From 70f109af86a6cee8ae88362ff363cddaf3ff74ec Mon Sep 17 00:00:00 2001
From: Wes Lambert <wlambertts@gmail.com>
Date: Tue, 17 Mar 2020 21:29:28 +0000
Subject: [PATCH 1/2] elastic changes

---
 salt/kibana/etc/kibana.yml                                  | 2 +-
 .../pipelines/config/so/9600_output_ossec.conf.jinja        | 6 +++---
 .../pipelines/config/so/9700_output_strelka.conf.jinja      | 6 +++---
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/salt/kibana/etc/kibana.yml b/salt/kibana/etc/kibana.yml
index cdf102d12..b6b87dc2d 100644
--- a/salt/kibana/etc/kibana.yml
+++ b/salt/kibana/etc/kibana.yml
@@ -4,7 +4,7 @@
 server.name: kibana
 server.host: "0"
 server.basePath: /kibana
-elasticsearch.url: http://{{ ES }}:9200
+elasticsearch.hosts: [ "http://{{ ES }}:9200" ]
 #kibana.index: ".kibana"
 #elasticsearch.username: elastic
 #elasticsearch.password: changeme
diff --git a/salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja b/salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja
index 28391b29a..b32cb44df 100644
--- a/salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja
@@ -21,9 +21,9 @@ output {
     elasticsearch {
       pipeline => "%{event_type}"
       hosts => "{{ ES }}"
-      index => "so-ossec-%{+YYYY.MM.dd}"
-      template_name => "so-ossec"
-      template => "/so-ossec-template.json"
+      index => "so-common-%{+YYYY.MM.dd}"
+      template_name => "so-common"
+      template => "/so-common-template.json"
       template_overwrite => true
     }
   }
diff --git a/salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja b/salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja
index 48ed75f72..6c498c2bb 100644
--- a/salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja
@@ -20,9 +20,9 @@ output {
   if [event_type] =~ "strelka" {
     elasticsearch {
       hosts => "{{ ES }}"
-      index => "so-strelka-%{+YYYY.MM.dd}"
-      template_name => "so-strelka"
-      template => "/so-strelka-template.json"
+      index => "so-common-%{+YYYY.MM.dd}"
+      template_name => "so-common"
+      template => "/so-common-template.json"
       template_overwrite => true
     }
   }

From 4eac285fd9160672752b94328410650fee36fa78 Mon Sep 17 00:00:00 2001
From: Wes Lambert <wlambertts@gmail.com>
Date: Tue, 17 Mar 2020 21:31:19 +0000
Subject: [PATCH 2/2] change soversion

---
 setup/so-functions | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/so-functions b/setup/so-functions
index 1f33c22d6..bebac46c6 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -743,7 +743,7 @@ master_static() {
   touch /opt/so/saltstack/pillar/static.sls
 
   echo "static:" > /opt/so/saltstack/pillar/static.sls
-  echo "  soversion: HH1.1.4" >> /opt/so/saltstack/pillar/static.sls
+  echo "  soversion: HH1.2.1" >> /opt/so/saltstack/pillar/static.sls
   echo "  hnmaster: $HNMASTER" >> /opt/so/saltstack/pillar/static.sls
   echo "  ntpserver: $NTPSERVER" >> /opt/so/saltstack/pillar/static.sls
   echo "  proxy: $PROXY" >> /opt/so/saltstack/pillar/static.sls