You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Yes, there are salt failures (please provide detail below)
Logs
No, there are no additional clues
Detail
It's possible to create custom index templates via salt? I've tried to place custom json file in /opt/so/saltstack/local/salt/elasticsearch/templates/index/ but after highstate I don't see this template in /opt/so/conf/elasticsearch/templates/index/ . Can you provide to me correct scenario how to create custom index templates and if it's possible to do it without using kibana?
Here is my template:
{
"composed_of": [
"so-data-streams-mappings",
"so-fleet_globals-1",
"so-fleet_agent_id_verification-1",
"so-logs-mappings",
"so-logs-settings"
],
"data_stream": {
"allow_custom_routing": false,
"hidden": false
},
"index_patterns": [
"logs-test-*"
],
"priority": 225,
"template": {
"mappings": {
"_meta": {
"managed": true,
"managed_by": "security_onion",
"package": {
"name": "elastic_agent"
}
}
},
"settings": {
"index": {
"lifecycle": {
"name": "so-logs-logs"
},
"mapping": {
"total_fields": {
"limit": 5001
}
},
"number_of_replicas": 0
}
}
}
}
Guidelines
I have read the above statement and can confirm my post is relevant to Security Onion 2.4.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Version
2.4.3
Installation Method
Network installation on Ubuntu
Description
configuration
Installation Type
Distributed
Location
other (please provide detail below)
Hardware Specs
other (please provide detail below)
CPU
6
RAM
16
Storage for /
200
Storage for /nsm
200
Network Traffic Collection
other (please provide detail below)
Network Traffic Speeds
Less than 1Gbps
Status
Yes, all services on all nodes are running OK
Salt Status
Yes, there are salt failures (please provide detail below)
Logs
No, there are no additional clues
Detail
It's possible to create custom index templates via salt? I've tried to place custom json file in /opt/so/saltstack/local/salt/elasticsearch/templates/index/ but after highstate I don't see this template in /opt/so/conf/elasticsearch/templates/index/ . Can you provide to me correct scenario how to create custom index templates and if it's possible to do it without using kibana?
Here is my template:
{
"composed_of": [
"so-data-streams-mappings",
"so-fleet_globals-1",
"so-fleet_agent_id_verification-1",
"so-logs-mappings",
"so-logs-settings"
],
"data_stream": {
"allow_custom_routing": false,
"hidden": false
},
"index_patterns": [
"logs-test-*"
],
"priority": 225,
"template": {
"mappings": {
"_meta": {
"managed": true,
"managed_by": "security_onion",
"package": {
"name": "elastic_agent"
}
}
},
"settings": {
"index": {
"lifecycle": {
"name": "so-logs-logs"
},
"mapping": {
"total_fields": {
"limit": 5001
}
},
"number_of_replicas": 0
}
}
}
}
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions