Merge pull request #6167 from Security-Onion-Solutions/ecs_pipeline_common

Add config for dynamically formatted ingest pipelines
2025-12-06 09:12:45 +01:00 · 2021-11-09 15:41:43 -05:00
parent 3afb0bd263 f80b70e008
commit 9597373e4a
2 changed files with 21 additions and 0 deletions
--- a/salt/elasticsearch/files/ingest-dynamic/common
+++ b/salt/elasticsearch/files/ingest-dynamic/common
@@ -1,3 +1,5 @@
+{%- set HIGHLANDER = salt['pillar.get']('global:highlander', False) -%}
+{%- raw -%}
 {
  "description" : "common",
  "processors" : [
@@ -65,5 +67,16 @@
                "index_name_format": "yyyy.MM.dd"
        }
    }
+{%- endraw %}
+{%- if HIGHLANDER %}
+    ,
+    {
+      "pipeline": {
+        "name": "ecs"
+      }
+    }
+{%- endif %}
+{%- raw %} 
  ]
 }
+{% endraw %}
--- a/salt/elasticsearch/init.sls
+++ b/salt/elasticsearch/init.sls
@@ -131,6 +131,14 @@ esrolesdir:
    - group: 939
    - makedirs: True

+esingestdynamicconf:
+  file.recurse:
+    - name: /opt/so/conf/elasticsearch/ingest
+    - source: salt://elasticsearch/files/ingest-dynamic
+    - user: 930
+    - group: 939
+    - template: jinja
+
 esingestconf:
  file.recurse:
    - name: /opt/so/conf/elasticsearch/ingest