logstash:
  enabled: 
    description: Enables or disables the Logstash log event forwarding process. On most grid installations, when this process is disabled log events are unable to be ingested into the SOC backend.
    helpLink: logstash.html
  assigned_pipelines:
    roles:
      standalone: &assigned_pipelines
        description: List of defined pipelines to add to this role.
        advanced: True
        helpLink: logstash.html
        multiline: True
        forcedType: "[]string"
        duplicates: True
      receiver: *assigned_pipelines
      heavynode: *assigned_pipelines
      searchnode: *assigned_pipelines
      manager: *assigned_pipelines
      managersearch: *assigned_pipelines
      fleet: *assigned_pipelines
  defined_pipelines:
    receiver: &defined_pipelines
      description: List of pipeline configurations assign to this group.
      advanced: True
      helpLink: logstash.html
      multiline: True
      forcedType: "[]string" 
      duplicates: True
    fleet: *defined_pipelines
    manager: *defined_pipelines
    search: *defined_pipelines
    custom0: *defined_pipelines
    custom1: *defined_pipelines
    custom2: *defined_pipelines
    custom3: *defined_pipelines
    custom4: *defined_pipelines
  pipeline_config:
    custom001: &pipeline_config
      description: Pipeline configuration for Logstash
      advanced: True
      multiline: True
      forcedType: string
      helpLink: logstash.html
      duplicates: True
    custom002: *pipeline_config
    custom003: *pipeline_config
    custom004: *pipeline_config
    custom005: *pipeline_config
    custom006: *pipeline_config
    custom007: *pipeline_config
    custom008: *pipeline_config
    custom009: *pipeline_config
    custom010: *pipeline_config
  settings:
    lsheap: 
      description: Heap size to use for logstash
      helpLink: logstash.html
      global: False
  config:
    http_x_host: 
      description: Host interface to listen to connections.
      helpLink: logstash.html
      readonly: True
      advanced: True
    path_x_logs: 
      description: Path inside the container to wrote logs.
      helpLink: logstash.html
      readonly: True
      advanced: True
    pipeline_x_workers: 
      description: Number of worker threads to process events in logstash.
      helpLink: logstash.html
      global: False
    pipeline_x_batch_x_size: 
      description: Logstash batch size.
      helpLink: logstash.html
      global: False
    pipeline_x_ecs_compatibility: 
      description: Sets ECS compatibility. This is set per pipeline so you should never need to change this.
      helpLink: logstash.html
      readonly: True
      advanced: True
  dmz_nodes:
    description: "List of receiver nodes in DMZs. Prevents sensors from sending to these receivers. Primarily used for external Elastic agents."
    helpLink: logstash.html
    multiline: True
    advanced: True
    forcedType: "[]string"