd}"
- index: "so-zeek"
when.contains:
module: "zeek"
- index: "so-ids-%{+yyyy.MM.dd}"
- index: "so-ids"
when.contains:
module: "suricata"
- index: "so-ossec-%{+yyyy.MM.dd}"
- index: "so-ossec"
when.contains:
module: "ossec"
- index: "so-osquery-%{+yyyy.MM.dd}"
- index: "so-osquery"
when.contains:
module: "osquery"
- index: "so-strelka-%{+yyyy.MM.dd}"
- index: "so-strelka"
when.contains:
module: "strelka"