From 20f915f649ba5749d839fdb12628fa060a219420 Mon Sep 17 00:00:00 2001
From: Corey Ogburn <corey.ogburn@securityonionsolutions.com>
Date: Thu, 25 Jul 2024 12:53:04 -0600
Subject: [PATCH] so-detection refresh_interval => 1s

Speeds up the refresh_interval so bulk indexing a single rule does not wait 30s.
---
 salt/elasticsearch/defaults.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml
index 36d673d70..36f44ac07 100644
--- a/salt/elasticsearch/defaults.yaml
+++ b/salt/elasticsearch/defaults.yaml
@@ -296,7 +296,7 @@ elasticsearch:
                   limit: 1500
               number_of_replicas: 0
               number_of_shards: 1
-              refresh_interval: 30s
+              refresh_interval: 1s
               sort:
                 field: '@timestamp'
                 order: desc