From c955f9210a16f9ce2105620f9728a53a1d21942d Mon Sep 17 00:00:00 2001
From: weslambert <wlambertts@gmail.com>
Date: Fri, 27 Oct 2023 17:24:27 -0400
Subject: [PATCH 1/2] Remove policy for Cases indices

---
 salt/elasticsearch/defaults.yaml | 26 --------------------------
 1 file changed, 26 deletions(-)

diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml
index 44cb0ea7d..2e19c50b7 100644
--- a/salt/elasticsearch/defaults.yaml
+++ b/salt/elasticsearch/defaults.yaml
@@ -108,8 +108,6 @@ elasticsearch:
                 match_mapping_type: string
           settings:
             index:
-              lifecycle:
-                name: so-case-logs
               mapping:
                 total_fields:
                   limit: 1500
@@ -119,30 +117,6 @@ elasticsearch:
               sort:
                 field: '@timestamp'
                 order: desc
-      policy:
-        phases:
-          cold:
-            actions:
-              set_priority:
-                priority: 0
-            min_age: 30d
-          delete:
-            actions:
-              delete: {}
-            min_age: 365d
-          hot:
-            actions:
-              rollover:
-                max_age: 30d
-                max_primary_shard_size: 50gb
-              set_priority:
-                priority: 100
-            min_age: 0ms
-          warm:
-            actions:
-              set_priority:
-                priority: 50
-            min_age: 30d
     so-common:
       close: 30
       delete: 365

From 76dd6f07abbe45b08823a615e1a277e5368f5bf8 Mon Sep 17 00:00:00 2001
From: weslambert <wlambertts@gmail.com>
Date: Fri, 27 Oct 2023 17:26:33 -0400
Subject: [PATCH 2/2] Remove policy for OSQuery manager indices

---
 salt/elasticsearch/defaults.yaml | 52 --------------------------------
 1 file changed, 52 deletions(-)

diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml
index 2e19c50b7..2781d2144 100644
--- a/salt/elasticsearch/defaults.yaml
+++ b/salt/elasticsearch/defaults.yaml
@@ -6323,33 +6323,7 @@ elasticsearch:
         template:
           settings:
             index:
-              lifecycle:
-                name: so-logs-osquery-manager-action.responses-logs
               number_of_replicas: 0
-      policy:
-        phases:
-          cold:
-            actions:
-              set_priority:
-                priority: 0
-            min_age: 30d
-          delete:
-            actions:
-              delete: {}
-            min_age: 365d
-          hot:
-            actions:
-              rollover:
-                max_age: 30d
-                max_primary_shard_size: 50gb
-              set_priority:
-                priority: 100
-            min_age: 0ms
-          warm:
-            actions:
-              set_priority:
-                priority: 50
-            min_age: 30d
     so-logs-osquery-manager-actions:
       index_sorting: false
       index_template:
@@ -6366,33 +6340,7 @@ elasticsearch:
         template:
           settings:
             index:
-              lifecycle:
-                name: so-logs-osquery-manager-actions-logs
               number_of_replicas: 0
-      policy:
-        phases:
-          cold:
-            actions:
-              set_priority:
-                priority: 0
-            min_age: 30d
-          delete:
-            actions:
-              delete: {}
-            min_age: 365d
-          hot:
-            actions:
-              rollover:
-                max_age: 30d
-                max_primary_shard_size: 50gb
-              set_priority:
-                priority: 100
-            min_age: 0ms
-          warm:
-            actions:
-              set_priority:
-                priority: 50
-            min_age: 30d
     so-logs-panw_x_panos:
       index_sorting: false
       index_template: