From fb2a42a9af5f2b4acfe568caca89edf14682566e Mon Sep 17 00:00:00 2001 From: Wes Date: Wed, 31 Jul 2024 17:02:45 +0000 Subject: [PATCH 1/2] Use custom system component --- salt/elasticsearch/defaults.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml index e1a2d192f1..446c6033d6 100644 --- a/salt/elasticsearch/defaults.yaml +++ b/salt/elasticsearch/defaults.yaml @@ -9101,6 +9101,7 @@ elasticsearch: - logs-system.auth@custom - so-fleet_globals-1 - so-fleet_agent_id_verification-1 + - so-system data_stream: allow_custom_routing: false hidden: false @@ -9195,6 +9196,7 @@ elasticsearch: - logs-system.syslog@custom - so-fleet_globals-1 - so-fleet_agent_id_verification-1 + - so-system data_stream: allow_custom_routing: false hidden: false From 9264a03dbc5e8b3be423553d12088ffc2f8d3e72 Mon Sep 17 00:00:00 2001 From: Wes Date: Wed, 31 Jul 2024 17:03:26 +0000 Subject: [PATCH 2/2] Add custom system component --- .../component/so/so-system-mappings.json | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 salt/elasticsearch/templates/component/so/so-system-mappings.json diff --git a/salt/elasticsearch/templates/component/so/so-system-mappings.json b/salt/elasticsearch/templates/component/so/so-system-mappings.json new file mode 100644 index 0000000000..f86c427a6e --- /dev/null +++ b/salt/elasticsearch/templates/component/so/so-system-mappings.json @@ -0,0 +1,29 @@ +{ + "template": { + "mappings": { + "properties": { + "host": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "related": { + "properties":{ + "ip": { + "type": "ip" + } + } + }, + "source": { + "properties":{ + "ip": { + "type": "ip" + } + } + } + } + } + } +}