move templates from logstash to elasticsearch

pillar/elasticsearch/search.sls

@@ -0,0 +1,13 @@
+elasticsearch:
+  templates:
+    - so/so-beats-template.json.jinja
+    - so/so-common-template.json
+    - so/so-firewall-template.json.jinja
+    - so/so-flow-template.json.jinja
+    - so/so-ids-template.json.jinja
+    - so/so-import-template.json.jinja
+    - so/so-osquery-template.json.jinja
+    - so/so-ossec-template.json.jinja
+    - so/so-strelka-template.json.jinja
+    - so/so-syslog-template.json.jinja
+    - so/so-zeek-template.json.jinja

pillar/logstash/eval.sls

@@ -1,29 +0,0 @@
-logstash:
-  pipelines:
-    eval:
-      config:
-        - so/0800_input_eval.conf
-        - so/1002_preprocess_json.conf
-        - so/1033_preprocess_snort.conf
-        - so/7100_osquery_wel.conf
-        - so/8999_postprocess_rename_type.conf
-        - so/9000_output_bro.conf.jinja
-        - so/9002_output_import.conf.jinja
-        - so/9033_output_snort.conf.jinja
-        - so/9100_output_osquery.conf.jinja
-        - so/9400_output_suricata.conf.jinja
-        - so/9500_output_beats.conf.jinja
-        - so/9600_output_ossec.conf.jinja
-        - so/9700_output_strelka.conf.jinja
-  templates:
-    - so/so-beats-template.json.jinja
-    - so/so-common-template.json
-    - so/so-firewall-template.json.jinja
-    - so/so-flow-template.json.jinja
-    - so/so-ids-template.json.jinja
-    - so/so-import-template.json.jinja
-    - so/so-osquery-template.json.jinja
-    - so/so-ossec-template.json.jinja
-    - so/so-strelka-template.json.jinja
-    - so/so-syslog-template.json.jinja
-    - so/so-zeek-template.json.jinja

pillar/logstash/search.sls

@@ -11,15 +11,3 @@ logstash:
         - so/9500_output_beats.conf.jinja
         - so/9600_output_ossec.conf.jinja
         - so/9700_output_strelka.conf.jinja
-  templates:
-    - so/so-beats-template.json.jinja
-    - so/so-common-template.json
-    - so/so-firewall-template.json.jinja
-    - so/so-flow-template.json.jinja
-    - so/so-ids-template.json.jinja
-    - so/so-import-template.json.jinja
-    - so/so-osquery-template.json.jinja
-    - so/so-ossec-template.json.jinja
-    - so/so-strelka-template.json.jinja
-    - so/so-syslog-template.json.jinja
-    - so/so-zeek-template.json.jinja

pillar/top.sls

@@ -11,6 +11,7 @@ base:
     - logstash
     - logstash.manager
     - logstash.search
+    - elasticsearch.search
 
   '*_sensor':
     - static
@@ -41,6 +42,7 @@ base:
     - logstash
     - logstash.manager
     - logstash.search
+    - elasticsearch.search
     - data.*
     - brologs
     - secrets
@@ -75,4 +77,5 @@ base:
     - static
     - logstash
     - logstash.search
+    - elasticsearch.search
     - minions.{{ grains.id }}