CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 18:22:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Modify Logstash Elastic Agent output to accomodate for events with and without 'metadata.pipeline'

Browse Source
This commit is contained in:
Wes
2023-01-11 13:57:32 +00:00
parent caf0ea6b53
commit 5d86edeed4
1 changed files with 22 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
salt/logstash/pipelines/config/so/9805_output_elastic_agent.conf.jinja
View File

@@ -1,14 +1,28 @@
output { output {
if "elastic-agent" in [tags] and "import" not in [tags] { if "elastic-agent" in [tags] and "import" not in [tags] {
elasticsearch { if [metadata][pipeline] {
hosts => "{{ GLOBALS.manager }}" elasticsearch {
ecs_compatibility => v8 hosts => "{{ GLOBALS.manager }}"
data_stream => true ecs_compatibility => v8
user => "{{ ES_USER }}" data_stream => true
password => "{{ ES_PASS }}" user => "{{ ES_USER }}"
ssl => true password => "{{ ES_PASS }}"
ssl_certificate_verification => false pipeline => "%{[metadata][pipeline]}"
ssl => true
ssl_certificate_verification => false
}
} }
else {
elasticsearch {
hosts => "{{ GLOBALS.manager }}"
ecs_compatibility => v8
data_stream => true
user => "{{ ES_USER }}"
password => "{{ ES_PASS }}"
ssl => true
ssl_certificate_verification => false
}
}
} }
} }