CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 09:42:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Enable index sorting by default but allow it to be disabled

Browse Source
This commit is contained in:
Mike Reeves
2021-09-04 10:42:18 -04:00
committed by GitHub
parent a2fd8ae200
commit e3900606dc
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
salt/elasticsearch/templates/so/so-common-template.json
View File

@@ -1,3 +1,4 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', True) %}
{ {
"index_patterns": ["so-*"], "index_patterns": ["so-*"],
"version":50001, "version":50001,
@@ -8,8 +9,10 @@
"index.refresh_interval":"30s", "index.refresh_interval":"30s",
"index.routing.allocation.require.box_type":"hot", "index.routing.allocation.require.box_type":"hot",
"index.mapping.total_fields.limit": "1500", "index.mapping.total_fields.limit": "1500",
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp", "index.sort.field": "@timestamp",
"index.sort.order": "desc", "index.sort.order": "desc",
{%- endif %}
"analysis": { "analysis": {
"analyzer": { "analyzer": {
"es_security_analyzer": { "es_security_analyzer": {