Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow splitting out indexes by event.provider #450

Open
mmguero opened this issue Mar 19, 2024 · 0 comments
Open

allow splitting out indexes by event.provider #450

mmguero opened this issue Mar 19, 2024 · 0 comments
Labels
elastic Related to issue with external ElasticSearch/Kibana output enhancement New feature or request logstash Relating to Malcolm's use of Logstash opensearch Relating to Malcolm's use of OpenSearch performance Related to speed/performance
Milestone
v24.06.0

Comments

@mmguero
Copy link
Collaborator

mmguero commented Mar 19, 2024

As of release v24.01.0, the MALCOLM_NETWORK_INDEX_PATTERN and MALCOLM_NETWORK_INDEX_SUFFIX environment variables allow splitting out Suricata and Zeek to a different index pattern from the one Arkime creates.

It may be useful to add another replacer to the pattern definable in either one or the other of these variables (probably the suffix?) to further allow it to be split out based on the event.provider variable (suricata vs. zeek, etc.).
@mmguero mmguero added enhancement New feature or request opensearch Relating to Malcolm's use of OpenSearch logstash Relating to Malcolm's use of Logstash performance Related to speed/performance elastic Related to issue with external ElasticSearch/Kibana output labels Mar 19, 2024
@mmguero mmguero added this to the v24.03.1 milestone Mar 19, 2024
@mmguero mmguero self-assigned this Mar 19, 2024
@mmguero mmguero modified the milestones: v24.03.1, v24.04.0 Mar 19, 2024
@mmguero mmguero removed their assignment Mar 27, 2024
@mmguero mmguero added the falcon label Apr 2, 2024
@mmguero mmguero modified the milestones: v24.04.0, v24.05.0 Apr 8, 2024
@mmguero mmguero removed the falcon label May 7, 2024
@mmguero mmguero modified the milestones: v24.05.0, v24.06.0 May 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
elastic Related to issue with external ElasticSearch/Kibana output enhancement New feature or request logstash Relating to Malcolm's use of Logstash opensearch Relating to Malcolm's use of OpenSearch performance Related to speed/performance
Projects
Malcolm
Status: Todo (develop)
Milestone
v24.06.0
Development

No branches or pull requests
1 participant
@mmguero