From 96bcf9d9f3b5f878095d43fc418cf5b1a4336ed7 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 9 Jul 2020 11:51:55 -0400 Subject: [PATCH] Add temaplte files per index --- .../pipelines/templates/so/so-beats-template.json | 13 ++++++++----- .../pipelines/templates/so/so-common-template.json | 8 ++++---- .../templates/so/so-firewall-template.json | 13 ++++++++----- .../pipelines/templates/so/so-ids-template.json | 13 ++++++++----- .../pipelines/templates/so/so-import-template.json | 13 ++++++++----- .../templates/so/so-osquery-template.json | 13 ++++++++----- .../pipelines/templates/so/so-ossec-template.json | 13 ++++++++----- .../templates/so/so-strelka-template.json | 13 ++++++++----- .../pipelines/templates/so/so-syslog-template.json | 14 +++++++++----- .../pipelines/templates/so/so-zeek-template.json | 11 +++++++---- 10 files changed, 76 insertions(+), 48 deletions(-) diff --git a/salt/logstash/pipelines/templates/so/so-beats-template.json b/salt/logstash/pipelines/templates/so/so-beats-template.json index 48459bc7a..6d2cf7851 100644 --- a/salt/logstash/pipelines/templates/so/so-beats-template.json +++ b/salt/logstash/pipelines/templates/so/so-beats-template.json @@ -1,10 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-beats:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-beats:refresh', '30s') %} { "index_patterns": ["so-beats-*"], - "version":50001, - "order" : 11, + "version": 50001, + "order": 11, "settings":{ - "number_of_replicas":0, - "number_of_shards":1, - "index.refresh_interval":"30s" + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" } } diff --git a/salt/logstash/pipelines/templates/so/so-common-template.json b/salt/logstash/pipelines/templates/so/so-common-template.json index 396e26c3c..1b4bb1206 100644 --- a/salt/logstash/pipelines/templates/so/so-common-template.json +++ b/salt/logstash/pipelines/templates/so/so-common-template.json @@ -1,15 +1,15 @@ { "index_patterns": ["so-ids-*", "so-firewall-*", "so-syslog-*", "so-zeek-*", "so-import-*", "so-ossec-*", "so-strelka-*", "so-beats-*", "so-osquery-*"], "version":50001, - "order" : 10, + "order":10, "settings":{ "number_of_replicas":0, "number_of_shards":1, "index.refresh_interval":"30s" }, "mappings":{ - "dynamic": false, - "date_detection": false, + "dynamic":false, + "date_detection":false, "properties":{ "@timestamp":{ "type":"date" @@ -19,7 +19,7 @@ }, "osquery":{ "type":"object", - "dynamic": true + "dynamic":true }, "geoip":{ "dynamic":true, diff --git a/salt/logstash/pipelines/templates/so/so-firewall-template.json b/salt/logstash/pipelines/templates/so/so-firewall-template.json index 61a95c0e7..7bc81fd12 100644 --- a/salt/logstash/pipelines/templates/so/so-firewall-template.json +++ b/salt/logstash/pipelines/templates/so/so-firewall-template.json @@ -1,10 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-firewall:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-firewall:refresh', '30s') %} { - "index_patterns": ["so-zeek-*"], + "index_patterns": ["so-firewall-*"], "version":50001, - "order" : 11, + "order":11, "settings":{ - "number_of_replicas":0, - "number_of_shards":1, - "index.refresh_interval":"30s" + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" } } diff --git a/salt/logstash/pipelines/templates/so/so-ids-template.json b/salt/logstash/pipelines/templates/so/so-ids-template.json index 61a95c0e7..abf37319a 100644 --- a/salt/logstash/pipelines/templates/so/so-ids-template.json +++ b/salt/logstash/pipelines/templates/so/so-ids-template.json @@ -1,10 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-ids:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-ids:refresh', '30s') %} { - "index_patterns": ["so-zeek-*"], + "index_patterns": ["so-ids-*"], "version":50001, - "order" : 11, + "order":11, "settings":{ - "number_of_replicas":0, - "number_of_shards":1, - "index.refresh_interval":"30s" + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" } } diff --git a/salt/logstash/pipelines/templates/so/so-import-template.json b/salt/logstash/pipelines/templates/so/so-import-template.json index 61a95c0e7..e4d68235d 100644 --- a/salt/logstash/pipelines/templates/so/so-import-template.json +++ b/salt/logstash/pipelines/templates/so/so-import-template.json @@ -1,10 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-import:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-import:refresh', '30s') %} { - "index_patterns": ["so-zeek-*"], + "index_patterns": ["so-import-*"], "version":50001, - "order" : 11, + "order": 11, "settings":{ - "number_of_replicas":0, - "number_of_shards":1, - "index.refresh_interval":"30s" + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" } } diff --git a/salt/logstash/pipelines/templates/so/so-osquery-template.json b/salt/logstash/pipelines/templates/so/so-osquery-template.json index 61a95c0e7..47cb3ebab 100644 --- a/salt/logstash/pipelines/templates/so/so-osquery-template.json +++ b/salt/logstash/pipelines/templates/so/so-osquery-template.json @@ -1,10 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-osquery:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-osquery:refresh', '30s') %} { - "index_patterns": ["so-zeek-*"], + "index_patterns": ["so-osquery-*"], "version":50001, - "order" : 11, + "order":11, "settings":{ - "number_of_replicas":0, - "number_of_shards":1, - "index.refresh_interval":"30s" + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" } } diff --git a/salt/logstash/pipelines/templates/so/so-ossec-template.json b/salt/logstash/pipelines/templates/so/so-ossec-template.json index 61a95c0e7..ce903e228 100644 --- a/salt/logstash/pipelines/templates/so/so-ossec-template.json +++ b/salt/logstash/pipelines/templates/so/so-ossec-template.json @@ -1,10 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-ossec:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-ossec:refresh', '30s') %} { - "index_patterns": ["so-zeek-*"], + "index_patterns": ["so-ossec-*"], "version":50001, - "order" : 11, + "order":11, "settings":{ - "number_of_replicas":0, - "number_of_shards":1, - "index.refresh_interval":"30s" + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" } } diff --git a/salt/logstash/pipelines/templates/so/so-strelka-template.json b/salt/logstash/pipelines/templates/so/so-strelka-template.json index 61a95c0e7..2f7db541a 100644 --- a/salt/logstash/pipelines/templates/so/so-strelka-template.json +++ b/salt/logstash/pipelines/templates/so/so-strelka-template.json @@ -1,10 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-strelka:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-strelka:refresh', '30s') %} { - "index_patterns": ["so-zeek-*"], + "index_patterns": ["so-strelka-*"], "version":50001, - "order" : 11, + "order":11, "settings":{ - "number_of_replicas":0, - "number_of_shards":1, - "index.refresh_interval":"30s" + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" } } diff --git a/salt/logstash/pipelines/templates/so/so-syslog-template.json b/salt/logstash/pipelines/templates/so/so-syslog-template.json index 61a95c0e7..47f8d78e6 100644 --- a/salt/logstash/pipelines/templates/so/so-syslog-template.json +++ b/salt/logstash/pipelines/templates/so/so-syslog-template.json @@ -1,10 +1,14 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-syslog:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-syslog:refresh', '30s') %} { - "index_patterns": ["so-zeek-*"], + "index_patterns": ["so-syslog-*"], "version":50001, - "order" : 11, + "order":11, "settings":{ - "number_of_replicas":0, - "number_of_shards":1, - "index.refresh_interval":"30s" + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" } } + diff --git a/salt/logstash/pipelines/templates/so/so-zeek-template.json b/salt/logstash/pipelines/templates/so/so-zeek-template.json index 61a95c0e7..616607f52 100644 --- a/salt/logstash/pipelines/templates/so/so-zeek-template.json +++ b/salt/logstash/pipelines/templates/so/so-zeek-template.json @@ -1,10 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-zeek:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-zeek:refresh', '30s') %} { "index_patterns": ["so-zeek-*"], "version":50001, - "order" : 11, + "order":11, "settings":{ - "number_of_replicas":0, - "number_of_shards":1, - "index.refresh_interval":"30s" + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" } }