CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #14354 from Security-Onion-Solutions/dougburks-patch-1

Browse Source 
Update soc_elasticsearch.yaml to include note about ILM rollover
This commit is contained in:
Doug Burks
2025-03-06 12:11:58 -05:00
committed by GitHub
parent bcea02b059 cce94d96d1
commit 630140b979
1 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
salt/elasticsearch/soc_elasticsearch.yaml
View File

@@ -133,7 +133,7 @@ elasticsearch:
helpLink: elasticsearch.html helpLink: elasticsearch.html
cold: cold:
min_age: min_age:
description: Minimum age of index. ex. 60d - This determines when the index should be moved to the cold tier. While still searchable, this tier is typically optimized for lower storage costs rather than search speed. description: Minimum age of index. ex. 60d - This determines when the index should be moved to the cold tier. While still searchable, this tier is typically optimized for lower storage costs rather than search speed. Its important to note that this is calculated relative to the rollover date (NOT the original creation date of the index). For example, if you have an index that is set to rollover after 30 days and cold min_age set to 60 then there will be 30 days from index creation to rollover and then an additional 60 days before moving to cold tier.
regex: ^[0-9]{1,5}d$ regex: ^[0-9]{1,5}d$
forcedType: string forcedType: string
global: True global: True
@@ -146,10 +146,11 @@ elasticsearch:
helpLink: elasticsearch.html helpLink: elasticsearch.html
warm: warm:
min_age: min_age:
description: Minimum age of index. ex. 30d - This determines when the index should be moved to the warm tier. Nodes in the warm tier generally dont need to be as fast as those in the hot tier. description: Minimum age of index. ex. 30d - This determines when the index should be moved to the warm tier. Nodes in the warm tier generally dont need to be as fast as those in the hot tier. Its important to note that this is calculated relative to the rollover date (NOT the original creation date of the index). For example, if you have an index that is set to rollover after 30 days and warm min_age set to 30 then there will be 30 days from index creation to rollover and then an additional 30 days before moving to warm tier.
regex: ^[0-9]{1,5}d$ regex: ^[0-9]{1,5}d$
forcedType: string forcedType: string
global: True global: True
helpLink: elasticsearch.html
actions: actions:
set_priority: set_priority:
priority: priority:
@@ -159,7 +160,7 @@ elasticsearch:
helpLink: elasticsearch.html helpLink: elasticsearch.html
delete: delete:
min_age: min_age:
description: Minimum age of index. ex. 90d - This determines when the index should be deleted. description: Minimum age of index. ex. 90d - This determines when the index should be deleted. Its important to note that this is calculated relative to the rollover date (NOT the original creation date of the index). For example, if you have an index that is set to rollover after 30 days and delete min_age set to 90 then there will be 30 days from index creation to rollover and then an additional 90 days before deletion.
regex: ^[0-9]{1,5}d$ regex: ^[0-9]{1,5}d$
forcedType: string forcedType: string
global: True global: True
@@ -288,7 +289,7 @@ elasticsearch:
helpLink: elasticsearch.html helpLink: elasticsearch.html
warm: warm:
min_age: min_age:
description: Minimum age of index. ex. 30d - This determines when the index should be moved to the warm tier. Nodes in the warm tier generally dont need to be as fast as those in the hot tier. description: Minimum age of index. ex. 30d - This determines when the index should be moved to the warm tier. Nodes in the warm tier generally dont need to be as fast as those in the hot tier. Its important to note that this is calculated relative to the rollover date (NOT the original creation date of the index). For example, if you have an index that is set to rollover after 30 days and warm min_age set to 30 then there will be 30 days from index creation to rollover and then an additional 30 days before moving to warm tier.
regex: ^[0-9]{1,5}d$ regex: ^[0-9]{1,5}d$
forcedType: string forcedType: string
global: True global: True
@@ -315,7 +316,7 @@ elasticsearch:
helpLink: elasticsearch.html helpLink: elasticsearch.html
cold: cold:
min_age: min_age:
description: Minimum age of index. ex. 60d - This determines when the index should be moved to the cold tier. While still searchable, this tier is typically optimized for lower storage costs rather than search speed. description: Minimum age of index. ex. 60d - This determines when the index should be moved to the cold tier. While still searchable, this tier is typically optimized for lower storage costs rather than search speed. Its important to note that this is calculated relative to the rollover date (NOT the original creation date of the index). For example, if you have an index that is set to rollover after 30 days and cold min_age set to 60 then there will be 30 days from index creation to rollover and then an additional 60 days before moving to cold tier.
regex: ^[0-9]{1,5}d$ regex: ^[0-9]{1,5}d$
forcedType: string forcedType: string
global: True global: True
@@ -331,7 +332,7 @@ elasticsearch:
helpLink: elasticsearch.html helpLink: elasticsearch.html
delete: delete:
min_age: min_age:
description: Minimum age of index. This determines when the index should be deleted. description: Minimum age of index. ex. 90d - This determines when the index should be deleted. Its important to note that this is calculated relative to the rollover date (NOT the original creation date of the index). For example, if you have an index that is set to rollover after 30 days and delete min_age set to 90 then there will be 30 days from index creation to rollover and then an additional 90 days before deletion.
regex: ^[0-9]{1,5}d$ regex: ^[0-9]{1,5}d$
forcedType: string forcedType: string
global: True global: True