elasticsearch:
  config:
    node:
      name: {{ grains.host }}
      attr:
        box_type: hot
    cluster:
      name: {{ grains.host }}
      routing:
        allocation:
          disk:
            threshold_enabled: true
            watermark:
              low: 95%
              high: 98%
              flood_stage: 98%
    network:
      host: 0.0.0.0
    path:
      logs: /var/log/elasticsearch
    action:
      destructive_requires_name: true
    transport:
      bind_host: 0.0.0.0
      publish_host: {{ grains.host }}
      publish_port: 9300
    xpack:
      ml:
        enabled: false
      security:
        enabled: true
        authc:
          anonymous:
            authz_exception: true
            roles: []
            username: _anonymous
        transport:
          ssl:
            enabled: true
            verification_mode: none
            key: /usr/share/elasticsearch/config/elasticsearch.key
            certificate: /usr/share/elasticsearch/config/elasticsearch.crt
            certificate_authorities:
              - /usr/share/elasticsearch/config/ca.crt
        http:
          ssl:
            enabled: true
            client_authentication: none
            key: /usr/share/elasticsearch/config/elasticsearch.key
            certificate: /usr/share/elasticsearch/config/elasticsearch.crt
            certificate_authorities: 
              - /usr/share/elasticsearch/config/ca.crt
    script:
      max_compilations_rate: 20000/1m
    indices:
      query:
        bool:
          max_clause_count: 3000
      id_field_data:
        enabled: false
    logger:
      org:
        elasticsearch:
          deprecation: ERROR
  index_settings:
    so-beats:
      warm: 1
      close: 1
      delete: 900
      index_sorting: False
      index_template:
        index_patterns:
          - so-beats-*
        template:
          mappings:
            dynamic_templates:
              - strings_as_keyword:
                  mapping:
                    ignore_above: 1024
                    type: keyword
                  match_mapping_type: string
            date_detection: false
          settings:
            index:
              mapping:
                total_fields:
                  limit: 3000
              sort:
                field: "@timestamp"
                order: desc
              refresh_interval: 30s
              number_of_shards: 1
              number_of_replicas: 0
        composed_of: 
          - agent-mappings
          - dtc-agent-mappings
          - base-mappings
          - dtc-base-mappings
          - client-mappings
          - cloud-mappings
          - container-mappings
          - data_stream-mappings
          - destination-mappings
          - dll-mappings
          - dns-mappings
          - dtc-dns-mappings
          - ecs-mappings
          - dtc-ecs-mappings
          - error-mappings
          - event-mappings
          - dtc-event-mappings
          - file-mappings
          - dtc-file-mappings
          - group-mappings
          - host-mappings
          - dtc-host-mappings
          - http-mappings
          - dtc-http-mappings
          - log-mappings
          - network-mappings
          - dtc-network-mappings
          - observer-mappings
          - dtc-observer-mappings
          - orchestrator-mappings
          - organization-mappings
          - package-mappings
          - process-mappings
          - dtc-process-mappings
          - registry-mappings
          - related-mappings
          - rule-mappings
          - dtc-rule-mappings
          - server-mappings
          - service-mappings
          - dtc-service-mappings
          - source-mappings
          - threat-mappings
          - tls-mappings
          - tracing-mappings
          - url-mappings
          - user_agent-mappings
          - dtc-user_agent-mappings
          - vulnerability-mappings
          - common-settings
          - common-dynamic-mappings
          - winlog-mappings