Fleet metric annotations

2025-12-08 10:12:53 +01:00 · 2024-07-09 15:39:59 +00:00
parent 8615e5d5ea
commit 669f68ad88
1 changed files with 70 additions and 0 deletions
--- a/salt/elasticsearch/soc_elasticsearch.yaml
+++ b/salt/elasticsearch/soc_elasticsearch.yaml
@@ -530,6 +530,76 @@ elasticsearch:
    so-strelka: *indexSettings
    so-syslog: *indexSettings
    so-zeek: *indexSettings
    so-metrics-fleet_server_x_agent_status: &fleetMetricsSettings
      index_sorting:
        description: Sorts the index by event time, at the cost of additional processing resource consumption.
        advanced: True
        readonly: True
        helpLink: elasticsearch.html
      index_template:
        ignore_missing_component_templates:
          description: Ignore component templates if they aren't in Elasticsearch.
          forcedType: "[]string"
          multiline: True
          global: True
          advanced: True
          readonly: True
          helpLink: elasticsearch.html
        index_patterns:
          description: Patterns for matching multiple indices or tables.
          forceType: "[]string"
          multiline: True
          global: True
          advanced: True
          readonly: True
          helpLink: elasticsearch.html
        template:
          settings:
            index:
              mode:
                description: Type of mode used for this index. Time series indices can be used for metrics to reduce necessary storage.
                forcedType: string
                global: True
                advanced: True
                readonly: True
                helpLink: elasticsearch.html
              number_of_replicas:
                description: Number of replicas required for this index. Multiple replicas protects against data loss, but also increases storage costs.
                forcedType: int
                global: True
                advanced: True
                readonly: True
                helpLink: elasticsearch.html
        composed_of:
          description: The index template is composed of these component templates.
          forcedType: "[]string"
          global: True
          advanced: True
          readonly: True
          helpLink: elasticsearch.html
        priority:
          description: The priority of the index template.
          forcedType: int
          global: True
          advanced: True
          readonly: True
          helpLink: elasticsearch.html
        data_stream:
          hidden:
            description: Hide the data stream.
            forcedType: bool
            global: True
            advanced: True
            readonly: True
            helpLink: elasticsearch.html
          allow_custom_routing:
            description: Allow custom routing for the data stream.
            forcedType: bool
            global: True
            advanced: True
            readonly: True
            helpLink: elasticsearch.html
    so-metrics-fleet_server_x_agent_versions: *fleetMetricsSettings
  so_roles:
    so-manager: &soroleSettings
      config: