diff --git a/templates b/templates index 7da9969..06640b4 100644 --- a/templates +++ b/templates @@ -7,3 +7,191 @@ PUT _index_template/stackmonitoring PUT _index_template/stackmonitoring-index {"index_patterns":["stackmonitoring-index"],"template":{"settings":{"index.routing.allocation.include._tier_preference":"data_hot","index.lifecycle.name":"smng"}},"data_stream":{},"composed_of":["smng_fields"]} + +# ILM Policy for data lifecycle management +PUT _ilm/policy/ilm_data_policy +{ + "policy": { + "phases": { + "hot": { + "min_age": "0ms", + "actions": { + "rollover": { + "max_age": "1d", + "max_size": "50GB", + "max_docs": 10000000 + }, + "set_priority": { + "priority": 100 + } + } + }, + "warm": { + "min_age": "1d", + "actions": { + "set_priority": { + "priority": 50 + }, + "allocate": { + "number_of_replicas": 0 + } + } + }, + "cold": { + "min_age": "7d", + "actions": { + "set_priority": { + "priority": 0 + } + } + }, + "delete": { + "min_age": "30d", + "actions": { + "delete": {} + } + } + } + } +} + +# Component template for ILM data fields +PUT _component_template/ilm_data_fields +{ + "template": { + "mappings": { + "dynamic_templates": [ + { + "match_timestamp": { + "match": "timestamp", + "match_mapping_type": "long", + "mapping": { + "type": "date" + } + } + }, + { + "match_message": { + "match": "message", + "match_mapping_type": "string", + "mapping": { + "type": "match_only_text" + } + } + }, + { + "strings_as_keyword": { + "match_mapping_type": "string", + "mapping": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + ], + "properties": { + "@timestamp": { + "type": "date" + }, + "log_level": { + "type": "keyword" + }, + "service": { + "type": "keyword" + }, + "environment": { + "type": "keyword" + }, + "host": { + "properties": { + "name": { + "type": "keyword" + }, + "ip": { + "type": "ip", + "ignore_malformed": true + } + } + }, + "message": { + "type": "text", + "fields": { + "keyword": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "tags": { + "type": "keyword" + } + } + }, + "settings": { + "index.number_of_shards": 1, + "index.number_of_replicas": 1, + "index.refresh_interval": "5s" + } + } +} + +# Index template for ILM data +PUT _index_template/stackmonitoring-ilm +{ + "index_patterns": ["stackmonitoring-ilm"], + "template": { + "settings": { + "index.routing.allocation.include._tier_preference": "data_hot", + "index.lifecycle.name": "ilm_data_policy", + "index.codec": "best_compression" + } + }, + "data_stream": {}, + "composed_of": ["smng_fields"], + "priority": 200 +} + +# Index template for Elasticsearch API stats +PUT _index_template/stackmonitoring-elasticsearch-api +{ + "index_patterns": ["stackmonitoring-elasticsearch-api"], + "template": { + "settings": { + "index.routing.allocation.include._tier_preference": "data_hot", + "index.lifecycle.name": "smng" + } + }, + "data_stream": {}, + "composed_of": ["smng_fields"], + "priority": 200 +} + +# Index template for Kibana API stats +PUT _index_template/stackmonitoring-kibana-api +{ + "index_patterns": ["stackmonitoring-kibana-api"], + "template": { + "settings": { + "index.routing.allocation.include._tier_preference": "data_hot", + "index.lifecycle.name": "smng" + } + }, + "data_stream": {}, + "composed_of": ["smng_fields"], + "priority": 200 +} + +# Index template for Logstash API stats +PUT _index_template/stackmonitoring-logstash-api +{ + "index_patterns": ["stackmonitoring-logstash-api"], + "template": { + "settings": { + "index.routing.allocation.include._tier_preference": "data_hot", + "index.lifecycle.name": "smng" + } + }, + "data_stream": {}, + "composed_of": ["smng_fields"], + "priority": 200 +}