Merge pull request #12848 from Security-Onion-Solutions/fix/elastic_annotation

Fix description, regex, and type for cold, warm, and hot
2025-12-06 17:22:49 +01:00 · 2024-04-24 09:22:05 -04:00
parent bef408b944 75b5e16696
commit 96ec285241
1 changed files with 14 additions and 2 deletions
--- a/salt/elasticsearch/soc_elasticsearch.yaml
+++ b/salt/elasticsearch/soc_elasticsearch.yaml
@@ -100,6 +100,8 @@ elasticsearch:
          hot:
            max_age:
              description: Maximum age of index. ex. 7d - This determines when the index should be moved out of the hot tier.
+              regex: ^\[0-9\]{1,5}d$
+              forcedType: string
              global: True
              helpLink: elasticsearch.html
            actions:
@@ -121,6 +123,8 @@ elasticsearch:
          cold:
            min_age:
              description: Minimum age of index. ex. 30d - This determines when the index should be moved to the cold tier.  While still searchable, this tier is typically optimized for lower storage costs rather than search speed.
+              regex: ^\[0-9\]{1,5}d$
+              forcedType: string
              global: True
              helpLink: elasticsearch.html
            actions:
@@ -145,6 +149,8 @@ elasticsearch:
          delete:
            min_age:
              description: Minimum age of index. ex. 90d - This determines when the index should be deleted.
+              regex: ^\[0-9\]{1,5}d$
+              forcedType: string
              global: True
              helpLink: elasticsearch.html
    so-logs: &indexSettings
@@ -271,7 +277,9 @@ elasticsearch:
                  helpLink: elasticsearch.html
          warm:
            min_age:
-              description: Minimum age of index. This determines when the index should be moved to the hot tier.
+              description: Minimum age of index. ex. 30d - This determines when the index should be moved to the warm tier. Nodes in the warm tier generally don’t need to be as fast as those in the hot tier.
+              regex: ^\[0-9\]{1,5}d$
+              forcedType: string
              global: True
              advanced: True
              helpLink: elasticsearch.html
@@ -296,7 +304,9 @@ elasticsearch:
                  helpLink: elasticsearch.html
          cold:
            min_age:
-              description: Minimum age of index.  This determines when the index should be moved to the cold tier.  While still searchable, this tier is typically optimized for lower storage costs rather than search speed.
+              description: Minimum age of index. ex. 30d - This determines when the index should be moved to the cold tier.  While still searchable, this tier is typically optimized for lower storage costs rather than search speed.
+              regex: ^\[0-9\]{1,5}d$
+              forcedType: string
              global: True
              advanced: True
              helpLink: elasticsearch.html
@@ -311,6 +321,8 @@ elasticsearch:
          delete:
            min_age:
              description: Minimum age of index. This determines when the index should be deleted.
+              regex: ^\[0-9\]{1,5}d$
+              forcedType: string
              global: True
              advanced: True
              helpLink: elasticsearch.html