Merge pull request #13933 from Security-Onion-Solutions/ilm-detection

add ilm and update managed index settings
2025-12-08 10:12:53 +01:00 · 2024-11-12 15:22:05 -06:00
parent 59cf049a06 a4d763c1e5
commit 4e0b5569dc
2 changed files with 35 additions and 2 deletions
--- a/salt/elasticsearch/defaults.yaml
+++ b/salt/elasticsearch/defaults.yaml
@@ -111,15 +111,23 @@ elasticsearch:
                match_mapping_type: string
          settings:
            index:
+              lifecycle:
+                name: so-case-logs
              mapping:
                total_fields:
                  limit: 1500
              number_of_replicas: 0
+              auto_expand_replicas: 0-2
              number_of_shards: 1
              refresh_interval: 30s
              sort:
                field: '@timestamp'
                order: desc
+      policy:
+        phases:
+          hot:
+            actions: {}
+            min_age: 0ms
    so-common:
      close: 30
      delete: 365
@@ -258,15 +266,23 @@ elasticsearch:
                match_mapping_type: string
          settings:
            index:
+              lifecycle:
+                name: so-detection-logs
              mapping:
                total_fields:
                  limit: 1500
              number_of_replicas: 0
+              auto_expand_replicas: 0-2
              number_of_shards: 1
              refresh_interval: 30s
              sort:
                field: '@timestamp'
                order: desc
+      policy:
+        phases:
+          hot:
+            actions: {}
+            min_age: 0ms
    so-endgame:
      index_sorting: false
      index_template: