Implement the creation of the Packages index template and index (#59)

* Add wazuh-states-packages template * Create packages index template upon plugin load
wazuh · Sep 13, 2024 · de31ddf · de31ddf
1 parent 628d7a2
commit de31ddf
Show file tree

Hide file tree

Showing 2 changed files with 77 additions and 0 deletions.
diff --git a/plugins/wazuh-indexer-setup/src/main/java/org/wazuh/setup/index/WazuhIndices.java b/plugins/wazuh-indexer-setup/src/main/java/org/wazuh/setup/index/WazuhIndices.java
@@ -51,6 +51,7 @@ public WazuhIndices(Client client, ClusterService clusterService) {
         // Create Index Templates - Indices map
         this.indexTemplates.put("index-template-agent", ".agents");
         this.indexTemplates.put("index-template-alerts", "wazuh-alerts-5.x-0001");
+        this.indexTemplates.put("index-template-packages", "wazuh-states-inventory-packages");
     }
 
     /**

diff --git a/plugins/wazuh-indexer-setup/src/main/resources/index-template-packages.json b/plugins/wazuh-indexer-setup/src/main/resources/index-template-packages.json
@@ -0,0 +1,76 @@
+{
+  "index_patterns": [
+    "wazuh-states-inventory-packages*"
+  ],
+  "mappings": {
+    "date_detection": false,
+    "dynamic": "strict",
+    "properties": {
+      "@timestamp": {
+        "type": "date"
+      },
+      "agent": {
+        "properties": {
+          "groups": {
+            "ignore_above": 1024,
+            "type": "keyword"
+          },
+          "id": {
+            "ignore_above": 1024,
+            "type": "keyword"
+          }
+        }
+      },
+      "package": {
+        "properties": {
+          "architecture": {
+            "ignore_above": 1024,
+            "type": "keyword"
+          },
+          "description": {
+            "ignore_above": 1024,
+            "type": "keyword"
+          },
+          "installed": {
+            "type": "date"
+          },
+          "name": {
+            "ignore_above": 1024,
+            "type": "keyword"
+          },
+          "path": {
+            "ignore_above": 1024,
+            "type": "keyword"
+          },
+          "size": {
+            "type": "long"
+          },
+          "type": {
+            "ignore_above": 1024,
+            "type": "keyword"
+          },
+          "version": {
+            "ignore_above": 1024,
+            "type": "keyword"
+          }
+        }
+      }
+    }
+  },
+  "order": 1,
+  "settings": {
+    "index": {
+      "number_of_replicas": "0",
+      "number_of_shards": "1",
+      "query.default_field": [
+        "agent.id",
+        "agent.groups",
+        "package.architecture",
+        "package.name",
+        "package.version",
+        "package.type"
+      ],
+      "refresh_interval": "5s"
+    }
+  }
+}