From 588a1b86d19aecc15e94b1cd5163f6a1f198dcb8 Mon Sep 17 00:00:00 2001
From: reyesj2 <94730068+reyesj2@users.noreply.github.com>
Date: Thu, 11 Sep 2025 15:46:45 -0500
Subject: [PATCH] suricata metadata index rollover 1d -> 30d

---
 salt/elasticsearch/defaults.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml
index db4fc0515..9ad9ccd0c 100644
--- a/salt/elasticsearch/defaults.yaml
+++ b/salt/elasticsearch/defaults.yaml
@@ -4175,7 +4175,7 @@ elasticsearch:
           hot:
             actions:
               rollover:
-                max_age: 1d
+                max_age: 30d
                 max_primary_shard_size: 50gb
               set_priority:
                 priority: 100