8e33d0e1e9
Merge remote-tracking branch 'origin/3/dev' into soupmod2
2026-06-16 12:54:18 -04:00
a769d4c680
another unneeded default
2026-06-16 09:32:37 -05:00
f68e3e47a1
remove pillar merge
2026-06-16 09:19:10 -05:00
95cae4c734
remove so-elasticsearch-indices-delete cron when using DLM
2026-06-15 13:32:45 -05:00
596471e140
using new annotation config
2026-06-15 13:31:53 -05:00
d10f21399c
remove comments
2026-06-15 13:31:23 -05:00
43f72c1f9f
Parallelize so-elasticsearch-templates-load template PUTs
...
Load component and index templates as throttled background jobs (max 10
concurrent) instead of sequential curl PUTs, matching the bounded-concurrency
+ flock-serialized-output pattern used by the fleet/ILM load scripts. Keeps a
wait barrier between the component phase and the index phase so index
templates never load before their referenced component templates. Failures are
tracked via per-job marker files since counter increments can't escape
background subshells.
2026-06-12 15:11:34 -04:00
c505160480
set default DLM retention 90d
2026-06-11 15:13:28 -05:00
d9f6cde4e1
remove global setting from data_retention annotation
2026-06-11 15:11:29 -05:00
6c42c419e2
Serialize ILM policy-load output with flock to stop interleaving
...
A single printf per block was not actually one write() call, so
concurrent jobs still occasionally interleaved their label and response
lines. Hold an flock around just the printf (curl still runs in
parallel) so each policy's block prints intact, keeping live
completion-order streaming.
2026-06-11 15:42:41 -04:00
07d3b148b5
fix output
2026-06-11 13:37:26 -04:00
780d9faf0d
Parallelize so-elasticsearch-ilm-policy-load PUTs
...
Run the ~300 ILM policy PUTs concurrently (bounded to 10 in flight via a
throttle gate) instead of one serial curl per policy. Adds a put_policy
helper and waits for all background jobs before exiting. Preserves policy
parity; only the scheduling changes. Drops the dead empty sid cookie arg
(falls back to basic auth from curl.config as before).
2026-06-11 12:08:32 -04:00
cf456dc58c
reuse existing index templates
2026-06-09 23:21:43 -05:00
9aa9ea3255
Iniitial DLM support
2026-06-09 23:19:26 -05:00
ac907ba45f
fix elasticsearch template generation issue
2026-06-05 16:42:08 -05:00
638aca97c8
Merge pull request #15877 from Security-Onion-Solutions/reyesj2-patch-1
...
update redis index template
2026-05-13 13:44:04 -05:00
d56bf01823
add zeek.ja4d ingest pipeline
2026-05-13 12:32:54 -05:00
492ae80da7
add ingest latency metrics
2026-05-11 16:51:38 -05:00
4a2177c827
update redis index template
...
missing redis integration component templates
2026-05-11 16:15:56 -05:00
499f7102bd
cleanup status code
2026-05-07 11:27:49 -04:00
dceed421ae
update grok type conversion to convert processor
2026-05-05 13:41:00 -05:00
b6acf3b522
typo
2026-04-24 09:24:58 -05:00
fdfca469cc
prevent non-manager nodes from running elasticsearch.cluster state manually
2026-04-23 09:53:07 -05:00
22f869734e
add check for files before attempting to use file pattern to load templates
2026-04-22 23:11:31 -05:00
72dbb69a1c
fix searchnodes running elasticsearch/cluster state
2026-04-22 20:37:48 -05:00
ebb93b4fa7
add wait_for_so-elasticsearch state and split elasticsearch cluster configuration out of enabled.sls
2026-04-17 14:43:07 -05:00
ba00ae8a7b
supress noisy warning from ES 9.3.3
2026-04-16 14:41:25 -05:00
16a4a42faf
check for addon-index templates dir before attempting to load addon index templates
2026-04-14 19:26:37 -05:00
a232cd89cc
ES 9.3.3
2026-04-13 13:36:51 -05:00
dd40e44530
show when addon integrations are already loaded
2026-04-13 12:36:42 -05:00
29e13b2c0b
elasticsearch ilm policy load script
2026-04-13 10:00:17 -05:00
abcad9fde0
addon statefile
2026-04-12 00:36:30 -05:00
a43947cca5
elasticsearch template load script -- for addon index templates
2026-04-12 00:23:26 -05:00
b0584a4dc5
only append "-mappings" to component template names as needed
2026-04-11 15:22:50 -05:00
6298397534
rework elasticsearch template load script -- for core templates
2026-04-11 04:40:47 -05:00
378d1ec81b
initialize vars
2026-04-09 18:41:40 -05:00
89e49d0bf3
rework elasticsearch index template generation
2026-04-09 16:44:51 -05:00
8101bc4941
ES 9.3.2
2026-04-06 15:08:30 -05:00
1f9bf45b66
Lowercase network transport
2026-03-24 11:24:59 -04:00
165e69cd11
Add support for websockets
2026-03-23 07:52:36 -04:00
20bf88b338
ensure bool sliders for elasticsearch
2026-03-19 13:52:40 -04:00
c2c5aea244
ensure bool sliders for each state:enabled annotation
2026-03-19 12:35:38 -04:00
a982056363
Merge remote-tracking branch 'origin/3/dev' into delta
2026-03-18 15:45:15 -04:00
c16ff2bd99
so-idh and so-redis datastream config
2026-03-18 14:31:23 -05:00
74ad2990a7
Merge remote-tracking branch 'origin/3/dev' into delta
2026-03-18 13:05:02 -04:00
20c4da50b1
Merge pull request #15632 from Security-Onion-Solutions/reyesj2-15601
...
fix global override settings affecting non-data stream indices
2026-03-18 10:51:17 -05:00
e19e83bebb
allow user defined ulimits
2026-03-18 10:38:15 -04:00
930985b770
update helpLink references for new documentation
2026-03-18 09:46:45 -04:00
346dc446de
Merge pull request #15630 from Security-Onion-Solutions/reyesj2-449
...
use elasticsearch recommended vm.max_map_count
2026-03-17 15:36:06 -05:00
7e7b8dc8a8
vm.max_map_count allow for minion specific values
2026-03-17 15:23:46 -05:00
Josh Patterson
reyesj2
Josh Brower
Doug Burks