From 3875970dc52de40d2e112082798f4285776383fd Mon Sep 17 00:00:00 2001 From: Wes Date: Thu, 2 Nov 2023 21:09:37 +0000 Subject: [PATCH 1/2] Add checkpoint and vsphere packages --- salt/elasticfleet/defaults.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/salt/elasticfleet/defaults.yaml b/salt/elasticfleet/defaults.yaml index ba779f5a0..61ae5999f 100644 --- a/salt/elasticfleet/defaults.yaml +++ b/salt/elasticfleet/defaults.yaml @@ -35,6 +35,7 @@ elasticfleet: - azure - barracuda - carbonblack_edr + - checkpoint - cisco_asa - cisco_duo - cisco_meraki @@ -86,6 +87,7 @@ elasticfleet: - ti_otx - ti_recordedfuture - udp + - vsphere - windows - zscaler_zia - zscaler_zpa From 5bfef3f527bb530793ded8120fc91bdb728b03e3 Mon Sep 17 00:00:00 2001 From: Wes Date: Thu, 2 Nov 2023 21:10:01 +0000 Subject: [PATCH 2/2] Add checkpoint and vsphere templates --- salt/elasticsearch/defaults.yaml | 220 +++++++++++++++++++++++++++++++ 1 file changed, 220 insertions(+) diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml index cd8ff9397..02c2529a6 100644 --- a/salt/elasticsearch/defaults.yaml +++ b/salt/elasticsearch/defaults.yaml @@ -1965,6 +1965,50 @@ elasticsearch: set_priority: priority: 50 min_age: 30d + so-logs-checkpoint_x_firewall: + index_sorting: False + index_template: + index_patterns: + - "logs-checkpoint.firewall-*" + template: + settings: + index: + lifecycle: + name: so-logs-checkpoint.firewall-logs + number_of_replicas: 0 + composed_of: + - "logs-checkpoint.firewall@package" + - "logs-checkpoint.firewall@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 30d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d so-logs-cisco_asa_x_log: index_sorting: false index_template: @@ -7798,6 +7842,50 @@ elasticsearch: set_priority: priority: 50 min_age: 30d + so-logs-vsphere_x_log: + index_sorting: False + index_template: + index_patterns: + - "logs-vsphere.log-*" + template: + settings: + index: + lifecycle: + name: so-logs-vsphere.log-logs + number_of_replicas: 0 + composed_of: + - "logs-vsphere.log@package" + - "logs-vsphere.log@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 30d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d so-logs-windows_x_forwarded: index_sorting: false index_template: @@ -8414,6 +8502,138 @@ elasticsearch: set_priority: priority: 50 min_age: 30d + so-metrics-vsphere_x_datastore: + index_sorting: False + index_template: + index_patterns: + - "metrics-vsphere.datastore-*" + template: + settings: + index: + lifecycle: + name: so-metrics-vsphere.datastore-logs + number_of_replicas: 0 + composed_of: + - "metrics-vsphere.datastore@package" + - "metrics-vsphere.datastore@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 30d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d + so-metrics-vsphere_x_host: + index_sorting: False + index_template: + index_patterns: + - "metrics-vsphere.host-*" + template: + settings: + index: + lifecycle: + name: so-metrics-vsphere.host-logs + number_of_replicas: 0 + composed_of: + - "metrics-vsphere.host@package" + - "metrics-vsphere.host@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 30d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d + so-metrics-vsphere_x_virtualmachine: + index_sorting: False + index_template: + index_patterns: + - "metrics-vsphere.virtualmachine-*" + template: + settings: + index: + lifecycle: + name: so-metrics-vsphere.virtualmachine-logs + number_of_replicas: 0 + composed_of: + - "metrics-vsphere.virtualmachine@package" + - "metrics-vsphere.virtualmachine@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 30d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d so-logstash: index_sorting: false index_template: