Add ES settings to pillar

2025-12-08 10:12:53 +01:00 · 2020-07-09 11:19:02 -04:00
parent 2c32c24bf0
commit 9c2f7d574d
9 changed files with 99 additions and 1 deletions
--- a/salt/logstash/pipelines/templates/so/so-beats-template.json
+++ b/salt/logstash/pipelines/templates/so/so-beats-template.json
@@ -0,0 +1,10 @@
 {
  "index_patterns": ["so-beats-*"],
  "version":50001,
  "order" : 11,
  "settings":{
    "number_of_replicas":0,
    "number_of_shards":1,
    "index.refresh_interval":"30s"
  }
 }
--- a/salt/logstash/pipelines/templates/so/so-firewall-template.json
+++ b/salt/logstash/pipelines/templates/so/so-firewall-template.json
@@ -0,0 +1,10 @@
 {
  "index_patterns": ["so-zeek-*"],
  "version":50001,
  "order" : 11,
  "settings":{
    "number_of_replicas":0,
    "number_of_shards":1,
    "index.refresh_interval":"30s"
  }
 }
--- a/salt/logstash/pipelines/templates/so/so-ids-template.json
+++ b/salt/logstash/pipelines/templates/so/so-ids-template.json
@@ -0,0 +1,10 @@
 {
  "index_patterns": ["so-zeek-*"],
  "version":50001,
  "order" : 11,
  "settings":{
    "number_of_replicas":0,
    "number_of_shards":1,
    "index.refresh_interval":"30s"
  }
 }
--- a/salt/logstash/pipelines/templates/so/so-import-template.json
+++ b/salt/logstash/pipelines/templates/so/so-import-template.json
@@ -0,0 +1,10 @@
 {
  "index_patterns": ["so-zeek-*"],
  "version":50001,
  "order" : 11,
  "settings":{
    "number_of_replicas":0,
    "number_of_shards":1,
    "index.refresh_interval":"30s"
  }
 }
--- a/salt/logstash/pipelines/templates/so/so-osquery-template.json
+++ b/salt/logstash/pipelines/templates/so/so-osquery-template.json
@@ -0,0 +1,10 @@
 {
  "index_patterns": ["so-zeek-*"],
  "version":50001,
  "order" : 11,
  "settings":{
    "number_of_replicas":0,
    "number_of_shards":1,
    "index.refresh_interval":"30s"
  }
 }
--- a/salt/logstash/pipelines/templates/so/so-ossec-template.json
+++ b/salt/logstash/pipelines/templates/so/so-ossec-template.json
@@ -0,0 +1,10 @@
 {
  "index_patterns": ["so-zeek-*"],
  "version":50001,
  "order" : 11,
  "settings":{
    "number_of_replicas":0,
    "number_of_shards":1,
    "index.refresh_interval":"30s"
  }
 }
--- a/salt/logstash/pipelines/templates/so/so-strelka-template.json
+++ b/salt/logstash/pipelines/templates/so/so-strelka-template.json
@@ -0,0 +1,10 @@
 {
  "index_patterns": ["so-zeek-*"],
  "version":50001,
  "order" : 11,
  "settings":{
    "number_of_replicas":0,
    "number_of_shards":1,
    "index.refresh_interval":"30s"
  }
 }
--- a/salt/logstash/pipelines/templates/so/so-syslog-template.json
+++ b/salt/logstash/pipelines/templates/so/so-syslog-template.json
@@ -0,0 +1,10 @@
 {
  "index_patterns": ["so-zeek-*"],
  "version":50001,
  "order" : 11,
  "settings":{
    "number_of_replicas":0,
    "number_of_shards":1,
    "index.refresh_interval":"30s"
  }
 }
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1068,10 +1068,28 @@ elasticsearch_pillar() {
 		"  log_size_limit: $log_size_limit"\
 		"  cur_close_days: $CURCLOSEDAYS"\
 		"  route_type: hot"\
 		"  replicas: 0"\
 		"  true_cluster: False"
 		"  true_cluster_name: so"
 		"  index_settings:"\
 		"    so-beats:"\
 		"      shards: 1"\
 		"    so-firewall:"\
 		"      shards: 1"\
 		"    so-ids:"\
 		"      shards: 1"\
 		"    so-import:"\
 		"      shards: 1"\
 		"    so-osquery:"\
 		"      shards: 1"\
 		"    so-ossec:"\
 		"      shards: 1"\
 		"    so-strelka:"\
 		"      shards: 1"\
 		"    so-syslog:"\
 		"      shards: 1"\
 		"    so-zeek:"\
 		"      shards: 5"\
 		"      replicas: 0"\
 		"" >> "$pillar_file"
 	if [ "$install_type" != 'EVAL' ] && [ "$install_type" != 'HELIXSENSOR' ] && [ "$install_type" != 'MASTERSEARCH' ] && [ "$install_type" != 'STANDALONE' ]; then