Update template settings to use data streams

2025-12-06 09:12:45 +01:00 · 2023-01-11 14:03:11 +00:00
parent 5062dd2873
commit c3b83f1fc8
1 changed files with 11 additions and 6 deletions
--- a/salt/elasticsearch/defaults.yaml
+++ b/salt/elasticsearch/defaults.yaml
@@ -1152,8 +1152,9 @@ elasticsearch:
      delete: 365
      index_sorting: False
      index_template:
+        data_stream: {}
        index_patterns:
-          - so-*
+          - logs-*_so
        template:
          mappings:
            dynamic_templates:
@@ -2154,11 +2155,12 @@ elasticsearch:
          - common-settings
          - common-dynamic-mappings
        priority: 500
-    so-ids:
+    so-suricata:
      index_sorting: False
      index_template:
+        data_stream: {}
        index_patterns:
-          - so-ids*
+          - logs-*-suricata_so
        template:
          mappings:
            dynamic_templates:
@@ -2324,8 +2326,9 @@ elasticsearch:
    so-import:
      index_sorting: False
      index_template:
+        data_stream: {}
        index_patterns:
-          - so-import*
+          - logs-*-import_so
        template:
          mappings:
            dynamic_templates:
@@ -4162,8 +4165,9 @@ elasticsearch:
    so-strelka:
      index_sorting: False
      index_template:
+        data_stream: {}
        index_patterns:
-          - so-strelka*
+          - logs-*-strelka_so
        template:
          mappings:
            dynamic_templates:
@@ -4415,8 +4419,9 @@ elasticsearch:
    so-zeek:
      index_sorting: False
      index_template:
+        data_stream: {}
        index_patterns:
-          - so-zeek*
+          - logs-*-zeek_so
        template:
          mappings:
            dynamic_templates: