21f1f28ab3
Fixes for this patchset: - split out elk-openstack-client.yml to match what's done elsewhere Fixes for patchset #11: - split out filebeat into separate role for openstack clients - update README.md to use elk-openstack-client.yml for this purpose - cleanup filebeat.yml.j2 to use correct syntax (no need for " anymore) Fixes for patchset #10: - add SELinux boolean "httpd_can_network_connect" - add libsemanage-python package dependency for booleans Fixes for patchset #9: - fix for RHEL7 clients, we need to specify remote EPEL rpm - RHEL7 clients need rpm_key module to import EPEL GPG key - switch to using uri module instead of curl for checking elasticsearch indices - add python-httplib2 dependency (needed for uri module) - use curl -XPOST instead of PUT for filebeat index template in elasticsearch Fixes from patchset #7 - remove unneeded rpm usage, switch to yum module - add logic to heapsize tuning so systems > 64G of memory will never exceed the 32G recommended heapsize - logic fix for prepopulating local logs into logstash - remove elasticsearch.yml, rpm provides this and we're not customizing it yet Fixes from patchset #6: - use yum repo Ansible module where we can - remove unecessary EPEL installation (only nginx needs it) - disable EPEL repo after installation to avoid OpenStack breakage This adds: (ELK Server) - Automated ELK stack deployment - SSL client generation - Heap size tuning (1/2 of available memory) - Firewall port additions (depending on active or not) - Supports either firewalld or iptables-services - Additional upstream Filebeat Kibana dashboards (ELK Client) - Sets up filebeat with appropriate SSL certificates - utilizes both hostnames and SubjectAltName support (for environments without DNS services). (Usage) ansible-playbook -i hosts install/elk.yml ansible-playbook -i hosts install/elk-client.yml --extra-vars 'elk_server=X.X.X.X' Change-Id: Iee29f985e0bbcdf706ad869f132d4c0f1593a6b6
50 lines
991 B
JSON
50 lines
991 B
JSON
{
|
|
"mappings": {
|
|
"_default_": {
|
|
"_all": {
|
|
"enabled": true,
|
|
"norms": {
|
|
"enabled": false
|
|
}
|
|
},
|
|
"dynamic_templates": [
|
|
{
|
|
"template1": {
|
|
"mapping": {
|
|
"doc_values": true,
|
|
"ignore_above": 1024,
|
|
"index": "not_analyzed",
|
|
"type": "{dynamic_type}"
|
|
},
|
|
"match": "*"
|
|
}
|
|
}
|
|
],
|
|
"properties": {
|
|
"@timestamp": {
|
|
"type": "date"
|
|
},
|
|
"message": {
|
|
"type": "string",
|
|
"index": "analyzed"
|
|
},
|
|
"offset": {
|
|
"type": "long",
|
|
"doc_values": "true"
|
|
},
|
|
"geoip" : {
|
|
"type" : "object",
|
|
"dynamic": true,
|
|
"properties" : {
|
|
"location" : { "type" : "geo_point" }
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"settings": {
|
|
"index.refresh_interval": "5s"
|
|
},
|
|
"template": "filebeat-*"
|
|
}
|