Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding updated templates #148

Merged
merged 1 commit into from
Nov 13, 2024
Merged

Adding updated templates #148

merged 1 commit into from
Nov 13, 2024

Conversation

f-galland
Copy link
Member

@f-galland f-galland self-assigned this Nov 13, 2024
@f-galland
Copy link
Member Author

All the indices' mappings seem to be loaded properly:

(env) fede@tyner:~/src/wazuh-indexer/ecs (master)
$ for i in $(ls -1 ~/IdeaProjects/wazuh-indexer-plugins/plugins/setup/src/main/resources/);  do TEMPLATE=${i%.json};  echo ${TEMPLATE};  curl -s http://localhost:9200/_template/"${TEMPLATE}" | jq '."'${TEMPLATE}'".mappings.properties | keys';  done
index-template-agent
[
  "agent"
]
index-template-alerts
[
  "@timestamp",
  "agent",
  "client",
  "cloud",
  "container",
  "data_stream",
  "destination",
  "device",
  "dll",
  "dns",
  "ecs",
  "email",
  "error",
  "event",
  "faas",
  "file",
  "group",
  "host",
  "http",
  "labels",
  "log",
  "message",
  "network",
  "observer",
  "orchestrator",
  "organization",
  "package",
  "process",
  "registry",
  "related",
  "rule",
  "server",
  "service",
  "source",
  "span",
  "threat",
  "tls",
  "trace",
  "transaction",
  "url",
  "user",
  "user_agent",
  "vulnerability"
]
index-template-commands
[
  "agent",
  "command"
]
index-template-fim
[
  "agent",
  "file",
  "host",
  "registry"
]
index-template-hardware
[
  "@timestamp",
  "agent",
  "host",
  "observer"
]
index-template-hotfixes
[
  "@timestamp",
  "agent",
  "host",
  "package"
]
index-template-networks
[
  "@timestamp",
  "agent",
  "host",
  "network",
  "observer"
]
index-template-packages
[
  "@timestamp",
  "agent",
  "host",
  "package"
]
index-template-ports
[
  "@timestamp",
  "agent",
  "destination",
  "device",
  "file",
  "host",
  "network",
  "process",
  "source"
]
index-template-processes
[
  "@timestamp",
  "agent",
  "host",
  "process"
]
index-template-system
[
  "@timestamp",
  "agent",
  "host"
]
index-template-vulnerabilities
[
  "agent",
  "host",
  "package",
  "vulnerability",
  "wazuh"
]

@f-galland f-galland marked this pull request as ready for review November 13, 2024 15:22
@f-galland f-galland requested a review from a team as a code owner November 13, 2024 15:22
AlexRuiz7
AlexRuiz7 approved these changes Nov 13, 2024
View reviewed changes
Copy link
Member

@AlexRuiz7 AlexRuiz7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

/_cat/templates?v

name                           index_patterns                      order version composed_of
index-template-alerts          [wazuh-alerts-5.x-*]                0             
index-template-vulnerabilities [wazuh-states-vulnerabilities*]     0             
index-template-commands        [.commands*]                        0             
index-template-hardware        [wazuh-states-inventory-hardware*]  0             
index-template-system          [wazuh-states-inventory-system*]    0             
index-template-hotfixes        [wazuh-states-inventory-hotfixes*]  0             
index-template-ports           [wazuh-states-inventory-ports*]     0             
index-template-packages        [wazuh-states-inventory-packages*]  0             
index-template-agent           [.agents*]                          0             
index-template-networks        [wazuh-states-inventory-networks*]  0             
index-template-fim             [wazuh-states-fim*]                 0             
index-template-processes       [wazuh-states-inventory-processes*] 0

/_cat/indices/.*?v

health status index     uuid                   pri rep docs.count docs.deleted store.size pri.store.size
green  open   .agents   XzpKkFWBRymAwnMh2SbeZg   1   0                                                  
green  open   .commands jto3W0UUQKOyGc1Scz3yIg   1   0

/_cat/indices?v

health status index                            uuid                   pri rep docs.count docs.deleted store.size pri.store.size
green  open   wazuh-states-inventory-hardware  xDTia8PnRRSLj4kEQvbVSg   1   0                                                  
green  open   wazuh-states-vulnerabilities     N2OQnn6JTc6gkdTwb3xuMQ   1   0                                                  
green  open   wazuh-states-fim                 8WgImOGtRhSlytYVA919Vw   1   0                                                  
green  open   wazuh-alerts-5.x-0001            ctlC2trfS3K2B3DIIQzTkA   1   0                                                  
green  open   wazuh-states-inventory-hotfixes  gLFA2L1YStyF8CciDkLQAA   1   0                                                  
green  open   wazuh-states-inventory-ports     85-vtO07RbmoROpZaUEd7A   1   0                                                  
green  open   wazuh-states-inventory-system    E-Rea-ogSjSie6yOlzBDQA   1   0                                                  
green  open   wazuh-states-inventory-networks  MTyuuRyzRFWPoHPSoUgfuA   1   0                                                  
green  open   wazuh-states-inventory-packages  IAN-7eSJTbyIGQ4prJ1Xdg   1   0                                                  
green  open   wazuh-states-inventory-processes 5BftT0SQQ5SMG9ZbeC-wQQ   1   0

@AlexRuiz7 AlexRuiz7 merged commit e3248bb into master Nov 13, 2024
@AlexRuiz7 AlexRuiz7 deleted the 147-index-template-refinement-1 branch November 13, 2024 16:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AlexRuiz7 AlexRuiz7 AlexRuiz7 approved these changes

Assignees

@f-galland f-galland

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Index templates refinement I
2 participants
@f-galland @AlexRuiz7