Merge remote-tracking branch 'remotes/origin/dev' into fix/reinstall

2025-12-06 09:12:45 +01:00 · 2022-01-26 15:48:46 -05:00
parent 2aa19b78da e303fb12cf
commit 9e2278a199
5 changed files with 26288 additions and 434 deletions
--- a/salt/elasticsearch/config.map.jinja
+++ b/salt/elasticsearch/config.map.jinja
@@ -36,11 +36,10 @@
 {# merge with the elasticsearch pillar #}
 {% set ESCONFIG = salt['pillar.get']('elasticsearch:config', default=ESCONFIG.elasticsearch.config, merge=True) %}

-{# remove elasticsearch.config.path.repo values if a symlink /nsm/elasticsearch/repo{{ repo }} doesn't exist #}
 {% if salt['pillar.get']('elasticsearch:config:path:repo', False) %}
  {% for repo in pillar.elasticsearch.config.path.repo %}
-    {# retcode is 1 if symlink doesn't exist #}
-    {% if salt['cmd.retcode']('test -L /nsm/elasticsearch/repo'~repo) %}
+    {# remove elasticsearch.config.path.repo value if the directory doesn't exist on the node #}
+    {% if not salt['file.directory_exists'](repo) %}
      {% do ESCONFIG.path.repo.remove(repo) %}
    {% endif %}
  {% endfor %}
--- a/salt/elasticsearch/files/ingest/zeek.dns
+++ b/salt/elasticsearch/files/ingest/zeek.dns
@@ -19,7 +19,7 @@
    { "rename": 	{ "field": "message2.RD", 		"target_field": "dns.recursion.desired",			"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.RA", 		"target_field": "dns.recursion.available",			"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.Z",		"target_field": "dns.reserved",			"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.answers", 		"target_field": "dns.answers",		"ignore_missing": true 	} },
+    { "rename": 	{ "field": "message2.answers", 		"target_field": "dns.answers.name",		"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.TTLs", 		"target_field": "dns.ttls",			"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.rejected", 	"target_field": "dns.query.rejected",		"ignore_missing": true 	} },
    { "script": 	{ "lang": "painless", "source": "ctx.dns.query.length = ctx.dns.query.name.length()",	"ignore_failure": true  } },
--- a/salt/elasticsearch/init.sls
+++ b/salt/elasticsearch/init.sls
@@ -326,7 +326,7 @@ so-elasticsearch:
      {% endif %}
      {% if ESCONFIG.path.get('repo', False) %}
        {% for repo in ESCONFIG.path.repo %}
-      - /nsm/elasticsearch/repo{{ repo }}:{{ repo }}:rw
+      - {{ repo }}:{{ repo }}:rw
        {% endfor %}
      {% endif %}
    - watch:
--- a/salt/elasticsearch/templates/so/so-case-template.json.jinja
+++ b/salt/elasticsearch/templates/so/so-case-template.json.jinja
@@ -10,11 +10,7 @@
    "number_of_shards":1,
    "index.refresh_interval":"{{ REFRESH }}",
    "index.routing.allocation.require.box_type":"hot",
-{%- if INDEX_SORTING is sameas true %}
-    "index.sort.field": "@timestamp",
-    "index.sort.order": "desc",
-{%- endif %}
-    "index.mapping.total_fields.limit": "1500"
+    "index.mapping.total_fields.limit": "10000"
  },
  "mappings": {
    "_meta": {
@@ -210,6 +206,15 @@
          "createTime": {
            "type": "date"
          },
+          "fields": {
+            "eager_global_ordinals": false,
+            "ignore_above": 1024,
+            "index": true,
+            "type": "flattened",
+            "index_options": "docs",
+            "split_queries_on_whitespace": false,
+            "doc_values": true
+          },
          "userId": {
            "type": "keyword",
            "ignore_above": 1024
--- a/salt/elasticsearch/templates/so/so-common-template.json.jinja
+++ b/salt/elasticsearch/templates/so/so-common-template.json.jinja