From e14c5710d601bb65658c9efea3dd6ce8272f9303 Mon Sep 17 00:00:00 2001 From: Salvatore Campagna Date: Wed, 18 Sep 2024 13:35:06 +0200 Subject: [PATCH 01/10] Eenable logsdb index mode in security track --- .../logs-endpoint.alerts.json | 48 +++++++++++++++++++ .../logs-endpoint.events.file.json | 48 +++++++++++++++++++ .../logs-endpoint.events.library.json | 48 +++++++++++++++++++ .../logs-endpoint.events.network.json | 48 +++++++++++++++++++ .../logs-endpoint.events.process.json | 48 +++++++++++++++++++ .../logs-endpoint.events.registry.json | 48 +++++++++++++++++++ .../logs-endpoint.events.security.json | 48 +++++++++++++++++++ elastic/security/track.json | 24 ++++++++++ 8 files changed, 360 insertions(+) create mode 100644 elastic/security/templates/composable-logsdb/logs-endpoint.alerts.json create mode 100644 elastic/security/templates/composable-logsdb/logs-endpoint.events.file.json create mode 100644 elastic/security/templates/composable-logsdb/logs-endpoint.events.library.json create mode 100644 elastic/security/templates/composable-logsdb/logs-endpoint.events.network.json create mode 100644 elastic/security/templates/composable-logsdb/logs-endpoint.events.process.json create mode 100644 elastic/security/templates/composable-logsdb/logs-endpoint.events.registry.json create mode 100644 elastic/security/templates/composable-logsdb/logs-endpoint.events.security.json diff --git a/elastic/security/templates/composable-logsdb/logs-endpoint.alerts.json b/elastic/security/templates/composable-logsdb/logs-endpoint.alerts.json new file mode 100644 index 00000000..0a08d96f --- /dev/null +++ b/elastic/security/templates/composable-logsdb/logs-endpoint.alerts.json @@ -0,0 +1,48 @@ +{ + "name": "logs-endpoint.alerts", + "index_template": { + "index_patterns": [ + "logs-endpoint.alerts-*" + ], + "template": { + "settings": {}, + "mappings": { + "_meta": { + "package": { + "name": "endpoint" + }, + "managed_by": "fleet", + "managed": true + } + } + }, + "composed_of": [ + "logs@mappings", + "logs@settings", + "logs-endpoint.alerts@package", + "logs-endpoint.alerts@custom", + "ecs@mappings", + ".fleet_globals-1", + ".fleet_agent_id_verification-1", + "track-shared-logsdb-mode" + ], + "priority": 200, + "_meta": { + "package": { + "name": "endpoint" + }, + "managed_by": "fleet", + "managed": true + }, + "data_stream": { + "hidden": false, + "allow_custom_routing": false + {% if build_flavor != "serverless" %}, + "failure_store": false + {% endif %} + }, + "ignore_missing_component_templates": [ + "logs-endpoint.alerts@custom" + ] + } +} diff --git a/elastic/security/templates/composable-logsdb/logs-endpoint.events.file.json b/elastic/security/templates/composable-logsdb/logs-endpoint.events.file.json new file mode 100644 index 00000000..3dfa1269 --- /dev/null +++ b/elastic/security/templates/composable-logsdb/logs-endpoint.events.file.json @@ -0,0 +1,48 @@ +{ + "name": "logs-endpoint.events.file", + "index_template": { + "index_patterns": [ + "logs-endpoint.events.file-*" + ], + "template": { + "settings": {}, + "mappings": { + "_meta": { + "package": { + "name": "endpoint" + }, + "managed_by": "fleet", + "managed": true + } + } + }, + "composed_of": [ + "logs@mappings", + "logs@settings", + "logs-endpoint.events.file@package", + "logs-endpoint.events.file@custom", + "ecs@mappings", + ".fleet_globals-1", + ".fleet_agent_id_verification-1", + "track-shared-logsdb-mode" + ], + "priority": 200, + "_meta": { + "package": { + "name": "endpoint" + }, + "managed_by": "fleet", + "managed": true + }, + "data_stream": { + "hidden": false, + "allow_custom_routing": false + {% if build_flavor != "serverless" %}, + "failure_store": false + {% endif %} + }, + "ignore_missing_component_templates": [ + "logs-endpoint.events.file@custom" + ] + } +} diff --git a/elastic/security/templates/composable-logsdb/logs-endpoint.events.library.json b/elastic/security/templates/composable-logsdb/logs-endpoint.events.library.json new file mode 100644 index 00000000..7c1cc3a3 --- /dev/null +++ b/elastic/security/templates/composable-logsdb/logs-endpoint.events.library.json @@ -0,0 +1,48 @@ +{ + "name": "logs-endpoint.events.library", + "index_template": { + "index_patterns": [ + "logs-endpoint.events.library-*" + ], + "template": { + "settings": {}, + "mappings": { + "_meta": { + "package": { + "name": "endpoint" + }, + "managed_by": "fleet", + "managed": true + } + } + }, + "composed_of": [ + "logs@mappings", + "logs@settings", + "logs-endpoint.events.library@package", + "logs-endpoint.events.library@custom", + "ecs@mappings", + ".fleet_globals-1", + ".fleet_agent_id_verification-1", + "track-shared-logsdb-mode" + ], + "priority": 200, + "_meta": { + "package": { + "name": "endpoint" + }, + "managed_by": "fleet", + "managed": true + }, + "data_stream": { + "hidden": false, + "allow_custom_routing": false + {% if build_flavor != "serverless" %}, + "failure_store": false + {% endif %} + }, + "ignore_missing_component_templates": [ + "logs-endpoint.events.library@custom" + ] + } +} diff --git a/elastic/security/templates/composable-logsdb/logs-endpoint.events.network.json b/elastic/security/templates/composable-logsdb/logs-endpoint.events.network.json new file mode 100644 index 00000000..caa24462 --- /dev/null +++ b/elastic/security/templates/composable-logsdb/logs-endpoint.events.network.json @@ -0,0 +1,48 @@ +{ + "name": "logs-endpoint.events.network", + "index_template": { + "index_patterns": [ + "logs-endpoint.events.network-*" + ], + "template": { + "settings": {}, + "mappings": { + "_meta": { + "package": { + "name": "endpoint" + }, + "managed_by": "fleet", + "managed": true + } + } + }, + "composed_of": [ + "logs@mappings", + "logs@settings", + "logs-endpoint.events.network@package", + "logs-endpoint.events.network@custom", + "ecs@mappings", + ".fleet_globals-1", + ".fleet_agent_id_verification-1", + "track-shared-logsdb-mode" + ], + "priority": 200, + "_meta": { + "package": { + "name": "endpoint" + }, + "managed_by": "fleet", + "managed": true + }, + "data_stream": { + "hidden": false, + "allow_custom_routing": false + {% if build_flavor != "serverless" %}, + "failure_store": false + {% endif %} + }, + "ignore_missing_component_templates": [ + "logs-endpoint.events.network@custom" + ] + } +} diff --git a/elastic/security/templates/composable-logsdb/logs-endpoint.events.process.json b/elastic/security/templates/composable-logsdb/logs-endpoint.events.process.json new file mode 100644 index 00000000..fd334b83 --- /dev/null +++ b/elastic/security/templates/composable-logsdb/logs-endpoint.events.process.json @@ -0,0 +1,48 @@ +{ + "name": "logs-endpoint.events.process", + "index_template": { + "index_patterns": [ + "logs-endpoint.events.process-*" + ], + "template": { + "settings": {}, + "mappings": { + "_meta": { + "package": { + "name": "endpoint" + }, + "managed_by": "fleet", + "managed": true + } + } + }, + "composed_of": [ + "logs@mappings", + "logs@settings", + "logs-endpoint.events.process@package", + "logs-endpoint.events.process@custom", + "ecs@mappings", + ".fleet_globals-1", + ".fleet_agent_id_verification-1", + "track-shared-logsdb-mode" + ], + "priority": 200, + "_meta": { + "package": { + "name": "endpoint" + }, + "managed_by": "fleet", + "managed": true + }, + "data_stream": { + "hidden": false, + "allow_custom_routing": false + {% if build_flavor != "serverless" %}, + "failure_store": false + {% endif %} + }, + "ignore_missing_component_templates": [ + "logs-endpoint.events.process@custom" + ] + } +} diff --git a/elastic/security/templates/composable-logsdb/logs-endpoint.events.registry.json b/elastic/security/templates/composable-logsdb/logs-endpoint.events.registry.json new file mode 100644 index 00000000..17820070 --- /dev/null +++ b/elastic/security/templates/composable-logsdb/logs-endpoint.events.registry.json @@ -0,0 +1,48 @@ +{ + "name": "logs-endpoint.events.registry", + "index_template": { + "index_patterns": [ + "logs-endpoint.events.registry-*" + ], + "template": { + "settings": {}, + "mappings": { + "_meta": { + "package": { + "name": "endpoint" + }, + "managed_by": "fleet", + "managed": true + } + } + }, + "composed_of": [ + "logs@mappings", + "logs@settings", + "logs-endpoint.events.registry@package", + "logs-endpoint.events.registry@custom", + "ecs@mappings", + ".fleet_globals-1", + ".fleet_agent_id_verification-1", + "track-shared-logsdb-mode" + ], + "priority": 200, + "_meta": { + "package": { + "name": "endpoint" + }, + "managed_by": "fleet", + "managed": true + }, + "data_stream": { + "hidden": false, + "allow_custom_routing": false + {% if build_flavor != "serverless" %}, + "failure_store": false + {% endif %} + }, + "ignore_missing_component_templates": [ + "logs-endpoint.events.registry@custom" + ] + } +} diff --git a/elastic/security/templates/composable-logsdb/logs-endpoint.events.security.json b/elastic/security/templates/composable-logsdb/logs-endpoint.events.security.json new file mode 100644 index 00000000..e999368a --- /dev/null +++ b/elastic/security/templates/composable-logsdb/logs-endpoint.events.security.json @@ -0,0 +1,48 @@ +{ + "name": "logs-endpoint.events.security", + "index_template": { + "index_patterns": [ + "logs-endpoint.events.security-*" + ], + "template": { + "settings": {}, + "mappings": { + "_meta": { + "package": { + "name": "endpoint" + }, + "managed_by": "fleet", + "managed": true + } + } + }, + "composed_of": [ + "logs@mappings", + "logs@settings", + "logs-endpoint.events.security@package", + "logs-endpoint.events.security@custom", + "ecs@mappings", + ".fleet_globals-1", + ".fleet_agent_id_verification-1", + "track-shared-logsdb-mode" + ], + "priority": 200, + "_meta": { + "package": { + "name": "endpoint" + }, + "managed_by": "fleet", + "managed": true + }, + "data_stream": { + "hidden": false, + "allow_custom_routing": false + {% if build_flavor != "serverless" %}, + "failure_store": false + {% endif %} + }, + "ignore_missing_component_templates": [ + "logs-endpoint.events.security@custom" + ] + } +} diff --git a/elastic/security/track.json b/elastic/security/track.json index 444d117c..1191fb2a 100644 --- a/elastic/security/track.json +++ b/elastic/security/track.json @@ -235,42 +235,66 @@ "name": "logs-endpoint.events.file", "index-pattern": "logs-endpoint.events.file-*", "delete-matching-indices": false, + {% if index_mode == "logsdb" %} + "template": "./templates/composable-logsdb/logs-endpoint.events.file.json", + {% else %} "template": "./templates/composable/logs-endpoint.events.file.json", + {% endif %} "template-path": "index_template" }, { "name": "logs-endpoint.events.library", "index-pattern": "logs-endpoint.events.library-*", "delete-matching-indices": false, + {% if index_mode == "logsdb" %} + "template": "./templates/composable-logsdb/logs-endpoint.events.library.json", + {% else %} "template": "./templates/composable/logs-endpoint.events.library.json", + {% endif %} "template-path": "index_template" }, { "name": "logs-endpoint.events.network", "index-pattern": "logs-endpoint.events.network-*", "delete-matching-indices": false, + {% if index_mode == "logsdb" %} + "template": "./templates/composable-logsdb/logs-endpoint.events.network.json", + {% else %} "template": "./templates/composable/logs-endpoint.events.network.json", + {% endif %} "template-path": "index_template" }, { "name": "logs-endpoint.events.process", "index-pattern": "logs-endpoint.events.process-*", "delete-matching-indices": false, + {% if index_mode == "logsdb" %} + "template": "./templates/composable-logsdb/logs-endpoint.events.process.json", + {% else %} "template": "./templates/composable/logs-endpoint.events.process.json", + {% endif %} "template-path": "index_template" }, { "name": "logs-endpoint.events.registry", "index-pattern": "logs-endpoint.events.registry-*", "delete-matching-indices": false, + {% if index_mode == "logsdb" %} + "template": "./templates/composable-logsdb/logs-endpoint.events.registry.json", + {% else %} "template": "./templates/composable/logs-endpoint.events.registry.json", + {% endif %} "template-path": "index_template" }, { "name": "logs-endpoint.events.security", "index-pattern": "logs-endpoint.events.security-*", "delete-matching-indices": false, + {% if index_mode == "logsdb" %} + "template": "./templates/composable-logsdb/logs-endpoint.events.security.json", + { %else %} "template": "./templates/composable/logs-endpoint.events.security.json", + {% endif %} "template-path": "index_template" }{{ ", " if not loop.last else "" }} {% else %} From e87fbe3667a6c3190e8473d69f2fba06a089e4ec Mon Sep 17 00:00:00 2001 From: Salvatore Campagna Date: Wed, 18 Sep 2024 13:51:38 +0200 Subject: [PATCH 02/10] fix: make sure logsdb is used when depending on kibana --- elastic/security/track.json | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/elastic/security/track.json b/elastic/security/track.json index 1191fb2a..ce50bdb1 100644 --- a/elastic/security/track.json +++ b/elastic/security/track.json @@ -92,6 +92,14 @@ {% endif %} {% endfor %} ], + {% if index_mode == "logsdb" %} + "component-templates": [ + { + "name": "track-shared-logsdb-mode", + "template": "./templates/component-logsdb/track-shared-logsdb-mode.json" + } + ], + {% else %} "component-templates": [ { "name": "track-shared-logsdb-mode", @@ -228,6 +236,7 @@ "template-path": "component_template" } ], + {% endif %} "composable-templates": [ {% for integration in p_integration_ratios.keys() %} {% if integration == "logs-endpoint" %} From c8f24479a8750e672a199b875c1b7de8f9efdcfe Mon Sep 17 00:00:00 2001 From: Salvatore Campagna Date: Wed, 18 Sep 2024 13:52:17 +0200 Subject: [PATCH 03/10] fix: add missing directory --- .../component-logsdb/track-shared-logsdb-mode.json | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 elastic/security/templates/component-logsdb/track-shared-logsdb-mode.json diff --git a/elastic/security/templates/component-logsdb/track-shared-logsdb-mode.json b/elastic/security/templates/component-logsdb/track-shared-logsdb-mode.json new file mode 100644 index 00000000..fc100208 --- /dev/null +++ b/elastic/security/templates/component-logsdb/track-shared-logsdb-mode.json @@ -0,0 +1,11 @@ +{ + "template": { + "settings": { + {% if index_mode %} + "index": { + "mode": {{ index_mode | tojson }} + } + {% endif %} + } + } +} From 9b33dae478c6a8f5c133c61337ad949f2789f637 Mon Sep 17 00:00:00 2001 From: Salvatore Campagna Date: Wed, 18 Sep 2024 13:54:57 +0200 Subject: [PATCH 04/10] fix: use the existing track-shared-logsdb-mode --- .../component-logsdb/track-shared-logsdb-mode.json | 11 ----------- elastic/security/track.json | 2 +- 2 files changed, 1 insertion(+), 12 deletions(-) delete mode 100644 elastic/security/templates/component-logsdb/track-shared-logsdb-mode.json diff --git a/elastic/security/templates/component-logsdb/track-shared-logsdb-mode.json b/elastic/security/templates/component-logsdb/track-shared-logsdb-mode.json deleted file mode 100644 index fc100208..00000000 --- a/elastic/security/templates/component-logsdb/track-shared-logsdb-mode.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "template": { - "settings": { - {% if index_mode %} - "index": { - "mode": {{ index_mode | tojson }} - } - {% endif %} - } - } -} diff --git a/elastic/security/track.json b/elastic/security/track.json index ce50bdb1..d13099c8 100644 --- a/elastic/security/track.json +++ b/elastic/security/track.json @@ -96,7 +96,7 @@ "component-templates": [ { "name": "track-shared-logsdb-mode", - "template": "./templates/component-logsdb/track-shared-logsdb-mode.json" + "template": "./templates/component/track-shared-logsdb-mode.json" } ], {% else %} From 4bf7fb22185a21426a896d9a33fe2d3ea45c96e6 Mon Sep 17 00:00:00 2001 From: Salvatore Campagna Date: Wed, 18 Sep 2024 14:35:57 +0200 Subject: [PATCH 05/10] fix: typo --- elastic/security/track.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/elastic/security/track.json b/elastic/security/track.json index d13099c8..9aa022cd 100644 --- a/elastic/security/track.json +++ b/elastic/security/track.json @@ -301,7 +301,7 @@ "delete-matching-indices": false, {% if index_mode == "logsdb" %} "template": "./templates/composable-logsdb/logs-endpoint.events.security.json", - { %else %} + {% else %} "template": "./templates/composable/logs-endpoint.events.security.json", {% endif %} "template-path": "index_template" From 6a83170b82de549c2a897d853cca714618c9f6f0 Mon Sep 17 00:00:00 2001 From: Salvatore Campagna Date: Wed, 18 Sep 2024 15:37:04 +0200 Subject: [PATCH 06/10] fix: remove ignore_missing_component_template --- .../templates/composable-logsdb/logs-endpoint.alerts.json | 5 +---- .../composable-logsdb/logs-endpoint.events.file.json | 5 +---- .../composable-logsdb/logs-endpoint.events.library.json | 5 +---- .../composable-logsdb/logs-endpoint.events.network.json | 5 +---- .../composable-logsdb/logs-endpoint.events.process.json | 5 +---- .../composable-logsdb/logs-endpoint.events.registry.json | 5 +---- .../composable-logsdb/logs-endpoint.events.security.json | 5 +---- 7 files changed, 7 insertions(+), 28 deletions(-) diff --git a/elastic/security/templates/composable-logsdb/logs-endpoint.alerts.json b/elastic/security/templates/composable-logsdb/logs-endpoint.alerts.json index 0a08d96f..516e566d 100644 --- a/elastic/security/templates/composable-logsdb/logs-endpoint.alerts.json +++ b/elastic/security/templates/composable-logsdb/logs-endpoint.alerts.json @@ -40,9 +40,6 @@ {% if build_flavor != "serverless" %}, "failure_store": false {% endif %} - }, - "ignore_missing_component_templates": [ - "logs-endpoint.alerts@custom" - ] + } } } diff --git a/elastic/security/templates/composable-logsdb/logs-endpoint.events.file.json b/elastic/security/templates/composable-logsdb/logs-endpoint.events.file.json index 3dfa1269..e32b3b7f 100644 --- a/elastic/security/templates/composable-logsdb/logs-endpoint.events.file.json +++ b/elastic/security/templates/composable-logsdb/logs-endpoint.events.file.json @@ -40,9 +40,6 @@ {% if build_flavor != "serverless" %}, "failure_store": false {% endif %} - }, - "ignore_missing_component_templates": [ - "logs-endpoint.events.file@custom" - ] + } } } diff --git a/elastic/security/templates/composable-logsdb/logs-endpoint.events.library.json b/elastic/security/templates/composable-logsdb/logs-endpoint.events.library.json index 7c1cc3a3..eaa310f1 100644 --- a/elastic/security/templates/composable-logsdb/logs-endpoint.events.library.json +++ b/elastic/security/templates/composable-logsdb/logs-endpoint.events.library.json @@ -40,9 +40,6 @@ {% if build_flavor != "serverless" %}, "failure_store": false {% endif %} - }, - "ignore_missing_component_templates": [ - "logs-endpoint.events.library@custom" - ] + } } } diff --git a/elastic/security/templates/composable-logsdb/logs-endpoint.events.network.json b/elastic/security/templates/composable-logsdb/logs-endpoint.events.network.json index caa24462..37ab286c 100644 --- a/elastic/security/templates/composable-logsdb/logs-endpoint.events.network.json +++ b/elastic/security/templates/composable-logsdb/logs-endpoint.events.network.json @@ -40,9 +40,6 @@ {% if build_flavor != "serverless" %}, "failure_store": false {% endif %} - }, - "ignore_missing_component_templates": [ - "logs-endpoint.events.network@custom" - ] + } } } diff --git a/elastic/security/templates/composable-logsdb/logs-endpoint.events.process.json b/elastic/security/templates/composable-logsdb/logs-endpoint.events.process.json index fd334b83..2820e7bc 100644 --- a/elastic/security/templates/composable-logsdb/logs-endpoint.events.process.json +++ b/elastic/security/templates/composable-logsdb/logs-endpoint.events.process.json @@ -40,9 +40,6 @@ {% if build_flavor != "serverless" %}, "failure_store": false {% endif %} - }, - "ignore_missing_component_templates": [ - "logs-endpoint.events.process@custom" - ] + } } } diff --git a/elastic/security/templates/composable-logsdb/logs-endpoint.events.registry.json b/elastic/security/templates/composable-logsdb/logs-endpoint.events.registry.json index 17820070..c00aeb2d 100644 --- a/elastic/security/templates/composable-logsdb/logs-endpoint.events.registry.json +++ b/elastic/security/templates/composable-logsdb/logs-endpoint.events.registry.json @@ -40,9 +40,6 @@ {% if build_flavor != "serverless" %}, "failure_store": false {% endif %} - }, - "ignore_missing_component_templates": [ - "logs-endpoint.events.registry@custom" - ] + } } } diff --git a/elastic/security/templates/composable-logsdb/logs-endpoint.events.security.json b/elastic/security/templates/composable-logsdb/logs-endpoint.events.security.json index e999368a..eb18a031 100644 --- a/elastic/security/templates/composable-logsdb/logs-endpoint.events.security.json +++ b/elastic/security/templates/composable-logsdb/logs-endpoint.events.security.json @@ -40,9 +40,6 @@ {% if build_flavor != "serverless" %}, "failure_store": false {% endif %} - }, - "ignore_missing_component_templates": [ - "logs-endpoint.events.security@custom" - ] + } } } From b44bd172e37cf7e5ed23e8e9a5fe23e517c498be Mon Sep 17 00:00:00 2001 From: Salvatore Campagna Date: Wed, 18 Sep 2024 16:40:04 +0200 Subject: [PATCH 07/10] fix: remove custom component templates --- .../templates/composable-logsdb/logs-endpoint.alerts.json | 1 - .../templates/composable-logsdb/logs-endpoint.events.file.json | 1 - .../composable-logsdb/logs-endpoint.events.library.json | 1 - .../composable-logsdb/logs-endpoint.events.network.json | 1 - .../composable-logsdb/logs-endpoint.events.process.json | 1 - .../composable-logsdb/logs-endpoint.events.registry.json | 1 - .../composable-logsdb/logs-endpoint.events.security.json | 1 - 7 files changed, 7 deletions(-) diff --git a/elastic/security/templates/composable-logsdb/logs-endpoint.alerts.json b/elastic/security/templates/composable-logsdb/logs-endpoint.alerts.json index 516e566d..e02322c2 100644 --- a/elastic/security/templates/composable-logsdb/logs-endpoint.alerts.json +++ b/elastic/security/templates/composable-logsdb/logs-endpoint.alerts.json @@ -20,7 +20,6 @@ "logs@mappings", "logs@settings", "logs-endpoint.alerts@package", - "logs-endpoint.alerts@custom", "ecs@mappings", ".fleet_globals-1", ".fleet_agent_id_verification-1", diff --git a/elastic/security/templates/composable-logsdb/logs-endpoint.events.file.json b/elastic/security/templates/composable-logsdb/logs-endpoint.events.file.json index e32b3b7f..93498765 100644 --- a/elastic/security/templates/composable-logsdb/logs-endpoint.events.file.json +++ b/elastic/security/templates/composable-logsdb/logs-endpoint.events.file.json @@ -20,7 +20,6 @@ "logs@mappings", "logs@settings", "logs-endpoint.events.file@package", - "logs-endpoint.events.file@custom", "ecs@mappings", ".fleet_globals-1", ".fleet_agent_id_verification-1", diff --git a/elastic/security/templates/composable-logsdb/logs-endpoint.events.library.json b/elastic/security/templates/composable-logsdb/logs-endpoint.events.library.json index eaa310f1..12a958f9 100644 --- a/elastic/security/templates/composable-logsdb/logs-endpoint.events.library.json +++ b/elastic/security/templates/composable-logsdb/logs-endpoint.events.library.json @@ -20,7 +20,6 @@ "logs@mappings", "logs@settings", "logs-endpoint.events.library@package", - "logs-endpoint.events.library@custom", "ecs@mappings", ".fleet_globals-1", ".fleet_agent_id_verification-1", diff --git a/elastic/security/templates/composable-logsdb/logs-endpoint.events.network.json b/elastic/security/templates/composable-logsdb/logs-endpoint.events.network.json index 37ab286c..f5514887 100644 --- a/elastic/security/templates/composable-logsdb/logs-endpoint.events.network.json +++ b/elastic/security/templates/composable-logsdb/logs-endpoint.events.network.json @@ -20,7 +20,6 @@ "logs@mappings", "logs@settings", "logs-endpoint.events.network@package", - "logs-endpoint.events.network@custom", "ecs@mappings", ".fleet_globals-1", ".fleet_agent_id_verification-1", diff --git a/elastic/security/templates/composable-logsdb/logs-endpoint.events.process.json b/elastic/security/templates/composable-logsdb/logs-endpoint.events.process.json index 2820e7bc..ebad9d29 100644 --- a/elastic/security/templates/composable-logsdb/logs-endpoint.events.process.json +++ b/elastic/security/templates/composable-logsdb/logs-endpoint.events.process.json @@ -20,7 +20,6 @@ "logs@mappings", "logs@settings", "logs-endpoint.events.process@package", - "logs-endpoint.events.process@custom", "ecs@mappings", ".fleet_globals-1", ".fleet_agent_id_verification-1", diff --git a/elastic/security/templates/composable-logsdb/logs-endpoint.events.registry.json b/elastic/security/templates/composable-logsdb/logs-endpoint.events.registry.json index c00aeb2d..14754e38 100644 --- a/elastic/security/templates/composable-logsdb/logs-endpoint.events.registry.json +++ b/elastic/security/templates/composable-logsdb/logs-endpoint.events.registry.json @@ -20,7 +20,6 @@ "logs@mappings", "logs@settings", "logs-endpoint.events.registry@package", - "logs-endpoint.events.registry@custom", "ecs@mappings", ".fleet_globals-1", ".fleet_agent_id_verification-1", diff --git a/elastic/security/templates/composable-logsdb/logs-endpoint.events.security.json b/elastic/security/templates/composable-logsdb/logs-endpoint.events.security.json index eb18a031..6c6a61fe 100644 --- a/elastic/security/templates/composable-logsdb/logs-endpoint.events.security.json +++ b/elastic/security/templates/composable-logsdb/logs-endpoint.events.security.json @@ -20,7 +20,6 @@ "logs@mappings", "logs@settings", "logs-endpoint.events.security@package", - "logs-endpoint.events.security@custom", "ecs@mappings", ".fleet_globals-1", ".fleet_agent_id_verification-1", From 6bfdd20cd79d494c8ab96d9dfc4894dd0a6a2739 Mon Sep 17 00:00:00 2001 From: Salvatore Campagna Date: Wed, 18 Sep 2024 20:58:58 +0200 Subject: [PATCH 08/10] fix: exclude logs-endpoint.events.file@package for serverless --- .../templates/composable-logsdb/logs-endpoint.events.file.json | 2 ++ 1 file changed, 2 insertions(+) diff --git a/elastic/security/templates/composable-logsdb/logs-endpoint.events.file.json b/elastic/security/templates/composable-logsdb/logs-endpoint.events.file.json index 93498765..44593779 100644 --- a/elastic/security/templates/composable-logsdb/logs-endpoint.events.file.json +++ b/elastic/security/templates/composable-logsdb/logs-endpoint.events.file.json @@ -19,7 +19,9 @@ "composed_of": [ "logs@mappings", "logs@settings", + {% if build_flavor != "serverless" %} "logs-endpoint.events.file@package", + {% endif %} "ecs@mappings", ".fleet_globals-1", ".fleet_agent_id_verification-1", From 3082d28c6c698549d43f30bedb2b01fe33401aa3 Mon Sep 17 00:00:00 2001 From: Salvatore Campagna Date: Thu, 19 Sep 2024 10:08:35 +0200 Subject: [PATCH 09/10] Revert "fix: exclude logs-endpoint.events.file@package for serverless" This reverts commit 6bfdd20cd79d494c8ab96d9dfc4894dd0a6a2739. --- .../templates/composable-logsdb/logs-endpoint.events.file.json | 2 -- 1 file changed, 2 deletions(-) diff --git a/elastic/security/templates/composable-logsdb/logs-endpoint.events.file.json b/elastic/security/templates/composable-logsdb/logs-endpoint.events.file.json index 44593779..93498765 100644 --- a/elastic/security/templates/composable-logsdb/logs-endpoint.events.file.json +++ b/elastic/security/templates/composable-logsdb/logs-endpoint.events.file.json @@ -19,9 +19,7 @@ "composed_of": [ "logs@mappings", "logs@settings", - {% if build_flavor != "serverless" %} "logs-endpoint.events.file@package", - {% endif %} "ecs@mappings", ".fleet_globals-1", ".fleet_agent_id_verification-1", From bce84072c540dca92cba6087a96db72da1936885 Mon Sep 17 00:00:00 2001 From: Salvatore Campagna Date: Thu, 19 Sep 2024 12:39:27 +0200 Subject: [PATCH 10/10] fix: document index_mode parameter --- elastic/security/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/elastic/security/README.md b/elastic/security/README.md index 6c4eba32..c1e8d3f2 100644 --- a/elastic/security/README.md +++ b/elastic/security/README.md @@ -83,6 +83,7 @@ The following parameters are available: * `wait_for_status` (default: `green`) - The track creates Data Streams prior to indexing. All created Data Streams must at least reach this status before indexing commences. Reduce to `yellow` for clusters where green isn't possible e.g. single node. * `corpora_uri_base` (default: `https://rally-tracks.elastic.co`) - Specify the base location of the datasets used by this track. +* `index_mode` (default: unset) - A parameter meant to be used internally which defines one of the available indexing modes, "standard", "logsdb" or "time_series". If not set, "standard" is used. ### Data Generation Parameters