diff --git a/elastic/security/README.md b/elastic/security/README.md index 6c4eba32..c1e8d3f2 100644 --- a/elastic/security/README.md +++ b/elastic/security/README.md @@ -83,6 +83,7 @@ The following parameters are available: * `wait_for_status` (default: `green`) - The track creates Data Streams prior to indexing. All created Data Streams must at least reach this status before indexing commences. Reduce to `yellow` for clusters where green isn't possible e.g. single node. * `corpora_uri_base` (default: `https://rally-tracks.elastic.co`) - Specify the base location of the datasets used by this track. +* `index_mode` (default: unset) - A parameter meant to be used internally which defines one of the available indexing modes, "standard", "logsdb" or "time_series". If not set, "standard" is used. ### Data Generation Parameters diff --git a/elastic/security/templates/composable-logsdb/logs-endpoint.alerts.json b/elastic/security/templates/composable-logsdb/logs-endpoint.alerts.json new file mode 100644 index 00000000..e02322c2 --- /dev/null +++ b/elastic/security/templates/composable-logsdb/logs-endpoint.alerts.json @@ -0,0 +1,44 @@ +{ + "name": "logs-endpoint.alerts", + "index_template": { + "index_patterns": [ + "logs-endpoint.alerts-*" + ], + "template": { + "settings": {}, + "mappings": { + "_meta": { + "package": { + "name": "endpoint" + }, + "managed_by": "fleet", + "managed": true + } + } + }, + "composed_of": [ + "logs@mappings", + "logs@settings", + "logs-endpoint.alerts@package", + "ecs@mappings", + ".fleet_globals-1", + ".fleet_agent_id_verification-1", + "track-shared-logsdb-mode" + ], + "priority": 200, + "_meta": { + "package": { + "name": "endpoint" + }, + "managed_by": "fleet", + "managed": true + }, + "data_stream": { + "hidden": false, + "allow_custom_routing": false + {% if build_flavor != "serverless" %}, + "failure_store": false + {% endif %} + } + } +} diff --git a/elastic/security/templates/composable-logsdb/logs-endpoint.events.file.json b/elastic/security/templates/composable-logsdb/logs-endpoint.events.file.json new file mode 100644 index 00000000..93498765 --- /dev/null +++ b/elastic/security/templates/composable-logsdb/logs-endpoint.events.file.json @@ -0,0 +1,44 @@ +{ + "name": "logs-endpoint.events.file", + "index_template": { + "index_patterns": [ + "logs-endpoint.events.file-*" + ], + "template": { + "settings": {}, + "mappings": { + "_meta": { + "package": { + "name": "endpoint" + }, + "managed_by": "fleet", + "managed": true + } + } + }, + "composed_of": [ + "logs@mappings", + "logs@settings", + "logs-endpoint.events.file@package", + "ecs@mappings", + ".fleet_globals-1", + ".fleet_agent_id_verification-1", + "track-shared-logsdb-mode" + ], + "priority": 200, + "_meta": { + "package": { + "name": "endpoint" + }, + "managed_by": "fleet", + "managed": true + }, + "data_stream": { + "hidden": false, + "allow_custom_routing": false + {% if build_flavor != "serverless" %}, + "failure_store": false + {% endif %} + } + } +} diff --git a/elastic/security/templates/composable-logsdb/logs-endpoint.events.library.json b/elastic/security/templates/composable-logsdb/logs-endpoint.events.library.json new file mode 100644 index 00000000..12a958f9 --- /dev/null +++ b/elastic/security/templates/composable-logsdb/logs-endpoint.events.library.json @@ -0,0 +1,44 @@ +{ + "name": "logs-endpoint.events.library", + "index_template": { + "index_patterns": [ + "logs-endpoint.events.library-*" + ], + "template": { + "settings": {}, + "mappings": { + "_meta": { + "package": { + "name": "endpoint" + }, + "managed_by": "fleet", + "managed": true + } + } + }, + "composed_of": [ + "logs@mappings", + "logs@settings", + "logs-endpoint.events.library@package", + "ecs@mappings", + ".fleet_globals-1", + ".fleet_agent_id_verification-1", + "track-shared-logsdb-mode" + ], + "priority": 200, + "_meta": { + "package": { + "name": "endpoint" + }, + "managed_by": "fleet", + "managed": true + }, + "data_stream": { + "hidden": false, + "allow_custom_routing": false + {% if build_flavor != "serverless" %}, + "failure_store": false + {% endif %} + } + } +} diff --git a/elastic/security/templates/composable-logsdb/logs-endpoint.events.network.json b/elastic/security/templates/composable-logsdb/logs-endpoint.events.network.json new file mode 100644 index 00000000..f5514887 --- /dev/null +++ b/elastic/security/templates/composable-logsdb/logs-endpoint.events.network.json @@ -0,0 +1,44 @@ +{ + "name": "logs-endpoint.events.network", + "index_template": { + "index_patterns": [ + "logs-endpoint.events.network-*" + ], + "template": { + "settings": {}, + "mappings": { + "_meta": { + "package": { + "name": "endpoint" + }, + "managed_by": "fleet", + "managed": true + } + } + }, + "composed_of": [ + "logs@mappings", + "logs@settings", + "logs-endpoint.events.network@package", + "ecs@mappings", + ".fleet_globals-1", + ".fleet_agent_id_verification-1", + "track-shared-logsdb-mode" + ], + "priority": 200, + "_meta": { + "package": { + "name": "endpoint" + }, + "managed_by": "fleet", + "managed": true + }, + "data_stream": { + "hidden": false, + "allow_custom_routing": false + {% if build_flavor != "serverless" %}, + "failure_store": false + {% endif %} + } + } +} diff --git a/elastic/security/templates/composable-logsdb/logs-endpoint.events.process.json b/elastic/security/templates/composable-logsdb/logs-endpoint.events.process.json new file mode 100644 index 00000000..ebad9d29 --- /dev/null +++ b/elastic/security/templates/composable-logsdb/logs-endpoint.events.process.json @@ -0,0 +1,44 @@ +{ + "name": "logs-endpoint.events.process", + "index_template": { + "index_patterns": [ + "logs-endpoint.events.process-*" + ], + "template": { + "settings": {}, + "mappings": { + "_meta": { + "package": { + "name": "endpoint" + }, + "managed_by": "fleet", + "managed": true + } + } + }, + "composed_of": [ + "logs@mappings", + "logs@settings", + "logs-endpoint.events.process@package", + "ecs@mappings", + ".fleet_globals-1", + ".fleet_agent_id_verification-1", + "track-shared-logsdb-mode" + ], + "priority": 200, + "_meta": { + "package": { + "name": "endpoint" + }, + "managed_by": "fleet", + "managed": true + }, + "data_stream": { + "hidden": false, + "allow_custom_routing": false + {% if build_flavor != "serverless" %}, + "failure_store": false + {% endif %} + } + } +} diff --git a/elastic/security/templates/composable-logsdb/logs-endpoint.events.registry.json b/elastic/security/templates/composable-logsdb/logs-endpoint.events.registry.json new file mode 100644 index 00000000..14754e38 --- /dev/null +++ b/elastic/security/templates/composable-logsdb/logs-endpoint.events.registry.json @@ -0,0 +1,44 @@ +{ + "name": "logs-endpoint.events.registry", + "index_template": { + "index_patterns": [ + "logs-endpoint.events.registry-*" + ], + "template": { + "settings": {}, + "mappings": { + "_meta": { + "package": { + "name": "endpoint" + }, + "managed_by": "fleet", + "managed": true + } + } + }, + "composed_of": [ + "logs@mappings", + "logs@settings", + "logs-endpoint.events.registry@package", + "ecs@mappings", + ".fleet_globals-1", + ".fleet_agent_id_verification-1", + "track-shared-logsdb-mode" + ], + "priority": 200, + "_meta": { + "package": { + "name": "endpoint" + }, + "managed_by": "fleet", + "managed": true + }, + "data_stream": { + "hidden": false, + "allow_custom_routing": false + {% if build_flavor != "serverless" %}, + "failure_store": false + {% endif %} + } + } +} diff --git a/elastic/security/templates/composable-logsdb/logs-endpoint.events.security.json b/elastic/security/templates/composable-logsdb/logs-endpoint.events.security.json new file mode 100644 index 00000000..6c6a61fe --- /dev/null +++ b/elastic/security/templates/composable-logsdb/logs-endpoint.events.security.json @@ -0,0 +1,44 @@ +{ + "name": "logs-endpoint.events.security", + "index_template": { + "index_patterns": [ + "logs-endpoint.events.security-*" + ], + "template": { + "settings": {}, + "mappings": { + "_meta": { + "package": { + "name": "endpoint" + }, + "managed_by": "fleet", + "managed": true + } + } + }, + "composed_of": [ + "logs@mappings", + "logs@settings", + "logs-endpoint.events.security@package", + "ecs@mappings", + ".fleet_globals-1", + ".fleet_agent_id_verification-1", + "track-shared-logsdb-mode" + ], + "priority": 200, + "_meta": { + "package": { + "name": "endpoint" + }, + "managed_by": "fleet", + "managed": true + }, + "data_stream": { + "hidden": false, + "allow_custom_routing": false + {% if build_flavor != "serverless" %}, + "failure_store": false + {% endif %} + } + } +} diff --git a/elastic/security/track.json b/elastic/security/track.json index 444d117c..9aa022cd 100644 --- a/elastic/security/track.json +++ b/elastic/security/track.json @@ -92,6 +92,14 @@ {% endif %} {% endfor %} ], + {% if index_mode == "logsdb" %} + "component-templates": [ + { + "name": "track-shared-logsdb-mode", + "template": "./templates/component/track-shared-logsdb-mode.json" + } + ], + {% else %} "component-templates": [ { "name": "track-shared-logsdb-mode", @@ -228,6 +236,7 @@ "template-path": "component_template" } ], + {% endif %} "composable-templates": [ {% for integration in p_integration_ratios.keys() %} {% if integration == "logs-endpoint" %} @@ -235,42 +244,66 @@ "name": "logs-endpoint.events.file", "index-pattern": "logs-endpoint.events.file-*", "delete-matching-indices": false, + {% if index_mode == "logsdb" %} + "template": "./templates/composable-logsdb/logs-endpoint.events.file.json", + {% else %} "template": "./templates/composable/logs-endpoint.events.file.json", + {% endif %} "template-path": "index_template" }, { "name": "logs-endpoint.events.library", "index-pattern": "logs-endpoint.events.library-*", "delete-matching-indices": false, + {% if index_mode == "logsdb" %} + "template": "./templates/composable-logsdb/logs-endpoint.events.library.json", + {% else %} "template": "./templates/composable/logs-endpoint.events.library.json", + {% endif %} "template-path": "index_template" }, { "name": "logs-endpoint.events.network", "index-pattern": "logs-endpoint.events.network-*", "delete-matching-indices": false, + {% if index_mode == "logsdb" %} + "template": "./templates/composable-logsdb/logs-endpoint.events.network.json", + {% else %} "template": "./templates/composable/logs-endpoint.events.network.json", + {% endif %} "template-path": "index_template" }, { "name": "logs-endpoint.events.process", "index-pattern": "logs-endpoint.events.process-*", "delete-matching-indices": false, + {% if index_mode == "logsdb" %} + "template": "./templates/composable-logsdb/logs-endpoint.events.process.json", + {% else %} "template": "./templates/composable/logs-endpoint.events.process.json", + {% endif %} "template-path": "index_template" }, { "name": "logs-endpoint.events.registry", "index-pattern": "logs-endpoint.events.registry-*", "delete-matching-indices": false, + {% if index_mode == "logsdb" %} + "template": "./templates/composable-logsdb/logs-endpoint.events.registry.json", + {% else %} "template": "./templates/composable/logs-endpoint.events.registry.json", + {% endif %} "template-path": "index_template" }, { "name": "logs-endpoint.events.security", "index-pattern": "logs-endpoint.events.security-*", "delete-matching-indices": false, + {% if index_mode == "logsdb" %} + "template": "./templates/composable-logsdb/logs-endpoint.events.security.json", + {% else %} "template": "./templates/composable/logs-endpoint.events.security.json", + {% endif %} "template-path": "index_template" }{{ ", " if not loop.last else "" }} {% else %}