disable replicas for .kibana and elastalert indices

Security-Onion-Solutions · Feb 1, 2018 · eb68c4a · eb68c4a
1 parent c5f68c4
commit eb68c4a
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 5 deletions.
diff --git a/usr/sbin/so-elastic-configure-elastalert b/usr/sbin/so-elastic-configure-elastalert
@@ -8,11 +8,15 @@ if [ ${ELASTALERT_ENABLED} = "yes" ]; then
 
 	header "Configuring ElastAlert"
 
-# commenting out for now
-#	if ! curl -s -XGET http://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/${ELASTALERT_INDEX} | grep -q "no such index"; then
-#		curl -s -XDELETE http://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/${ELASTALERT_INDEX}
-#	fi
-#	curl -s -XPUT http://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/_template/elastalert -H'Content-Type: application/json' -d'{"index_patterns" : "elastalert*", "settings": { "number_of_shards" : 1, "number_of_replicas" : 0 }, "mappings" : { "search": {"properties": {"hits": {"type": "integer"}, "version": {"type": "integer"}, "match_body.source_ip": {"type": "ip"}, "match_body.destination_ip": {"type": "ip"}}}}}' > /dev/null && echo && echo "Template configured for ElastAlert." && echo "Done!"
+	# commenting out for now
+	#if ! curl -s -XGET http://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/${ELASTALERT_INDEX} | grep -q "no such index"; then
+	#	curl -s -XDELETE http://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/${ELASTALERT_INDEX}
+	#fi
+	#curl -s -XPUT http://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/_template/elastalert -H'Content-Type: application/json' -d'{"index_patterns" : "elastalert*", "settings": { "number_of_shards" : 1, "number_of_replicas" : 0 }, "mappings" : { "search": {"properties": {"hits": {"type": "integer"}, "version": {"type": "integer"}, "match_body.source_ip": {"type": "ip"}, "match_body.destination_ip": {"type": "ip"}}}}}' > /dev/null && echo && echo "Template configured for ElastAlert." && echo "Done!"
+
+        curl -s -XPUT "${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/elastalert*/_settings" \
+             -H 'Content-Type: application/json' \
+             -d'{"index" : {"number_of_replicas" : 0}}'
 
 else
 	echo "ElastAlert disabled, so not configuring..."

diff --git a/usr/sbin/so-elastic-configure-kibana-config b/usr/sbin/so-elastic-configure-kibana-config
@@ -85,6 +85,10 @@ else
 	     -d'{"index_patterns" : ".kibana", "settings": { "number_of_shards" : 1, "number_of_replicas" : 0 }, "mappings" : { "search": {"properties": {"hits": {"type": "integer"}, "version": {"type": "integer"}}}}}'
 	echo
 
+	curl -s -XPUT "${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/.kibana/_settings" \
+	     -H 'Content-Type: application/json' \
+	     -d'{"index" : {"number_of_replicas" : 0}}'
+
 	# Finally, update KIBANA_VERSION in securityonion.conf to reflect the current Kibana version
 	echo
 	echo "Updating /etc/nsm/securityonion.conf with correct Kibana version ($KIBANA_VERSION)..."