From 5eae349938ca94953f23a582046c4d0cae7f8dd6 Mon Sep 17 00:00:00 2001 From: Wes Date: Fri, 12 Jan 2024 13:47:35 +0000 Subject: [PATCH 1/2] Add endpoint metrics templates --- salt/elasticsearch/defaults.yaml | 132 +++++++++++++++++++++++++++++++ 1 file changed, 132 insertions(+) diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml index 4a9c650784..b773c7b365 100644 --- a/salt/elasticsearch/defaults.yaml +++ b/salt/elasticsearch/defaults.yaml @@ -9250,6 +9250,138 @@ elasticsearch: set_priority: priority: 50 min_age: 30d + so-metrics-endpoint_x_metadata: + index_sorting: False + index_template: + index_patterns: + - "metrics-endpoint.metadata-*" + template: + settings: + index: + lifecycle: + name: so-metrics-endpoint.metadata-logs + number_of_replicas: 0 + composed_of: + - "metrics-endpoint.metadata@package" + - "metrics-endpoint.metadata@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 30d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d + so-metrics-endpoint_x_metrics: + index_sorting: False + index_template: + index_patterns: + - "metrics-endpoint.metrics-*" + template: + settings: + index: + lifecycle: + name: so-metrics-endpoint.metrics-logs + number_of_replicas: 0 + composed_of: + - "metrics-endpoint.metrics@package" + - "metrics-endpoint.metrics@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 30d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d + so-metrics-endpoint_x_policy: + index_sorting: False + index_template: + index_patterns: + - "metrics-endpoint.policy-*" + template: + settings: + index: + lifecycle: + name: so-metrics-endpoint.policy-logs + number_of_replicas: 0 + composed_of: + - "metrics-endpoint.policy@package" + - "metrics-endpoint.policy@custom" + - "so-fleet_globals-1" + - "so-fleet_agent_id_verification-1" + priority: 501 + data_stream: + hidden: false + allow_custom_routing: false + policy: + phases: + cold: + actions: + set_priority: + priority: 0 + min_age: 30d + delete: + actions: + delete: {} + min_age: 365d + hot: + actions: + rollover: + max_age: 30d + max_primary_shard_size: 50gb + set_priority: + priority: 100 + min_age: 0ms + warm: + actions: + set_priority: + priority: 50 + min_age: 30d so-metrics-vsphere_x_datastore: index_sorting: False index_template: From 418f41c7e46ce880b1d5310d42c41d845be20963 Mon Sep 17 00:00:00 2001 From: Wes Date: Fri, 12 Jan 2024 15:03:18 +0000 Subject: [PATCH 2/2] Add SOC configuration for metrics --- salt/elasticsearch/soc_elasticsearch.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/salt/elasticsearch/soc_elasticsearch.yaml b/salt/elasticsearch/soc_elasticsearch.yaml index d465a8487f..40ba5673db 100644 --- a/salt/elasticsearch/soc_elasticsearch.yaml +++ b/salt/elasticsearch/soc_elasticsearch.yaml @@ -467,6 +467,9 @@ elasticsearch: so-logs-elastic_agent_x_metricbeat: *indexSettings so-logs-elastic_agent_x_osquerybeat: *indexSettings so-logs-elastic_agent_x_packetbeat: *indexSettings + so-metrics-endpoint_x_metadata: *indexSettings + so-metrics-endpoint_x_metrics: *indexSettings + so-metrics-endpoint_x_policy: *indexSettings so-case: *indexSettings so-common: *indexSettings so-endgame: *indexSettings