From 4afac201b93f0502573a574184774e84afb667a9 Mon Sep 17 00:00:00 2001 From: weslambert Date: Wed, 21 Aug 2024 13:25:26 -0400 Subject: [PATCH 1/4] Change ILM policy name --- salt/elasticsearch/defaults.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml index 7201df25e7..be490842f2 100644 --- a/salt/elasticsearch/defaults.yaml +++ b/salt/elasticsearch/defaults.yaml @@ -3679,7 +3679,7 @@ elasticsearch: settings: index: lifecycle: - name: so-logs-detections.alerts-so + name: so-logs-detections.alerts-logs mapping: total_fields: limit: 5001 From c1b7232a883d1a0fd654b7dd43c50e9ac49191f5 Mon Sep 17 00:00:00 2001 From: weslambert Date: Wed, 21 Aug 2024 14:38:29 -0400 Subject: [PATCH 2/4] Fix for detections-alerts --- .../sbin_jinja/so-elasticsearch-ilm-policy-load | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/salt/elasticsearch/tools/sbin_jinja/so-elasticsearch-ilm-policy-load b/salt/elasticsearch/tools/sbin_jinja/so-elasticsearch-ilm-policy-load index b00fcbedfd..77178b4fee 100755 --- a/salt/elasticsearch/tools/sbin_jinja/so-elasticsearch-ilm-policy-load +++ b/salt/elasticsearch/tools/sbin_jinja/so-elasticsearch-ilm-policy-load @@ -10,10 +10,16 @@ {%- for index, settings in ES_INDEX_SETTINGS.items() %} {%- if settings.policy is defined %} +{%- if index == 'so-logs-detections.alerts' %} echo -echo "Setting up {{ index }}-logs policy..." -curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://localhost:9200/_ilm/policy/{{ index }}-logs" -H 'Content-Type: application/json' -d'{ "policy": {{ settings.policy | tojson(true) }} }' -echo + echo "Setting up so-logs-detections-alerts-so policy..." + curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://localhost:9200/_ilm/policy/{{ index }}-so" -H 'Content-Type: application/json' -d'{ "policy": {{ settings.policy | tojson(true) }} }' + echo +{%- else %} + echo "Setting up {{ index }}-logs policy..." + curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://localhost:9200/_ilm/policy/{{ index }}-logs" -H 'Content-Type: application/json' -d'{ "policy": {{ settings.policy | tojson(true) }} }' + echo +{%- endif %} {%- endif %} {%- endfor %} echo From 88ea60df2ae02ae13e9182b86b67d4aa86de6cb9 Mon Sep 17 00:00:00 2001 From: weslambert Date: Wed, 21 Aug 2024 14:38:57 -0400 Subject: [PATCH 3/4] Fix name --- .../tools/sbin_jinja/so-elasticsearch-ilm-policy-load | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/elasticsearch/tools/sbin_jinja/so-elasticsearch-ilm-policy-load b/salt/elasticsearch/tools/sbin_jinja/so-elasticsearch-ilm-policy-load index 77178b4fee..7d3894950b 100755 --- a/salt/elasticsearch/tools/sbin_jinja/so-elasticsearch-ilm-policy-load +++ b/salt/elasticsearch/tools/sbin_jinja/so-elasticsearch-ilm-policy-load @@ -12,7 +12,7 @@ {%- if settings.policy is defined %} {%- if index == 'so-logs-detections.alerts' %} echo - echo "Setting up so-logs-detections-alerts-so policy..." + echo "Setting up so-logs-detections.alerts-so policy..." curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://localhost:9200/_ilm/policy/{{ index }}-so" -H 'Content-Type: application/json' -d'{ "policy": {{ settings.policy | tojson(true) }} }' echo {%- else %} From 212cc478dea31d9be4aaaadea7f6984db12334c7 Mon Sep 17 00:00:00 2001 From: weslambert Date: Wed, 21 Aug 2024 14:39:24 -0400 Subject: [PATCH 4/4] Change back to so --- salt/elasticsearch/defaults.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml index be490842f2..7201df25e7 100644 --- a/salt/elasticsearch/defaults.yaml +++ b/salt/elasticsearch/defaults.yaml @@ -3679,7 +3679,7 @@ elasticsearch: settings: index: lifecycle: - name: so-logs-detections.alerts-logs + name: so-logs-detections.alerts-so mapping: total_fields: limit: 5001