iamhowardtheduck

PUT _index_template/elastic-cloud-logs-8
{
  "version": 1,
  "priority": 1000,
  "template": {
    "settings": {
      "index": {
        "lifecycle": {
          "name": "elastic-cloud-logs",
          "rollover_alias": "elastic-cloud-logs-8"

iamhowardtheduck

clear
echo -e "\n\n\n\n\n\n\n"
if [[ $EUID -eq 0 ]]; then
  echo "This script must NOT be run as \"root\" OR as \"sudo $USER\"; please try again." 1>&2
  exit 1
fi
sudo apt update -y
sudo apt install dialog git -y
#
# BEGIN WELCOME SCREEN & INITIAL UPDATING

iamhowardtheduck

# Comprises of the following and to be installed in this order:
# - Index template for field mapping
# - DevTool command for index creation
# - Ingest pipelines for conditional parsing (1 main and 16 conditional)
# - Logstash pipeline to query Home-Assistant states via an API; use this link to obtain your authorization from your Home-Assistant instance:
# -- https://developers.home-assistant.io/docs/api/rest/ --
# - A lot of blood, sweat, and tears (not really, this was fun!) ☺


### INDEX TEMPLATE ### (updated: 20220928)

iamhowardtheduck

PUT _ingest/pipeline/plex-mediaserver-networkservicebrowser
{
  "processors": [
    {
      "grok": {
        "field": "message",
        "patterns": [
          "(?<event.name>SSDP departed) (?<event.reason>after not being seen for (?<plex.unseen_seconds>\\d+\\.\\d+) seconds)\\: %{IP:client.ip} \\(%{WORD:client.hostname}\\)",
          "(?<event.name>SSDP departed) (?<event.reason>after not being seen for (?<plex.unseen_seconds>\\d+\\.\\d+) seconds)\\: %{IP:client.ip} \\((?<client.hostname>[^\\s][^\\(]+) \\(%{IP}\\)\\)",
          "(?<event.name>SSDP arrived)\\: %{IP:client.ip} \\(%{WORD:client.hostname}\\)",

iamhowardtheduck

PUT _ingest/pipeline/plex
{
  "processors": [
    {
      "set": {
        "field": "event.module",
        "value": "plex",
        "ignore_failure": true
      }
    },

iamhowardtheduck

{"attributes":{"color":"#06fff7","description":"Weather WMS Feeds: Base radar & warning by county","name":"weather"},"coreMigrationVersion":"7.13.2","id":"a3a75b00-d9c9-11eb-a8e7-7b5dbc36345d","references":[],"type":"tag","updated_at":"2021-06-30T17:36:02.237Z","version":"WzIyMDM0LDNd"}
{"attributes":{"description":"","layerListJSON":"[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"85f9ea6f-e4c6-449c-b9a8-c1af318e0afc\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"id\":\"dark_map\",\"isAutoSelect\":false},\"id\":\"d2d55941-1943-4ab9-b19a-c5b80b1dcc89\",\"label\":\"Road map - Dark\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"type\":\"WMS\",\"serviceUrl\":\"https://idpgis.ncep.noaa.gov/arcgis/services/NWS_Forecasts_Guidance_Warnings/watch_warn_adv/MapServer/WMS

iamhowardtheduck

PUT _ingest/pipeline/plex
{
  "processors": [
    {
      "set": {
        "field": "event.module",
        "value": "plex",
        "ignore_failure": true
      }
    },

iamhowardtheduck

PUT _ingest/pipeline/fail2ban-ecs
{
  "processors": [
    {
      "grok": {
        "field": "message",
        "patterns": [
          "%{SYSLOGTIMESTAMP:timestamp} %{WORD:host.name} %{GREEDYDATA:message}"
        ],
        "ignore_missing": true,

iamhowardtheduck

PUT _ingest/pipeline/RDK-searchResults-Raw
{
  "version": 1,
  "processors": [
    {
      "kv": {
        "field": "Report",
        "field_split": ",\\{",
        "value_split": ":",
        "strip_brackets": true,

iamhowardtheduck

PUT _ingest/pipeline/moloch-ecs
{
  "description": "Ingest Moloch indices in ECS format.",
  "processors": [
    {
      "rename": {
        "field": "dstIp",
        "target_field": "destination.ip",
        "description": "DESTINATION IP",
        "ignore_missing": true,