CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

use auto_expand_replica, configure ilm for so-case* & so-detection*

Browse Source 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
This commit is contained in:
reyesj2
2024-11-11 13:51:48 -06:00
parent f7c3957a43
commit 6dbe0645e5
2 changed files with 26 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
salt/elasticsearch/defaults.yaml
View File

@@ -111,15 +111,23 @@ elasticsearch:
match_mapping_type: string
settings:
index:
lifecycle:
name: so-case-logs
mapping:
total_fields:
limit: 1500
number_of_replicas: 0
auto_expand_replicas: 0-2
number_of_shards: 1
refresh_interval: 30s
sort:
field: '@timestamp'
order: desc
policy:
phases:
hot:
actions: {}
min_age: 0ms
so-common:
close: 30
delete: 365
@@ -258,15 +266,23 @@ elasticsearch:
match_mapping_type: string
settings:
index:
lifecycle:
name: so-detection-logs
mapping:
total_fields:
limit: 1500
number_of_replicas: 0
auto_expand_replicas: 0-2
number_of_shards: 1
refresh_interval: 30s
sort:
field: '@timestamp'
order: desc
policy:
phases:
hot:
actions: {}
min_age: 0ms
so-endgame:
index_sorting: false
index_template:

11
salt/manager/tools/sbin/soup
View File

@@ -520,7 +520,16 @@ post_to_2.4.110() {
}
post_to_2.4.120() {
echo "Nothing to apply"
for idx in "so-detection" "so-detectionhistory" "so-case" "so-casehistory"; do
JSON_STRING=$( jq -n \
--arg INDEX_NAME "$idx" \
'{"settings": {"index.auto_expand_replicas":"0-2","index.lifecycle.name":($INDEX_NAME) + "-logs"}}'
)
echo "Updating $idx index settings"
retry 5 15 "so-elasticsearch-query $idx/_settings -d "$JSON_STRING" -XPUT| grep '{\"acknowledged\":true}'"
echo ""
done
POSTVERSION=2.4.120
}