CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add index lifecycle management policy definitions for default Elastic Agent data streams

Browse Source
This commit is contained in:
weslambert
2023-03-10 16:54:47 -05:00
committed by GitHub
parent 2fe8668f1b
commit 16d9478196
1 changed files with 209 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

209
salt/elasticsearch/defaults.yaml
View File

@@ -84,6 +84,25 @@ elasticsearch:
- "so-fleet_globals-1" - "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1" - "so-fleet_agent_id_verification-1"
priority: 200 priority: 200
policy:
phases:
hot:
min_age: 0ms
actions:
set_priority:
priority: 100
rollover:
max_age: 30d
max_primary_shard_size: 50gb
cold:
min_age: 30d
actions:
set_priority:
priority: 0
delete:
min_age: 365d
actions:
delete: {}
_meta: _meta:
package: package:
name: elastic_agent name: elastic_agent
@@ -119,6 +138,25 @@ elasticsearch:
- "so-fleet_globals-1" - "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1" - "so-fleet_agent_id_verification-1"
priority: 200 priority: 200
policy:
phases:
hot:
min_age: 0ms
actions:
set_priority:
priority: 100
rollover:
max_age: 30d
max_primary_shard_size: 50gb
cold:
min_age: 30d
actions:
set_priority:
priority: 0
delete:
min_age: 365d
actions:
delete: {}
_meta: _meta:
package: package:
name: elastic_agent name: elastic_agent
@@ -154,6 +192,25 @@ elasticsearch:
- "so-fleet_globals-1" - "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1" - "so-fleet_agent_id_verification-1"
priority: 200 priority: 200
policy:
phases:
hot:
min_age: 0ms
actions:
set_priority:
priority: 100
rollover:
max_age: 30d
max_primary_shard_size: 50gb
cold:
min_age: 30d
actions:
set_priority:
priority: 0
delete:
min_age: 365d
actions:
delete: {}
_meta: _meta:
package: package:
name: elastic_agent name: elastic_agent
@@ -189,6 +246,25 @@ elasticsearch:
- "so-fleet_globals-1" - "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1" - "so-fleet_agent_id_verification-1"
priority: 200 priority: 200
policy:
phases:
hot:
min_age: 0ms
actions:
set_priority:
priority: 100
rollover:
max_age: 30d
max_primary_shard_size: 50gb
cold:
min_age: 30d
actions:
set_priority:
priority: 0
delete:
min_age: 365d
actions:
delete: {}
_meta: _meta:
package: package:
name: elastic_agent name: elastic_agent
@@ -224,6 +300,25 @@ elasticsearch:
- "so-fleet_globals-1" - "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1" - "so-fleet_agent_id_verification-1"
priority: 200 priority: 200
policy:
phases:
hot:
min_age: 0ms
actions:
set_priority:
priority: 100
rollover:
max_age: 30d
max_primary_shard_size: 50gb
cold:
min_age: 30d
actions:
set_priority:
priority: 0
delete:
min_age: 365d
actions:
delete: {}
_meta: _meta:
package: package:
name: elastic_agent name: elastic_agent
@@ -259,6 +354,25 @@ elasticsearch:
- "so-fleet_globals-1" - "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1" - "so-fleet_agent_id_verification-1"
priority: 200 priority: 200
policy:
phases:
hot:
min_age: 0ms
actions:
set_priority:
priority: 100
rollover:
max_age: 30d
max_primary_shard_size: 50gb
cold:
min_age: 30d
actions:
set_priority:
priority: 0
delete:
min_age: 365d
actions:
delete: {}
_meta: _meta:
package: package:
name: elastic_agent name: elastic_agent
@@ -294,6 +408,25 @@ elasticsearch:
- "so-fleet_globals-1" - "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1" - "so-fleet_agent_id_verification-1"
priority: 200 priority: 200
policy:
phases:
hot:
min_age: 0ms
actions:
set_priority:
priority: 100
rollover:
max_age: 30d
max_primary_shard_size: 50gb
cold:
min_age: 30d
actions:
set_priority:
priority: 0
delete:
min_age: 365d
actions:
delete: {}
_meta: _meta:
package: package:
name: elastic_agent name: elastic_agent
@@ -329,6 +462,25 @@ elasticsearch:
- "so-fleet_globals-1" - "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1" - "so-fleet_agent_id_verification-1"
priority: 200 priority: 200
policy:
phases:
hot:
min_age: 0ms
actions:
set_priority:
priority: 100
rollover:
max_age: 30d
max_primary_shard_size: 50gb
cold:
min_age: 30d
actions:
set_priority:
priority: 0
delete:
min_age: 365d
actions:
delete: {}
_meta: _meta:
package: package:
name: elastic_agent name: elastic_agent
@@ -364,6 +516,25 @@ elasticsearch:
- "so-fleet_globals-1" - "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1" - "so-fleet_agent_id_verification-1"
priority: 200 priority: 200
policy:
phases:
hot:
min_age: 0ms
actions:
set_priority:
priority: 100
rollover:
max_age: 30d
max_primary_shard_size: 50gb
cold:
min_age: 30d
actions:
set_priority:
priority: 0
delete:
min_age: 365d
actions:
delete: {}
_meta: _meta:
package: package:
name: elastic_agent name: elastic_agent
@@ -399,6 +570,25 @@ elasticsearch:
- "so-fleet_globals-1" - "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1" - "so-fleet_agent_id_verification-1"
priority: 200 priority: 200
policy:
phases:
hot:
min_age: 0ms
actions:
set_priority:
priority: 100
rollover:
max_age: 30d
max_primary_shard_size: 50gb
cold:
min_age: 30d
actions:
set_priority:
priority: 0
delete:
min_age: 365d
actions:
delete: {}
_meta: _meta:
package: package:
name: elastic_agent name: elastic_agent
@@ -434,6 +624,25 @@ elasticsearch:
- "so-fleet_globals-1" - "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1" - "so-fleet_agent_id_verification-1"
priority: 200 priority: 200
policy:
phases:
hot:
min_age: 0ms
actions:
set_priority:
priority: 100
rollover:
max_age: 30d
max_primary_shard_size: 50gb
cold:
min_age: 30d
actions:
set_priority:
priority: 0
delete:
min_age: 365d
actions:
delete: {}
_meta: _meta:
package: package:
name: elastic_agent name: elastic_agent