From 84360aa9bf4df95ad79e9dd73a04a05d2ae58944 Mon Sep 17 00:00:00 2001
From: Wes <wlambertts@gmail.com>
Date: Wed, 22 Mar 2023 21:47:49 +0000
Subject: [PATCH] Set replicas for Osquery manager indices to 0

---
 salt/elasticsearch/defaults.yaml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml
index 8acaa6749..2db3174b9 100644
--- a/salt/elasticsearch/defaults.yaml
+++ b/salt/elasticsearch/defaults.yaml
@@ -110,6 +110,21 @@ elasticsearch:
             name: elastic_agent
           managed_by: security_onion
           managed: true  
+    logs-osquery-manager:
+      index_sorting: False
+      index_template:
+        index_patterns:
+          - ".logs-osquery*"
+        template:
+          settings:
+            index:
+              number_of_replicas: 0
+        priority: 501
+        _meta:
+          package:
+            name: elastic_agent
+          managed_by: security_onion
+          managed: true
     logs-elastic_agent.apm_server:
       index_sorting: False
       index_template: