elasticsearch: enabled: true cluster: env: MINIMUM_MASTER_NODES: "1" master: replicas: 2 client: replicas: 1 data: replicas: 2 kibana: enabled: false logstash: enabled: false filebeat: enabled: true config: output.file.enabled: false output.elasticsearch: enabled: true hosts: ["http://elastic-stack-elasticsearch-client:9200"] filebeat.inputs: - type: log enabled: true paths: - /var/log/*.log - /var/log/messages - /var/log/syslog - type: docker containers.ids: - "*" json.keys_under_root: true json.ignore_decoding_error: true processors: - add_kubernetes_metadata: - drop_event: when: equals: kubernetes.container.name: "filebeat" - decode_json_fields: fields: ["message"] when: equals: kubernetes.container.name: "modsecurity-log" fluentd: enabled: false fluent-bit: enabled: false nginx-ldapauth-proxy: enabled: false elasticsearch-curator: enabled: true configMaps: config_yml: |- --- client: hosts: - elastic-stack-elasticsearch-client port: 9200 action_file_yml: |- --- actions: 1: action: delete_indices description: >- Delete indices older than 30 days (based on index name), for filebeat- prefixed indices. Ignore the error if the filter does not result in an actionable list of indices (ignore_empty_list) and exit cleanly. options: ignore_empty_list: True filters: - filtertype: pattern kind: prefix value: filebeat- - filtertype: age source: name direction: older timestring: '%Y.%m.%d' unit: days unit_count: 30 2: action: delete_indices description: >- Indices created by filebeat 6.7.0 are incompatible with filebeat 7, so they will be deleted. options: ignore_empty_list: True filters: - filtertype: pattern kind: prefix value: filebeat-6.7.0- elasticsearch-exporter: enabled: false