CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Modify default 'logs-*' template priority

Browse Source
This commit is contained in:
weslambert
2023-01-18 17:24:07 -05:00
committed by GitHub
parent 1bf088e976
commit 7a499c9051
1 changed files with 61 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
salt/elasticsearch/defaults.yaml
View File

@@ -57,6 +57,67 @@ elasticsearch:
elasticsearch: elasticsearch:
deprecation: ERROR deprecation: ERROR
index_settings: index_settings:
so-logs:
index_sorting: False
index_template:
index_patterns:
- "logs-*"
data_stream:
hidden: false
allow_custom_routing: false
template:
settings:
index:
number_of_replicas: 0
lifecycle:
name: logs
codec: best_compression
routing:
allocation:
include:
_tier_preferences: data_hot
query:
default_field:
- message
mappings:
dynamic_templates:
- match_ip:
match: ip
match_mapping_type: string
mapping:
allow_custom_routing: false
template:
settings:
index:
number_of_replicas: 0
lifecycle:
name: logs
codec: best_compression
routing:
allocation:
include:
_tier_preferences: data_hot
query:
default_field:
- message
mappings:
dynamic_templates:
- match_ip:
match: ip
match_mapping_type: string
mapping:
type: ip
- match_message:
match: message
match_mapping_type: string
mapping:
type: match_only_text
- strings_as_keyword:
match_mapping_type: string
mapping:
ignore_above: 1024
type: keyword
priority: 125
so-logs-elastic_agent.apm_server: so-logs-elastic_agent.apm_server:
index_sorting: False index_sorting: False
index_template: index_template: