mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-06-08 11:25:51 +02:00
Use JSONB for Telegraf fields/tags to avoid 1600-column limit
High-cardinality inputs (docker, procstat, kafka) trigger ALTER TABLE ADD COLUMN on every new field name, and with all minions writing into a shared 'telegraf' schema the metric tables hit Postgres's 1600-column per-table ceiling quickly. Setting fields_as_jsonb and tags_as_jsonb on the postgresql output keeps metric tables fixed at (time, tag_id, fields jsonb) and tag tables at (tag_id, tags jsonb). - so-stats-show rewritten to use JSONB accessors ((fields->>'x')::numeric, tags->>'host', etc.) and cast memory/disk sizes to bigint so pg_size_pretty works - Drop regex/regexFailureMessage from telegraf_output SOC UI entry to match the convention upstream used when removing them from mdengine/pcapengine/pipeline; options: list drives validation
This commit is contained in:
Mike Reeves
@@ -61,12 +61,10 @@ global:
|
||||
advanced: True
|
||||
telegraf_output:
|
||||
description: Selects the backend(s) Telegraf writes metrics to. INFLUXDB keeps the current behavior; POSTGRES writes to the grid's Postgres instance; BOTH dual-writes for migration validation.
|
||||
regex: ^(INFLUXDB|POSTGRES|BOTH)$
|
||||
options:
|
||||
- INFLUXDB
|
||||
- POSTGRES
|
||||
- BOTH
|
||||
regexFailureMessage: You must enter INFLUXDB, POSTGRES, or BOTH.
|
||||
global: True
|
||||
advanced: True
|
||||
helpLink: influxdb
|
||||
|
||||
Reference in New Issue
Block a user