Merge pull request #3536 from Security-Onion-Solutions/kilo

Refresh fieldcaps every 5 minutes

salt/soc/files/soc/soc.json

@@ -10,6 +10,7 @@
 {%- set WEBSOCKET_TIMEOUT = salt['pillar.get']('sensoroni:websocket_timeout_ms', 0) %}
 {%- set TIP_TIMEOUT = salt['pillar.get']('sensoroni:tip_timeout_ms', 0) %}
 {%- set CACHE_EXPIRATION = salt['pillar.get']('sensoroni:cache_expiration_ms', 0) %}
+{%- set ES_FIELDCAPS_CACHE = salt['pillar.get']('sensoroni:es_fieldcaps_cache_ms', '300000') %}
 {%- import_json "soc/files/soc/alerts.queries.json" as alerts_queries %}
 {%- import_json "soc/files/soc/alerts.actions.json" as alerts_actions %}
 {%- import_json "soc/files/soc/alerts.eventfields.json" as alerts_eventfields %}
@@ -49,6 +50,7 @@
         {%- endif %}
         "username": "",
         "password": "",
+        "cacheMs": {{ ES_FIELDCAPS_CACHE }},
         "verifyCert": false
       },
       "sostatus": {