securityonion/salt/logstash/defaults.yaml

logstash:
  assigned_pipelines:
    roles:
      standalone:
        - manager
        - search
      receiver:
        - receiver
      heavynode:
        - search
      searchnode:
        - search
      manager:
        - manager
      managersearch:
        - manager
        - search
      fleet:
        - fleet
  defined_pipelines:
    fleet:
      - so/0012_input_elastic_agent.conf     
      - so/9806_output_lumberjack_fleet.conf.jinja
    manager:
      - so/0011_input_endgame.conf
      - so/0012_input_elastic_agent.conf
      - so/0013_input_lumberjack_fleet.conf
      - so/9999_output_redis.conf.jinja        
    receiver:
      - so/0011_input_endgame.conf
      - so/0012_input_elastic_agent.conf
      - so/9999_output_redis.conf.jinja
    search:
      - so/0900_input_redis.conf.jinja
      - so/9805_output_elastic_agent.conf.jinja
      - so/9900_output_endgame.conf.jinja
    custom0: []
    custom1: []
    custom2: []
    custom3: []
    custom4: []
  docker_options:
    port_bindings:
      - 0.0.0.0:3765:3765
      - 0.0.0.0:5044:5044
      - 0.0.0.0:5055:5055
      - 0.0.0.0:5056:5056
      - 0.0.0.0:5644:5644
      - 0.0.0.0:6050:6050
      - 0.0.0.0:6051:6051
      - 0.0.0.0:6052:6052
      - 0.0.0.0:6053:6053
      - 0.0.0.0:9600:9600
  settings:
    lsheap: 500m
  config:
    http_x_host: 0.0.0.0
    path_x_logs: /var/log/logstash
    pipeline_x_workers: 1
    pipeline_x_batch_x_size: 125
    pipeline_x_ecs_compatibility: disabled
  dmz_nodes: []