846a90d025
At present we're collecting too much info by default. We're seeing +500GB on a <50 node environment in just two weeks. While we dont expect the data set to grow much larger given the use of curator, this change lowers the default collection intervals of the various beats and updates the retention / detection policies so we're not storing too much information. To correct a unicode problem with py2 the host index loops have been updated. Curator has also been updated to run everyday. Change-Id: Ic202eb19806d1b805fa314d3d8bde05b286740e0 Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
82 lines
2.7 KiB
Django/Jinja
82 lines
2.7 KiB
Django/Jinja
{% set IP_ARR=[] %}
|
|
{% for host in groups['elastic-logstash'] %}
|
|
{% set _ = IP_ARR.insert(loop.index, ((hostvars[host]['ansible_host'] | string) + ":" + (logstash_beat_input_port | string))) %}
|
|
{% endfor %}
|
|
output.logstash:
|
|
# Boolean flag to enable or disable the output module.
|
|
enabled: true
|
|
|
|
# The Logstash hosts
|
|
hosts: {{ IP_ARR | to_json }}
|
|
|
|
# Number of workers per Logstash host.
|
|
#worker: 1
|
|
|
|
# Set gzip compression level.
|
|
#compression_level: 3
|
|
|
|
# Optional maximum time to live for a connection to Logstash, after which the
|
|
# connection will be re-established. A value of `0s` (the default) will
|
|
# disable this feature.
|
|
#
|
|
# Not yet supported for async connections (i.e. with the "pipelining" option set)
|
|
#ttl: 30s
|
|
|
|
# Optional load balance the events between the Logstash hosts. Default is false.
|
|
loadbalance: true
|
|
|
|
# Number of batches to be sent asynchronously to logstash while processing
|
|
# new batches.
|
|
#pipelining: 2
|
|
|
|
# If enabled only a subset of events in a batch of events is transferred per
|
|
# transaction. The number of events to be sent increases up to `bulk_max_size`
|
|
# if no error is encountered.
|
|
#slow_start: false
|
|
|
|
# Optional index name. The default index name is set to heartbeat
|
|
# in all lowercase.
|
|
#index: 'heartbeat'
|
|
|
|
# SOCKS5 proxy server URL
|
|
#proxy_url: socks5://user:password@socks5-server:2233
|
|
|
|
# Resolve names locally when using a proxy server. Defaults to false.
|
|
#proxy_use_local_resolver: false
|
|
|
|
# Enable SSL support. SSL is automatically enabled, if any SSL setting is set.
|
|
#ssl.enabled: true
|
|
|
|
# Configure SSL verification mode. If `none` is configured, all server hosts
|
|
# and certificates will be accepted. In this mode, SSL based connections are
|
|
# susceptible to man-in-the-middle attacks. Use only for testing. Default is
|
|
# `full`.
|
|
#ssl.verification_mode: full
|
|
|
|
# List of supported/valid TLS versions. By default all TLS versions 1.0 up to
|
|
# 1.2 are enabled.
|
|
#ssl.supported_protocols: [TLSv1.0, TLSv1.1, TLSv1.2]
|
|
|
|
# Optional SSL configuration options. SSL is off by default.
|
|
# List of root certificates for HTTPS server verifications
|
|
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
|
|
|
|
# Certificate for SSL client authentication
|
|
#ssl.certificate: "/etc/pki/client/cert.pem"
|
|
|
|
# Client Certificate Key
|
|
#ssl.key: "/etc/pki/client/cert.key"
|
|
|
|
# Optional passphrase for decrypting the Certificate Key.
|
|
#ssl.key_passphrase: ''
|
|
|
|
# Configure cipher suites to be used for SSL connections
|
|
#ssl.cipher_suites: []
|
|
|
|
# Configure curve types for ECDHE based cipher suites
|
|
#ssl.curve_types: []
|
|
|
|
# Configure what types of renegotiation are supported. Valid options are
|
|
# never, once, and freely. Default is never.
|
|
#ssl.renegotiation: never
|