Ensure Kratos events are sent to a data stream instead of an index

2025-12-06 09:12:45 +01:00 · 2023-01-26 16:12:06 +00:00
parent 7d68ef0e8b
commit f1db1bc273
2 changed files with 6 additions and 1 deletions
--- a/salt/common/tools/sbin/so-image-common
+++ b/salt/common/tools/sbin/so-image-common
@@ -36,7 +36,9 @@ container_list() {
      "so-steno"
      "so-suricata"
      "so-telegraf"
-      "so-zeek" 
+      "so-zeek"
+      "so-elastic-agent"
+      "so-elastic-agent-builder" 
    )
  elif [ $MANAGERCHECK != 'so-helix' ]; then
    TRUSTED_CONTAINERS=(
--- a/salt/elasticsearch/defaults.yaml
+++ b/salt/elasticsearch/defaults.yaml
@@ -2677,6 +2677,9 @@ elasticsearch:
      delete: 365
      index_sorting: False
      index_template:
+        data_stream:
+          hidden: false
+          allow_custom_routing: false
        index_patterns:
          - logs-kratos-so*
        template: