Add event mappings and remove meta information for now

2025-12-06 17:22:49 +01:00 · 2023-06-13 13:35:46 +00:00
parent 57268ba934
commit d0a6881c2c
1 changed files with 12 additions and 34 deletions
--- a/salt/elasticsearch/defaults.yaml
+++ b/salt/elasticsearch/defaults.yaml
@@ -296,7 +296,7 @@ elasticsearch:
          - "logs-elastic_agent.apm_server@custom"
          - "so-fleet_globals-1"
          - "so-fleet_agent_id_verification-1"
-        priority: 200
+        priority: 501
        data_stream:
          hidden: false
          allow_custom_routing: false
@@ -350,7 +350,7 @@ elasticsearch:
          - "logs-elastic_agent.auditbeat@custom"
          - "so-fleet_globals-1"
          - "so-fleet_agent_id_verification-1"
-        priority: 200
+        priority: 501
        data_stream:
          hidden: false
          allow_custom_routing: false
@@ -404,7 +404,7 @@ elasticsearch:
          - "logs-elastic_agent.cloudbeat@custom"
          - "so-fleet_globals-1"
          - "so-fleet_agent_id_verification-1"
-        priority: 200
+        priority: 501
      policy:
        phases:
          hot:
@@ -455,7 +455,7 @@ elasticsearch:
          - "logs-elastic_agent.endpoint_security@custom"
          - "so-fleet_globals-1"
          - "so-fleet_agent_id_verification-1"
-        priority: 200
+        priority: 501
        data_stream:
          hidden: false
          allow_custom_routing: false
@@ -498,13 +498,8 @@ elasticsearch:
              sort:
                field: "@timestamp"
                order: desc
          mappings:
            _meta:
              package:
                name: elastic_agent
              managed_by: security_onion
              managed: true
        composed_of:
          - "event-mappings"
          - "logs-elastic_agent.filebeat@package"
          - "logs-elastic_agent.filebeat@custom"
          - "so-fleet_globals-1"
@@ -546,19 +541,11 @@ elasticsearch:
          settings:
            index:
              number_of_replicas: 0
              mapping:
                total_fields:
                  limit: 5000
              sort:
                field: "@timestamp"
                order: desc
          mappings:
            _meta:
              package:
                name: elastic_agent
              managed_by: security_onion
              managed: true
        composed_of:
          - "event-mappings"
          - "logs-elastic_agent.fleet_server@package"
          - "logs-elastic_agent.fleet_server@custom"
          - "so-fleet_globals-1"
@@ -617,7 +604,7 @@ elasticsearch:
          - "logs-elastic_agent.heartbeat@custom"
          - "so-fleet_globals-1"
          - "so-fleet_agent_id_verification-1"
-        priority: 200
+        priority: 501
      policy:
        phases:
          hot:
@@ -664,11 +651,12 @@ elasticsearch:
              managed_by: security_onion
              managed: true
        composed_of:
          - "event-mappings"
          - "logs-elastic_agent@package"
          - "logs-elastic_agent@custom"
          - "so-fleet_globals-1"
          - "so-fleet_agent_id_verification-1"
-        priority: 200
+        priority: 501
        data_stream:
          hidden: false
          allow_custom_routing: false
@@ -711,18 +699,13 @@ elasticsearch:
              sort:
                field: "@timestamp"
                order: desc
          mappings:
            _meta:
              package:
                name: elastic_agent
              managed_by: security_onion
              managed: true
        composed_of:
          - "event-mappings"
          - "logs-elastic_agent.metricbeat@package"
          - "logs-elastic_agent.metricbeat@custom"
          - "so-fleet_globals-1"
          - "so-fleet_agent_id_verification-1"
-        priority: 200
+        priority: 501
        data_stream:
          hidden: false
          allow_custom_routing: false
@@ -765,13 +748,8 @@ elasticsearch:
              sort:
                field: "@timestamp"
                order: desc
          mappings:
            _meta:
              package:
                name: elastic_agent
              managed_by: security_onion
              managed: true
        composed_of:
          - "event-mappings"
          - "logs-elastic_agent.osquerybeat@package"
          - "logs-elastic_agent.osquerybeat@custom"
          - "so-fleet_globals-1"