mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-08 02:02:50 +01:00
add annotation for so-logs index
This commit is contained in:
m0duspwnens
@@ -47,27 +47,25 @@ elasticsearch:
|
|||||||
global: True
|
global: True
|
||||||
helpLink: elasticsearch.html
|
helpLink: elasticsearch.html
|
||||||
index_settings:
|
index_settings:
|
||||||
so-elasticsearch: &indexSettings
|
so-logs: &indexSettings
|
||||||
warm:
|
|
||||||
description: Age (in days) of this index before it will move to warm storage, if warm nodes are present. Once moved, events on this index can take longer to fetch.
|
|
||||||
global: True
|
|
||||||
helpLink: elasticsearch.html
|
|
||||||
close:
|
|
||||||
description: Age (in days) of this index before it will be closed. Once closed, events on this index cannot be retrieved without first re-opening the index.
|
|
||||||
global: True
|
|
||||||
helpLink: elasticsearch.html
|
|
||||||
delete:
|
|
||||||
description: Age (in days) of this index before it will be deleted. Once deleted, events are permanently unrecoverable.
|
|
||||||
global: True
|
|
||||||
helpLink: elasticsearch.html
|
|
||||||
index_sorting:
|
index_sorting:
|
||||||
description: Sorts the index by event time, at the cost of additional processing resource consumption.
|
description: Sorts the index by event time, at the cost of additional processing resource consumption.
|
||||||
global: True
|
global: True
|
||||||
helpLink: elasticsearch.html
|
helpLink: elasticsearch.html
|
||||||
index_template:
|
index_template:
|
||||||
|
index_patterns:
|
||||||
|
description: Patterns for matching multiple indices or tables.
|
||||||
|
forceType: "[]string"
|
||||||
|
multiline: True
|
||||||
|
global: True
|
||||||
|
helpLink: elasticsearch.html
|
||||||
template:
|
template:
|
||||||
settings:
|
settings:
|
||||||
index:
|
index:
|
||||||
|
number_of_replicas:
|
||||||
|
description: Number of replicas required for this index. Multiple replicas protects against data loss, but also increases storage costs.
|
||||||
|
global: True
|
||||||
|
helpLink: elasticsearch.html
|
||||||
mapping:
|
mapping:
|
||||||
total_fields:
|
total_fields:
|
||||||
limit:
|
limit:
|
||||||
@@ -75,17 +73,59 @@ elasticsearch:
|
|||||||
global: True
|
global: True
|
||||||
helpLink: elasticsearch.html
|
helpLink: elasticsearch.html
|
||||||
refresh_interval:
|
refresh_interval:
|
||||||
description: Seconds between index refreshes. Shorter intervals can cause query performance to suffer since this is a synchronous and resource-intensive operation.
|
description: Seconds between index refreshes. Shorter intervals can cause query performance to suffer since this is a synchronous and resource-intensive operation.
|
||||||
global: True
|
global: True
|
||||||
helpLink: elasticsearch.html
|
helpLink: elasticsearch.html
|
||||||
number_of_shards:
|
number_of_shards:
|
||||||
description: Number of shards required for this index. Using multiple shards increases fault tolerance, but also increases storage and network costs.
|
description: Number of shards required for this index. Using multiple shards increases fault tolerance, but also increases storage and network costs.
|
||||||
|
global: True
|
||||||
|
helpLink: elasticsearch.html
|
||||||
|
sort:
|
||||||
|
field:
|
||||||
|
description: The field to sort by. Must set index_sorting to True.
|
||||||
global: True
|
global: True
|
||||||
helpLink: elasticsearch.html
|
helpLink: elasticsearch.html
|
||||||
number_of_replicas:
|
order:
|
||||||
description: Number of replicas required for this index. Multiple replicas protects against data loss, but also increases storage costs.
|
description: The order to sort by. Must set index_sorting to True.
|
||||||
global: True
|
global: True
|
||||||
helpLink: elasticsearch.html
|
helpLink: elasticsearch.html
|
||||||
|
mappings:
|
||||||
|
_meta:
|
||||||
|
package:
|
||||||
|
name:
|
||||||
|
description: Meta settings for the mapping.
|
||||||
|
global: True
|
||||||
|
helpLink: elasticsearch.html
|
||||||
|
managed_by:
|
||||||
|
description: Meta settings for the mapping.
|
||||||
|
global: True
|
||||||
|
helpLink: elasticsearch.html
|
||||||
|
managed:
|
||||||
|
description: Meta settings for the mapping.
|
||||||
|
forcedType: bool
|
||||||
|
global: True
|
||||||
|
helpLink: elasticsearch.html
|
||||||
|
composed_of:
|
||||||
|
description: The index template is composed of these component templates.
|
||||||
|
forcedType: "[]string"
|
||||||
|
global: True
|
||||||
|
helpLink: elasticsearch.html
|
||||||
|
priority:
|
||||||
|
description: The priority of the index template.
|
||||||
|
forcedType: int
|
||||||
|
global: True
|
||||||
|
helpLink: elasticsearch.html
|
||||||
|
data_stream:
|
||||||
|
hidden:
|
||||||
|
description: Hide the data stream.
|
||||||
|
forcedType: bool
|
||||||
|
global: True
|
||||||
|
helpLink: elasticsearch.html
|
||||||
|
allow_custom_routing:
|
||||||
|
description: Allow custom routing for the data stream.
|
||||||
|
forcedType: bool
|
||||||
|
global: True
|
||||||
|
helpLink: elasticsearch.html
|
||||||
policy:
|
policy:
|
||||||
phases:
|
phases:
|
||||||
hot:
|
hot:
|
||||||
@@ -97,6 +137,7 @@ elasticsearch:
|
|||||||
set_priority:
|
set_priority:
|
||||||
priority:
|
priority:
|
||||||
description: Priority of index. This is used for recovery after a node restart. Indices with higher priorities are recovered before indices with lower priorities.
|
description: Priority of index. This is used for recovery after a node restart. Indices with higher priorities are recovered before indices with lower priorities.
|
||||||
|
forcedType: int
|
||||||
global: True
|
global: True
|
||||||
helpLink: elasticsearch.html
|
helpLink: elasticsearch.html
|
||||||
rollover:
|
rollover:
|
||||||
@@ -117,20 +158,26 @@ elasticsearch:
|
|||||||
set_priority:
|
set_priority:
|
||||||
priority:
|
priority:
|
||||||
description: Used for index recovery after a node restart. Indices with higher priorities are recovered before indices with lower priorities.
|
description: Used for index recovery after a node restart. Indices with higher priorities are recovered before indices with lower priorities.
|
||||||
|
forcedType: int
|
||||||
global: True
|
global: True
|
||||||
helpLink: elasticsearch.html
|
helpLink: elasticsearch.html
|
||||||
delete:
|
delete:
|
||||||
min_age:
|
min_age:
|
||||||
description: Minimum age of index. This determines when the index should be deleted.
|
description: Minimum age of index. This determines when the index should be deleted.
|
||||||
global: True
|
global: True
|
||||||
helpLink: elastic
|
helpLink: elasticsearch.html
|
||||||
so-endgame: *indexSettings
|
_meta:
|
||||||
so-firewall: *indexSettings
|
package:
|
||||||
so-import: *indexSettings
|
name:
|
||||||
so-kibana: *indexSettings
|
description: Meta settings for the mapping.
|
||||||
so-logstash: *indexSettings
|
global: True
|
||||||
so-osquery: *indexSettings
|
helpLink: elasticsearch.html
|
||||||
so-redis: *indexSettings
|
managed_by:
|
||||||
so-strelka: *indexSettings
|
description: Meta settings for the mapping.
|
||||||
so-syslog: *indexSettings
|
global: True
|
||||||
so-zeek: *indexSettings
|
helpLink: elasticsearch.html
|
||||||
|
managed:
|
||||||
|
description: Meta settings for the mapping.
|
||||||
|
forcedType: bool
|
||||||
|
global: True
|
||||||
|
helpLink: elasticsearch.html
|
||||||
|
|||||||
Reference in New Issue
Block a user