f-galland
commented
1 month ago The index and its template get created on cluster startup:
fede@tyner:~/IdeaProjects/wazuh-indexer-plugins/plugins/command-manager (122-initialize-commands-index)
$ curl http://localhost:9200/_cat/indices/.commands
green open .commands wk1RXJRZQmqWCcu4AvcpfA 1 0 0 0 208b 208b
fede@tyner:~/IdeaProjects/wazuh-indexer-plugins/plugins/command-manager (122-initialize-commands-index)
$ curl http://localhost:9200/_cat/templates
index-template-alerts [wazuh-alerts-5.x-*] 0
index-template-vulnerabilities [wazuh-states-vulnerabilities*] 0
index-template-commands [.commands*] 0
index-template-system [wazuh-states-inventory-system*] 0
index-template-packages [wazuh-states-inventory-packages*] 0
index-template-agent [.agents*] 0
index-template-fim [wazuh-states-fim*] 0
index-template-processes [wazuh-states-inventory-processes*] 0
fede@tyner:~/IdeaProjects/wazuh-indexer-plugins/plugins/command-manager (122-initialize-commands-index)
$ curl http://localhost:9200/_template/index-template-commands?pretty
{
"index-template-commands" : {
"order" : 0,
"index_patterns" : [
".commands*"
],
"settings" : {
"index" : {
"refresh_interval" : "5s",
"hidden" : "true",
"number_of_shards" : "1",
"number_of_replicas" : "0",
"query" : {
"default_field" : [
"command.source",
"command.target.type",
"command.status",
"command.action.name"
]
}
}
},
"mappings" : {
"dynamic" : "strict",
"date_detection" : false,
"properties" : {
"agent" : {
"properties" : {
"groups" : {
"ignore_above" : 1024,
"type" : "keyword"
}
}
},
"command" : {
"properties" : {
"result" : {
"properties" : {
"code" : {
"type" : "short"
},
"data" : {
"ignore_above" : 1024,
"type" : "keyword"
},
"message" : {
"ignore_above" : 1024,
"type" : "keyword"
}
}
},
"action" : {
"properties" : {
"args" : {
"ignore_above" : 1024,
"type" : "keyword"
},
"name" : {
"ignore_above" : 1024,
"type" : "keyword"
},
"version" : {
"ignore_above" : 1024,
"type" : "keyword"
}
}
},
"source" : {
"ignore_above" : 1024,
"type" : "keyword"
},
"order_id" : {
"ignore_above" : 1024,
"type" : "keyword"
},
"request_id" : {
"ignore_above" : 1024,
"type" : "keyword"
},
"user" : {
"ignore_above" : 1024,
"type" : "keyword"
},
"timeout" : {
"type" : "short"
},
"status" : {
"ignore_above" : 1024,
"type" : "keyword"
},
"target" : {
"properties" : {
"id" : {
"ignore_above" : 1024,
"type" : "keyword"
},
"type" : {
"ignore_above" : 1024,
"type" : "keyword"
}
}
}
}
}
}
},
"aliases" : { }
}
}
Description
This PR adds the
.commandsindex and its associated template to thesetupplugin's initialization logic, so that the index gets created and the template applied upon cluster initialization.Issues Resolved
Resolves #122