Add ES settings to pillar

2025-12-07 17:52:46 +01:00 · 2020-07-09 11:19:02 -04:00
parent 2c32c24bf0
commit 9c2f7d574d
9 changed files with 99 additions and 1 deletions
--- a/salt/logstash/pipelines/templates/so/so-beats-template.json
+++ b/salt/logstash/pipelines/templates/so/so-beats-template.json
@@ -0,0 +1,10 @@
+{
+  "index_patterns": ["so-beats-*"],
+  "version":50001,
+  "order" : 11,
+  "settings":{
+    "number_of_replicas":0,
+    "number_of_shards":1,
+    "index.refresh_interval":"30s"
+  }
+}
--- a/salt/logstash/pipelines/templates/so/so-firewall-template.json
+++ b/salt/logstash/pipelines/templates/so/so-firewall-template.json
@@ -0,0 +1,10 @@
+{
+  "index_patterns": ["so-zeek-*"],
+  "version":50001,
+  "order" : 11,
+  "settings":{
+    "number_of_replicas":0,
+    "number_of_shards":1,
+    "index.refresh_interval":"30s"
+  }
+}
--- a/salt/logstash/pipelines/templates/so/so-ids-template.json
+++ b/salt/logstash/pipelines/templates/so/so-ids-template.json
@@ -0,0 +1,10 @@
+{
+  "index_patterns": ["so-zeek-*"],
+  "version":50001,
+  "order" : 11,
+  "settings":{
+    "number_of_replicas":0,
+    "number_of_shards":1,
+    "index.refresh_interval":"30s"
+  }
+}
--- a/salt/logstash/pipelines/templates/so/so-import-template.json
+++ b/salt/logstash/pipelines/templates/so/so-import-template.json
@@ -0,0 +1,10 @@
+{
+  "index_patterns": ["so-zeek-*"],
+  "version":50001,
+  "order" : 11,
+  "settings":{
+    "number_of_replicas":0,
+    "number_of_shards":1,
+    "index.refresh_interval":"30s"
+  }
+}
--- a/salt/logstash/pipelines/templates/so/so-osquery-template.json
+++ b/salt/logstash/pipelines/templates/so/so-osquery-template.json
@@ -0,0 +1,10 @@
+{
+  "index_patterns": ["so-zeek-*"],
+  "version":50001,
+  "order" : 11,
+  "settings":{
+    "number_of_replicas":0,
+    "number_of_shards":1,
+    "index.refresh_interval":"30s"
+  }
+}
--- a/salt/logstash/pipelines/templates/so/so-ossec-template.json
+++ b/salt/logstash/pipelines/templates/so/so-ossec-template.json
@@ -0,0 +1,10 @@
+{
+  "index_patterns": ["so-zeek-*"],
+  "version":50001,
+  "order" : 11,
+  "settings":{
+    "number_of_replicas":0,
+    "number_of_shards":1,
+    "index.refresh_interval":"30s"
+  }
+}
--- a/salt/logstash/pipelines/templates/so/so-strelka-template.json
+++ b/salt/logstash/pipelines/templates/so/so-strelka-template.json
@@ -0,0 +1,10 @@
+{
+  "index_patterns": ["so-zeek-*"],
+  "version":50001,
+  "order" : 11,
+  "settings":{
+    "number_of_replicas":0,
+    "number_of_shards":1,
+    "index.refresh_interval":"30s"
+  }
+}
--- a/salt/logstash/pipelines/templates/so/so-syslog-template.json
+++ b/salt/logstash/pipelines/templates/so/so-syslog-template.json
@@ -0,0 +1,10 @@
+{
+  "index_patterns": ["so-zeek-*"],
+  "version":50001,
+  "order" : 11,
+  "settings":{
+    "number_of_replicas":0,
+    "number_of_shards":1,
+    "index.refresh_interval":"30s"
+  }
+}
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1068,10 +1068,28 @@ elasticsearch_pillar() {
 		"  log_size_limit: $log_size_limit"\
 		"  cur_close_days: $CURCLOSEDAYS"\
 		"  route_type: hot"\
+		"  replicas: 0"\
+		"  true_cluster: False"
+		"  true_cluster_name: so"
 		"  index_settings:"\
+		"    so-beats:"\
+		"      shards: 1"\
+		"    so-firewall:"\
+		"      shards: 1"\
+		"    so-ids:"\
+		"      shards: 1"\
+		"    so-import:"\
+		"      shards: 1"\
+		"    so-osquery:"\
+		"      shards: 1"\
+		"    so-ossec:"\
+		"      shards: 1"\
+		"    so-strelka:"\
+		"      shards: 1"\
+		"    so-syslog:"\
+		"      shards: 1"\
 		"    so-zeek:"\
 		"      shards: 5"\
-		"      replicas: 0"\
 		"" >> "$pillar_file"

 	if [ "$install_type" != 'EVAL' ] && [ "$install_type" != 'HELIXSENSOR' ] && [ "$install_type" != 'MASTERSEARCH' ] && [ "$install_type" != 'STANDALONE' ]; then