From 4f3b3a787c5cf9348518280193263b69aacf314b Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Thu, 1 Apr 2021 10:18:01 -0400
Subject: [PATCH] change defaults for testing, remove measurements list since
 cq uses wildcard now -
 https://github.com/Security-Onion-Solutions/securityonion/issues/3264

---
 salt/influxdb/defaults.yaml | 28 +++-------------------------
 1 file changed, 3 insertions(+), 25 deletions(-)

diff --git a/salt/influxdb/defaults.yaml b/salt/influxdb/defaults.yaml
index 927cd7b52..ce5624be2 100644
--- a/salt/influxdb/defaults.yaml
+++ b/salt/influxdb/defaults.yaml
@@ -2,34 +2,12 @@ influxdb:
   retention_policies:
     autogen:
       default: True
-      duration: 1h
+      duration: 2d
       shard_duration: 1h
     so_long_term:
       default: False
-      duration: 2d
+      duration: 7d
       shard_duration: 1d
   downsample:
     so_long_term:
-      resolution: 5m
-      measurements:
-        - cpu
-        - disk
-        - diskio
-        - docker_container_cpu
-        - docker_container_mem
-        - docker_container_net
-        - elasticsearch_indices
-        - elasticsearch_jvm
-        - esteps
-        - healthcheck
-        - influxsize
-        - mem
-        - net
-        - pcapage
-        - processes
-        - redisqueue
-        - stenodrop
-        - suridrop
-        - system
-        - zeekcaptureloss
-        - zeekdrop
\ No newline at end of file
+      resolution: 5m
\ No newline at end of file