bump Logstash stask size to 2048k and make zeek.dns.trans_id an integer

mmguero-dev · Nov 22, 2024 · e7ccc0e · e7ccc0e
1 parent 14f568c
commit e7ccc0e
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 4 deletions.
diff --git a/arkime/etc/config.ini b/arkime/etc/config.ini
@@ -399,7 +399,7 @@ zeek.dnp3_objects.range_high=db:zeek.dnp3_objects.range_high;group:zeek_dnp3;kin
 
 # dns.log
 # https://docs.zeek.org/en/stable/scripts/base/protocols/dns/main.zeek.html#type-DNS::Info
-zeek.dns.trans_id=db:zeek.dns.trans_id;group:zeek_dns;kind:termfield;viewerOnly:true;friendly:Transaction ID;help:Transaction ID
+zeek.dns.trans_id=db:zeek.dns.trans_id;group:zeek_dns;kind:integer;viewerOnly:true;friendly:Transaction ID;help:Transaction ID
 zeek.dns.rtt=db:zeek.dns.rtt;group:zeek_dns;kind:termfield;viewerOnly:true;friendly:Round Trip Time;help:Round Trip Time
 zeek.dns.query=db:zeek.dns.query;group:zeek_dns;kind:termfield;viewerOnly:true;friendly:Query;help:Query
 zeek.dns.qclass=db:zeek.dns.qclass;group:zeek_dns;kind:termfield;viewerOnly:true;friendly:Query Class Code;help:Query Class Code

diff --git a/config/logstash.env.example b/config/logstash.env.example
@@ -14,4 +14,4 @@ LOGSTASH_NETBOX_ENRICHMENT_DATASETS=suricata.alert,zeek.conn,zeek.dhcp,zeek.dns,
 # Zeek log types that will be ignored (dropped) by LogStash
 LOGSTASH_ZEEK_IGNORED_LOGS=analyzer,broker,cluster,config,loaded_scripts,packet_filter,png,print,prof,reporter,stderr,stdout
 # Logstash memory allowance and other Java options
-LS_JAVA_OPTS=-server -Xmx2500m -Xms2500m -Xss1536k -XX:-HeapDumpOnOutOfMemoryError -Djava.security.egd=file:/dev/./urandom -Dlog4j.formatMsgNoLookups=true -Dlogstash.pipelinebus.implementation=v1
+LS_JAVA_OPTS=-server -Xmx2500m -Xms2500m -Xss2048k -XX:-HeapDumpOnOutOfMemoryError -Djava.security.egd=file:/dev/./urandom -Dlog4j.formatMsgNoLookups=true -Dlogstash.pipelinebus.implementation=v1
diff --git a/dashboards/templates/composable/component/zeek.json b/dashboards/templates/composable/component/zeek.json
@@ -66,7 +66,7 @@
         "zeek.dns.rejected": { "type": "keyword" },
         "zeek.dns.rtt": { "type": "float" },
         "zeek.dns.TC": { "type": "keyword" },
-        "zeek.dns.trans_id": { "type": "keyword" },
+        "zeek.dns.trans_id": { "type": "integer" },
         "zeek.dns.TTLs": { "type": "float" },
         "zeek.dns.Z": { "type": "keyword" },
         "zeek.dpd.failure_reason": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },

diff --git a/scripts/install.py b/scripts/install.py
@@ -107,7 +107,7 @@
 
 BACK_LABEL = 'Go Back'
 
-LOGSTASH_JAVA_OPTS_DEFAULT = '-server -Xmx2500m -Xms2500m -Xss1536k -XX:-HeapDumpOnOutOfMemoryError -Djava.security.egd=file:/dev/./urandom -Dlog4j.formatMsgNoLookups=true'
+LOGSTASH_JAVA_OPTS_DEFAULT = '-server -Xmx2500m -Xms2500m -Xss2048k -XX:-HeapDumpOnOutOfMemoryError -Djava.security.egd=file:/dev/./urandom -Dlog4j.formatMsgNoLookups=true'
 OPENSEARCH_JAVA_OPTS_DEFAULT = '-server -Xmx10g -Xms10g -Xss256k -XX:-HeapDumpOnOutOfMemoryError -Djava.security.egd=file:/dev/./urandom -Dlog4j.formatMsgNoLookups=true'
 
 ###################################################################################################