From 86d60e444d483c170e4039a716d593b11e337dcf Mon Sep 17 00:00:00 2001 From: Wes Date: Thu, 8 Sep 2022 00:20:22 +0000 Subject: [PATCH] Add Elastic Agent index/template configuration to defaults file --- salt/elasticsearch/defaults.yaml | 374 +++++++++++++++++++++++++++++++ 1 file changed, 374 insertions(+) diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml index 830d1372c..6fa356c61 100644 --- a/salt/elasticsearch/defaults.yaml +++ b/salt/elasticsearch/defaults.yaml @@ -60,6 +60,380 @@ elasticsearch: elasticsearch: deprecation: ERROR index_settings: + so-logs-elastic_agent.apm_server: + index_sorting: False + index_template: + index_patterns: + - "logs-elastic_agent.apm_server-*" + template: + settings: + index: + mapping: + total_fields: + limit: 5000 + sort: + field: "@timestamp" + order: desc + mappings: + _meta: + package: + name: elastic_agent + managed_by: fleet + managed: true + composed_of: + - "so-logs-elastic_agent.apm_server@package" + - "so-logs-elastic_agent.apm_server@custom" + - ".fleet_globals-1" + - ".fleet_agent_id_verification-1" + priority: 500 + _meta: + package: + name: elastic_agent + managed_by: fleet + managed: true + data_stream: + hidden: false + allow_custom_routing: false + so-logs-elastic_agent.auditbeat: + index_sorting: False + index_template: + index_patterns: + - "logs-elastic_agent.auditbeat-*" + template: + settings: + index: + mapping: + total_fields: + limit: 5000 + sort: + field: "@timestamp" + order: desc + mappings: + _meta: + package: + name: elastic_agent + managed_by: fleet + managed: true + composed_of: + - "so-logs-elastic_agent.auditbeat@package" + - "so-logs-elastic_agent.auditbeat@custom" + - ".fleet_globals-1" + - ".fleet_agent_id_verification-1" + priority: 500 + _meta: + package: + name: elastic_agent + managed_by: fleet + managed: true + data_stream: + hidden: false + allow_custom_routing: false + so-logs-elastic_agent.cloudbeat: + index_sorting: False + index_template: + index_patterns: + - "logs-elastic_agent.cloudbeat-*" + template: + settings: + index: + mapping: + total_fields: + limit: 5000 + sort: + field: "@timestamp" + order: desc + mappings: + _meta: + package: + name: elastic_agent + managed_by: fleet + managed: true + composed_of: + - "so-logs-elastic_agent.cloudbeat@package" + - "so-logs-elastic_agent.cloudbeat@custom" + - ".fleet_globals-1" + - ".fleet_agent_id_verification-1" + priority: 500 + _meta: + package: + name: elastic_agent + managed_by: fleet + managed: true + data_stream: + hidden: false + allow_custom_routing: false + so-logs-elastic_agent.endpoint_security: + index_sorting: False + index_template: + index_patterns: + - "logs-elastic_agent.endpoint_security-*" + template: + settings: + index: + mapping: + total_fields: + limit: 5000 + sort: + field: "@timestamp" + order: desc + mappings: + _meta: + package: + name: elastic_agent + managed_by: fleet + managed: true + composed_of: + - "so-logs-elastic_agent.endpoint_security@package" + - "so-logs-elastic_agent.endpoint_security@custom" + - ".fleet_globals-1" + - ".fleet_agent_id_verification-1" + priority: 500 + _meta: + package: + name: elastic_agent + managed_by: fleet + managed: true + data_stream: + hidden: false + allow_custom_routing: false + so-logs-elastic_agent.filebeat: + index_sorting: False + index_template: + index_patterns: + - "logs-elastic_agent.filebeat-*" + template: + settings: + index: + mapping: + total_fields: + limit: 5000 + sort: + field: "@timestamp" + order: desc + mappings: + _meta: + package: + name: elastic_agent + managed_by: fleet + managed: true + composed_of: + - "so-logs-elastic_agent.filebeat@package" + - "so-logs-elastic_agent.filebeat@custom" + - ".fleet_globals-1" + - ".fleet_agent_id_verification-1" + priority: 500 + _meta: + package: + name: elastic_agent + managed_by: fleet + managed: true + data_stream: + hidden: false + allow_custom_routing: false + so-logs-elastic_agent.fleet_server: + index_sorting: False + index_template: + index_patterns: + - "logs-elastic_agent.fleet_server-*" + template: + settings: + index: + mapping: + total_fields: + limit: 5000 + sort: + field: "@timestamp" + order: desc + mappings: + _meta: + package: + name: elastic_agent + managed_by: fleet + managed: true + composed_of: + - "so-logs-elastic_agent.fleet_server@package" + - "so-logs-elastic_agent.fleet_server@custom" + - ".fleet_globals-1" + - ".fleet_agent_id_verification-1" + priority: 500 + _meta: + package: + name: elastic_agent + managed_by: fleet + managed: true + data_stream: + hidden: false + allow_custom_routing: false + so-logs-elastic_agent.heartbeat: + index_sorting: False + index_template: + index_patterns: + - "logs-elastic_agent.heartbeat-*" + template: + settings: + index: + mapping: + total_fields: + limit: 5000 + sort: + field: "@timestamp" + order: desc + mappings: + _meta: + package: + name: elastic_agent + managed_by: fleet + managed: true + composed_of: + - "so-logs-elastic_agent.heartbeat@package" + - "so-logs-elastic_agent.heartbeat@custom" + - ".fleet_globals-1" + - ".fleet_agent_id_verification-1" + priority: 500 + _meta: + package: + name: elastic_agent + managed_by: fleet + managed: true + data_stream: + hidden: false + allow_custom_routing: false + so-logs-elastic_agent: + index_sorting: False + index_template: + index_patterns: + - "logs-elastic_agent-*" + template: + settings: + index: + mapping: + total_fields: + limit: 5000 + sort: + field: "@timestamp" + order: desc + mappings: + _meta: + package: + name: elastic_agent + managed_by: fleet + managed: true + composed_of: + - "so-logs-elastic_agent@package" + - "so-logs-elastic_agent@custom" + - ".fleet_globals-1" + - ".fleet_agent_id_verification-1" + priority: 500 + _meta: + package: + name: elastic_agent + managed_by: fleet + managed: true + data_stream: + hidden: false + allow_custom_routing: false + so-logs-elastic_agent.metricbeat: + index_sorting: False + index_template: + index_patterns: + - "logs-elastic_agent.metricbeat-*" + template: + settings: + index: + mapping: + total_fields: + limit: 5000 + sort: + field: "@timestamp" + order: desc + mappings: + _meta: + package: + name: elastic_agent + managed_by: fleet + managed: true + composed_of: + - "so-logs-elastic_agent.metricbeat@package" + - "so-logs-elastic_agent.metricbeat@custom" + - ".fleet_globals-1" + - ".fleet_agent_id_verification-1" + priority: 500 + _meta: + package: + name: elastic_agent + managed_by: fleet + managed: true + data_stream: + hidden: false + allow_custom_routing: false + so-logs-elastic_agent.osquerybeat: + index_sorting: False + index_template: + index_patterns: + - "logs-elastic_agent.osquerybeat-*" + template: + settings: + index: + mapping: + total_fields: + limit: 5000 + sort: + field: "@timestamp" + order: desc + mappings: + _meta: + package: + name: elastic_agent + managed_by: fleet + managed: true + composed_of: + - "so-logs-elastic_agent.osquerybeat@package" + - "so-logs-elastic_agent.osquerybeat@custom" + - ".fleet_globals-1" + - ".fleet_agent_id_verification-1" + priority: 500 + _meta: + package: + name: elastic_agent + managed_by: fleet + managed: true + data_stream: + hidden: false + allow_custom_routing: false + so-logs-elastic_agent.packetbeat: + index_sorting: False + index_template: + index_patterns: + - "logs-elastic_agent.packetbeat-*" + template: + settings: + index: + mapping: + total_fields: + limit: 5000 + sort: + field: "@timestamp" + order: desc + mappings: + _meta: + package: + name: elastic_agent + managed_by: fleet + managed: true + composed_of: + - "so-logs-elastic_agent.packetbeat@package" + - "so-logs-elastic_agent.packetbeat@custom" + - ".fleet_globals-1" + - ".fleet_agent_id_verification-1" + priority: 500 + _meta: + package: + name: elastic_agent + managed_by: fleet + managed: true + data_stream: + hidden: false + allow_custom_routing: false so-aws: warm: 7 close: 30