updates

Signed-off-by: ddpbsd <[email protected]>

Author: ddpbsd

_sources/elk/agent/integrations/cel.rst.txt

@@ -0,0 +1,22 @@
+==========================
+common expression language
+==========================
+
+grab a list of members from the elastic cloud
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+This is currently formatted for `filebeat`
+
+.. code-block:: console
+
+   - type: cel
+     interval: 1m
+     resource.url: https://api.elastic-cloud.com/api/v1/organizations/ORGID/members
+     auth.token.enabled: true
+     auth.token.type: apikey
+     auth.token.value: APIKEY
+     program: |
+       get(state.url).Body.as(body, {
+         "events": [body.decode_json()]
+       }]
+

_sources/elk/agent/integrations/index.rst.txt

@@ -9,4 +9,5 @@ Contents:
    :maxdepth: 1
 
    alienvault-otx
+   cel
 

_sources/elk/eck.rst.txt

@@ -0,0 +1,55 @@
+=================================
+eck - Elastic Cloud on Kubernetes
+=================================
+
+I'm installing it to be available in all namespaces using the helm chart.
+
+.. code-block:: console
+
+   ## add the helm repo
+   $ helm repo add elastic https://helm.elastic.co
+   "elastic" has been added to your repositories
+   $ helm repo update
+   Hang tight while we grab the latest from your chart repositories...
+   ...Successfully got an update from the "metallb" chart repository
+   ...Successfully got an update from the "elastic" chart repository
+   ...Successfully got an update from the "jetstack" chart repository
+   ...Successfully got an update from the "rancher-latest" chart repository
+   Update Complete. _Happy Helming!_
+
+   ## install cluster-wide
+   $ helm install elastic-operator elastic/eck-operator -n elastic-system --create-namespace
+   NAME: elastic-operator
+   LAST DEPLOYED: Wed Oct  8 16:43:10 2025
+   NAMESPACE: elastic-system
+   STATUS: deployed
+   REVISION: 1
+   TEST SUITE: None
+   NOTES:
+   1. Inspect the operator logs by running the following command:
+      kubectl logs -n elastic-system sts/elastic-operator
+
+
+install elasticsearch
+^^^^^^^^^^^^^^^^^^^^^
+
+.. XXX
+
+install kibana
+^^^^^^^^^^^^^^
+
+.. XXX
+
+get the password
+^^^^^^^^^^^^^^^^
+
+.. code-block:: console
+
+   $ kubectl get secret elasticsearch-es-elastic-user  -o go-template='{{.data.elastic | base64decode }}'
+   PASSWORD
+
+links
+^^^^^
+
+`Instructions from elastic <https://www.elastic.co/docs/deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart>`_
+

_sources/elk/elastic/index.rst.txt

@@ -16,5 +16,6 @@ Contents:
    shards
    tasks
    security/index
+   ingest_pipelines
    interesting
 

_sources/elk/elastic/ingest_pipelines.rst.txt

@@ -0,0 +1,30 @@
+================
+ingest pipelines
+================
+
+
+split an event into multiple
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+use the `script` processor:
+
+.. code-block:: console
+
+   "script": {
+     "lang": "painless",
+     "source": """
+       if (ctx.containsKey('my_array_field') && ctx['my_array_field' instanceof List) {
+         List new_events = new ArrayList();
+         for (def item : ctx['myarray_field']) {
+           Map new_doc = new HashMap(ctx); // copy orig document
+           new_doc.remove('my_array_field'); // remove the orig array field
+           new_doc.put('single_item_field', item); // add the individual item
+           new_events.add(new_doc);
+         }
+         ctx.remove('my_array_field'); // remove the original array field from the current document
+         ctx._ingest.on_failure = (e) => { /* handle potential failures? */ };
+         ctx._ingest.new_documents = new_events;
+       }
+     """
+   }
+

_sources/elk/health-check/cluster-architecture.rst.txt

@@ -0,0 +1,8 @@
+====================
+cluster architecture
+====================
+
+* deployment version
+* high availability
+* data tiering
+

_sources/elk/health-check/fleet-and-agent.rst.txt

@@ -0,0 +1,12 @@
+===============
+fleet and agent
+===============
+
+* agents are managed centrally via fleet
+* integrations are up to date
+* agents are healthy
+* agents on recent version
+* agent monitoring:
+  * agent logs enabled
+  * agent metrics enabled
+

_sources/elk/health-check/index.rst.txt

@@ -0,0 +1,18 @@
+===================
+system health check
+===================
+
+Ideas for performing a health check on an elastic cluster.
+
+Contents:
+
+.. toctree::
+   :maxdepth: 2
+
+   platforms
+   cluster-architecture
+   performance
+   sharding-and-data-management
+   security
+   fleet-and-agent
+

_sources/elk/health-check/performance.rst.txt

@@ -0,0 +1,21 @@
+===========
+performance
+===========
+
+performance
+^^^^^^^^^^^
+
+* cpu utilization
+* memory utilization
+* disk utilization
+* cluster health (traffic light?)
+
+cluster monitoring
+^^^^^^^^^^^^^^^^^^
+
+These will be in relation to the cluster (logs is actually "cluster logs").
+
+* logs
+* metrics
+* health alerts
+

_sources/elk/health-check/platforms.rst.txt

@@ -0,0 +1,30 @@
+=========
+platforms
+=========
+
+Common
+^^^^^^
+
+Elatic Cloud: Hosted
+^^^^^^^^^^^^^^^^^^^^
+
+
+Elastic Cloud: Enterprise
+^^^^^^^^^^^^^^^^^^^^^^^^^
+
+
+Elastic Cloud: Serverless
+^^^^^^^^^^^^^^^^^^^^^^^^^
+
+
+Elastic Cloud on Kuberenetes
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+
+Docker
+^^^^^^
+
+
+Bare-metal
+^^^^^^^^^^
+