diff --git a/dev/package-examples/base-1.0.0/elasticsearch/ilm-policy/events-default.json b/dev/package-examples/base-1.0.0/elasticsearch/ilm-policy/events-default.json new file mode 100644 index 000000000..26115b3a3 --- /dev/null +++ b/dev/package-examples/base-1.0.0/elasticsearch/ilm-policy/events-default.json @@ -0,0 +1,15 @@ +{ + "policy": { + "phases": { + "hot": { + "min_age": "0ms", + "actions": { + "rollover": { + "max_size": "50gb", + "max_age": "30d" + } + } + } + } + } +} diff --git a/dev/package-examples/base-1.0.0/elasticsearch/index-template/events-mapping.json b/dev/package-examples/base-1.0.0/elasticsearch/index-template/events-mapping.json new file mode 100644 index 000000000..92f037d52 --- /dev/null +++ b/dev/package-examples/base-1.0.0/elasticsearch/index-template/events-mapping.json @@ -0,0 +1,134 @@ +{ + "order": 1, + "index_patterns": [ + "events-*-*" + ], + "mappings": { + "_meta": { + }, + "dynamic_templates": [ + { + "strings_as_keyword": { + "mapping": { + "ignore_above": 1024, + "type": "keyword" + }, + "match_mapping_type": "string" + } + } + ], + "date_detection": false, + "properties": { + "agent": { + "properties": { + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "ephemeral_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "ecs": { + "properties": { + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "host": { + "properties": { + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "properties": { + "build": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "codename": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + }, + "platform": { + "ignore_above": 1024, + "type": "keyword" + }, + "full": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "ip": { + "type": "ip" + }, + "containerized": { + "type": "boolean" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "architecture": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "message": { + "type": "text" + } + } + }, + "aliases": {} +} diff --git a/dev/package-examples/base-1.0.0/elasticsearch/index-template/events-settings.json b/dev/package-examples/base-1.0.0/elasticsearch/index-template/events-settings.json new file mode 100644 index 000000000..468983779 --- /dev/null +++ b/dev/package-examples/base-1.0.0/elasticsearch/index-template/events-settings.json @@ -0,0 +1,24 @@ +{ + "order": 1, + "index_patterns": [ + "events-*-*" + ], + "settings": { + "index": { + "lifecycle": { + "name": "events-default", + "rollover_alias": "events-generic-default" + }, + "codec": "best_compression", + "refresh_interval": "5s", + "number_of_shards": "1", + "query": { + "default_field": [ + "message" + ] + }, + "number_of_routing_shards": "30" + } + }, + "aliases": {} +}