Merge pull request #12173 from Security-Onion-Solutions/fix/endpoint_metrics_templates

Add endpoint metrics templates
2025-12-06 09:12:45 +01:00 · 2024-01-12 11:26:09 -05:00
parent af3aa53612 418f41c7e4
commit c895b6a274
2 changed files with 135 additions and 0 deletions
--- a/salt/elasticsearch/defaults.yaml
+++ b/salt/elasticsearch/defaults.yaml
@@ -9250,6 +9250,138 @@ elasticsearch:
              set_priority:
                priority: 50
            min_age: 30d
+    so-metrics-endpoint_x_metadata:
+      index_sorting: False
+      index_template:
+        index_patterns:
+          - "metrics-endpoint.metadata-*"
+        template:
+          settings:
+            index:
+              lifecycle:
+                name: so-metrics-endpoint.metadata-logs
+              number_of_replicas: 0
+        composed_of:
+          - "metrics-endpoint.metadata@package"
+          - "metrics-endpoint.metadata@custom"
+          - "so-fleet_globals-1"
+          - "so-fleet_agent_id_verification-1"
+        priority: 501
+        data_stream:
+          hidden: false
+          allow_custom_routing: false
+      policy:
+        phases:
+          cold:
+            actions:
+              set_priority:
+                priority: 0
+            min_age: 30d
+          delete:
+            actions:
+              delete: {}
+            min_age: 365d
+          hot:
+            actions:
+              rollover:
+                max_age: 30d
+                max_primary_shard_size: 50gb
+              set_priority:
+                priority: 100
+            min_age: 0ms
+          warm:
+            actions:
+              set_priority:
+                priority: 50
+            min_age: 30d
+    so-metrics-endpoint_x_metrics:
+      index_sorting: False
+      index_template:
+        index_patterns:
+          - "metrics-endpoint.metrics-*"
+        template:
+          settings:
+            index:
+              lifecycle:
+                name: so-metrics-endpoint.metrics-logs
+              number_of_replicas: 0
+        composed_of:
+          - "metrics-endpoint.metrics@package"
+          - "metrics-endpoint.metrics@custom"
+          - "so-fleet_globals-1"
+          - "so-fleet_agent_id_verification-1"
+        priority: 501
+        data_stream:
+          hidden: false
+          allow_custom_routing: false
+      policy:
+        phases:
+          cold:
+            actions:
+              set_priority:
+                priority: 0
+            min_age: 30d
+          delete:
+            actions:
+              delete: {}
+            min_age: 365d
+          hot:
+            actions:
+              rollover:
+                max_age: 30d
+                max_primary_shard_size: 50gb
+              set_priority:
+                priority: 100
+            min_age: 0ms
+          warm:
+            actions:
+              set_priority:
+                priority: 50
+            min_age: 30d
+    so-metrics-endpoint_x_policy:
+      index_sorting: False
+      index_template:
+        index_patterns:
+          - "metrics-endpoint.policy-*"
+        template:
+          settings:
+            index:
+              lifecycle:
+                name: so-metrics-endpoint.policy-logs
+              number_of_replicas: 0
+        composed_of:
+          - "metrics-endpoint.policy@package"
+          - "metrics-endpoint.policy@custom"
+          - "so-fleet_globals-1"
+          - "so-fleet_agent_id_verification-1"
+        priority: 501
+        data_stream:
+          hidden: false
+          allow_custom_routing: false
+      policy:
+        phases:
+          cold:
+            actions:
+              set_priority:
+                priority: 0
+            min_age: 30d
+          delete:
+            actions:
+              delete: {}
+            min_age: 365d
+          hot:
+            actions:
+              rollover:
+                max_age: 30d
+                max_primary_shard_size: 50gb
+              set_priority:
+                priority: 100
+            min_age: 0ms
+          warm:
+            actions:
+              set_priority:
+                priority: 50
+            min_age: 30d
    so-metrics-vsphere_x_datastore:
      index_sorting: False
      index_template:
--- a/salt/elasticsearch/soc_elasticsearch.yaml
+++ b/salt/elasticsearch/soc_elasticsearch.yaml
@@ -467,6 +467,9 @@ elasticsearch:
    so-logs-elastic_agent_x_metricbeat: *indexSettings
    so-logs-elastic_agent_x_osquerybeat: *indexSettings
    so-logs-elastic_agent_x_packetbeat: *indexSettings
+    so-metrics-endpoint_x_metadata: *indexSettings
+    so-metrics-endpoint_x_metrics: *indexSettings
+    so-metrics-endpoint_x_policy: *indexSettings
    so-case: *indexSettings
    so-common: *indexSettings
    so-endgame: *indexSettings