Add temaplte files per index

2025-12-06 17:22:49 +01:00 · 2020-07-09 11:51:55 -04:00
parent 9c2f7d574d
commit 96bcf9d9f3
10 changed files with 76 additions and 48 deletions
--- a/salt/logstash/pipelines/templates/so/so-beats-template.json
+++ b/salt/logstash/pipelines/templates/so/so-beats-template.json
@@ -1,10 +1,13 @@
+{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-beats:shards', 1) %}
+{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
+{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-beats:refresh', '30s') %}
 {
  "index_patterns": ["so-beats-*"],
-  "version":50001,
-  "order" : 11,
+  "version": 50001,
+  "order": 11,
  "settings":{
-    "number_of_replicas":0,
-    "number_of_shards":1,
-    "index.refresh_interval":"30s"
+    "number_of_replicas":{{ REPLICAS }},
+    "number_of_shards":{{ SHARDS }},
+    "index.refresh_interval":"{{ REFRESH }}"
  }
 }
--- a/salt/logstash/pipelines/templates/so/so-common-template.json
+++ b/salt/logstash/pipelines/templates/so/so-common-template.json
@@ -1,15 +1,15 @@
 {
  "index_patterns": ["so-ids-*", "so-firewall-*", "so-syslog-*", "so-zeek-*", "so-import-*", "so-ossec-*", "so-strelka-*", "so-beats-*", "so-osquery-*"],
  "version":50001,
-  "order" : 10,
+  "order":10,
  "settings":{
    "number_of_replicas":0,
    "number_of_shards":1,
    "index.refresh_interval":"30s"
  },
  "mappings":{
-       "dynamic": false,
-       "date_detection": false,
+       "dynamic":false,
+       "date_detection":false,
       "properties":{
        "@timestamp":{
          "type":"date"
@@ -19,7 +19,7 @@
        },
  "osquery":{
          "type":"object",
-          "dynamic": true
+          "dynamic":true
        },
        "geoip":{
          "dynamic":true,
--- a/salt/logstash/pipelines/templates/so/so-firewall-template.json
+++ b/salt/logstash/pipelines/templates/so/so-firewall-template.json
@@ -1,10 +1,13 @@
+{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-firewall:shards', 1) %}
+{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
+{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-firewall:refresh', '30s') %}
 {
-  "index_patterns": ["so-zeek-*"],
+  "index_patterns": ["so-firewall-*"],
  "version":50001,
-  "order" : 11,
+  "order":11,
  "settings":{
-    "number_of_replicas":0,
-    "number_of_shards":1,
-    "index.refresh_interval":"30s"
+    "number_of_replicas":{{ REPLICAS }},
+    "number_of_shards":{{ SHARDS }},
+    "index.refresh_interval":"{{ REFRESH }}"
  }
 }
--- a/salt/logstash/pipelines/templates/so/so-ids-template.json
+++ b/salt/logstash/pipelines/templates/so/so-ids-template.json
@@ -1,10 +1,13 @@
+{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-ids:shards', 1) %}
+{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
+{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-ids:refresh', '30s') %}
 {
-  "index_patterns": ["so-zeek-*"],
+  "index_patterns": ["so-ids-*"],
  "version":50001,
-  "order" : 11,
+  "order":11,
  "settings":{
-    "number_of_replicas":0,
-    "number_of_shards":1,
-    "index.refresh_interval":"30s"
+    "number_of_replicas":{{ REPLICAS }},
+    "number_of_shards":{{ SHARDS }},
+    "index.refresh_interval":"{{ REFRESH }}"
  }
 }
--- a/salt/logstash/pipelines/templates/so/so-import-template.json
+++ b/salt/logstash/pipelines/templates/so/so-import-template.json
@@ -1,10 +1,13 @@
+{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-import:shards', 1) %}
+{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
+{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-import:refresh', '30s') %}
 {
-  "index_patterns": ["so-zeek-*"],
+  "index_patterns": ["so-import-*"],
  "version":50001,
-  "order" : 11,
+  "order": 11,
  "settings":{
-    "number_of_replicas":0,
-    "number_of_shards":1,
-    "index.refresh_interval":"30s"
+    "number_of_replicas":{{ REPLICAS }},
+    "number_of_shards":{{ SHARDS }},
+    "index.refresh_interval":"{{ REFRESH }}"
  }
 }
--- a/salt/logstash/pipelines/templates/so/so-osquery-template.json
+++ b/salt/logstash/pipelines/templates/so/so-osquery-template.json
@@ -1,10 +1,13 @@
+{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-osquery:shards', 1) %}
+{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
+{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-osquery:refresh', '30s') %}
 {
-  "index_patterns": ["so-zeek-*"],
+  "index_patterns": ["so-osquery-*"],
  "version":50001,
-  "order" : 11,
+  "order":11,
  "settings":{
-    "number_of_replicas":0,
-    "number_of_shards":1,
-    "index.refresh_interval":"30s"
+    "number_of_replicas":{{ REPLICAS }},
+    "number_of_shards":{{ SHARDS }},
+    "index.refresh_interval":"{{ REFRESH }}"
  }
 }
--- a/salt/logstash/pipelines/templates/so/so-ossec-template.json
+++ b/salt/logstash/pipelines/templates/so/so-ossec-template.json
@@ -1,10 +1,13 @@
+{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-ossec:shards', 1) %}
+{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
+{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-ossec:refresh', '30s') %}
 {
-  "index_patterns": ["so-zeek-*"],
+  "index_patterns": ["so-ossec-*"],
  "version":50001,
-  "order" : 11,
+  "order":11,
  "settings":{
-    "number_of_replicas":0,
-    "number_of_shards":1,
-    "index.refresh_interval":"30s"
+    "number_of_replicas":{{ REPLICAS }},
+    "number_of_shards":{{ SHARDS }},
+    "index.refresh_interval":"{{ REFRESH }}"
  }
 }
--- a/salt/logstash/pipelines/templates/so/so-strelka-template.json
+++ b/salt/logstash/pipelines/templates/so/so-strelka-template.json
@@ -1,10 +1,13 @@
+{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-strelka:shards', 1) %}
+{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
+{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-strelka:refresh', '30s') %}
 {
-  "index_patterns": ["so-zeek-*"],
+  "index_patterns": ["so-strelka-*"],
  "version":50001,
-  "order" : 11,
+  "order":11,
  "settings":{
-    "number_of_replicas":0,
-    "number_of_shards":1,
-    "index.refresh_interval":"30s"
+    "number_of_replicas":{{ REPLICAS }},
+    "number_of_shards":{{ SHARDS }},
+    "index.refresh_interval":"{{ REFRESH }}"
  }
 }
--- a/salt/logstash/pipelines/templates/so/so-syslog-template.json
+++ b/salt/logstash/pipelines/templates/so/so-syslog-template.json
@@ -1,10 +1,14 @@
+{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-syslog:shards', 1) %}
+{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
+{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-syslog:refresh', '30s') %}
 {
-  "index_patterns": ["so-zeek-*"],
+  "index_patterns": ["so-syslog-*"],
  "version":50001,
-  "order" : 11,
+  "order":11,
  "settings":{
-    "number_of_replicas":0,
-    "number_of_shards":1,
-    "index.refresh_interval":"30s"
+    "number_of_replicas":{{ REPLICAS }},
+    "number_of_shards":{{ SHARDS }},
+    "index.refresh_interval":"{{ REFRESH }}"
  }
 }
+
--- a/salt/logstash/pipelines/templates/so/so-zeek-template.json
+++ b/salt/logstash/pipelines/templates/so/so-zeek-template.json
@@ -1,10 +1,13 @@
+{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-zeek:shards', 1) %}
+{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
+{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-zeek:refresh', '30s') %}
 {
  "index_patterns": ["so-zeek-*"],
  "version":50001,
-  "order" : 11,
+  "order":11,
  "settings":{
-    "number_of_replicas":0,
-    "number_of_shards":1,
-    "index.refresh_interval":"30s"
+    "number_of_replicas":{{ REPLICAS }},
+    "number_of_shards":{{ SHARDS }},
+    "index.refresh_interval":"{{ REFRESH }}"
  }
 }