Merge pull request #9579 from Security-Onion-Solutions/fix/elasticsearch_templates_so-ids

Remove so-ids since the data stream is now 'logs-suricata-*'
2025-12-06 17:22:49 +01:00 · 2023-01-13 16:17:38 -05:00
parent 3e5127810d ca80548bf0
commit 1723f58c04
1 changed files with 1 additions and 1 deletions
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1075,7 +1075,7 @@ elasticsearch_pillar() {
        "        bool:"\
        "          max_clause_count: 3500"\
 		"  index_settings:"\ > $elasticsearch_pillar_file
-		for INDEX in aws azure barracuda beats bluecoat cef checkpoint cisco cyberark cylance elasticsearch endgame f5 firewall fortinet gcp google_workspace ids imperva infoblox juniper kibana logstash microsoft misp netflow netscout o365 okta osquery proofpoint radware redis snort snyk sonicwall sophos strelka syslog tomcat zeek zscaler
+		for INDEX in aws azure barracuda beats bluecoat cef checkpoint cisco cyberark cylance elasticsearch endgame f5 firewall fortinet gcp google_workspace imperva infoblox juniper kibana logstash microsoft misp netflow netscout o365 okta osquery proofpoint radware redis snort snyk sonicwall sophos strelka syslog tomcat zeek zscaler
 		do
 			printf '%s\n'\
 				"    so-$INDEX:"\