Merge pull request #11648 from Security-Onion-Solutions/fix/ilm_remove_policy

Remove ILM policies for Cases and OSQuery manager indices
2025-12-06 17:22:49 +01:00 · 2023-10-27 17:28:59 -04:00
parent d35483aa02 76dd6f07ab
commit 9a1e95cd09
1 changed files with 0 additions and 78 deletions
--- a/salt/elasticsearch/defaults.yaml
+++ b/salt/elasticsearch/defaults.yaml
@@ -108,8 +108,6 @@ elasticsearch:
                match_mapping_type: string
          settings:
            index:
-              lifecycle:
-                name: so-case-logs
              mapping:
                total_fields:
                  limit: 1500
@@ -119,30 +117,6 @@ elasticsearch:
              sort:
                field: '@timestamp'
                order: desc
-      policy:
-        phases:
-          cold:
-            actions:
-              set_priority:
-                priority: 0
-            min_age: 30d
-          delete:
-            actions:
-              delete: {}
-            min_age: 365d
-          hot:
-            actions:
-              rollover:
-                max_age: 30d
-                max_primary_shard_size: 50gb
-              set_priority:
-                priority: 100
-            min_age: 0ms
-          warm:
-            actions:
-              set_priority:
-                priority: 50
-            min_age: 30d
    so-common:
      close: 30
      delete: 365
@@ -6349,33 +6323,7 @@ elasticsearch:
        template:
          settings:
            index:
-              lifecycle:
-                name: so-logs-osquery-manager-action.responses-logs
              number_of_replicas: 0
-      policy:
-        phases:
-          cold:
-            actions:
-              set_priority:
-                priority: 0
-            min_age: 30d
-          delete:
-            actions:
-              delete: {}
-            min_age: 365d
-          hot:
-            actions:
-              rollover:
-                max_age: 30d
-                max_primary_shard_size: 50gb
-              set_priority:
-                priority: 100
-            min_age: 0ms
-          warm:
-            actions:
-              set_priority:
-                priority: 50
-            min_age: 30d
    so-logs-osquery-manager-actions:
      index_sorting: false
      index_template:
@@ -6392,33 +6340,7 @@ elasticsearch:
        template:
          settings:
            index:
-              lifecycle:
-                name: so-logs-osquery-manager-actions-logs
              number_of_replicas: 0
-      policy:
-        phases:
-          cold:
-            actions:
-              set_priority:
-                priority: 0
-            min_age: 30d
-          delete:
-            actions:
-              delete: {}
-            min_age: 365d
-          hot:
-            actions:
-              rollover:
-                max_age: 30d
-                max_primary_shard_size: 50gb
-              set_priority:
-                priority: 100
-            min_age: 0ms
-          warm:
-            actions:
-              set_priority:
-                priority: 50
-            min_age: 30d
    so-logs-panw_x_panos:
      index_sorting: false
      index_template: