From a5b1648b68e94828201fb5789f5e4aec01cbb9a5 Mon Sep 17 00:00:00 2001
From: reyesj2 <94730068+reyesj2@users.noreply.github.com>
Date: Mon, 13 Jan 2025 09:26:16 -0600
Subject: [PATCH] add missing lifecycle name to crowdstrike indices

---
 salt/elasticsearch/defaults.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml
index 45ac8d1ea..5ba50f66a 100644
--- a/salt/elasticsearch/defaults.yaml
+++ b/salt/elasticsearch/defaults.yaml
@@ -4507,6 +4507,8 @@ elasticsearch:
         template:
           settings:
             index:
+              lifecycle:
+                name: so-logs-crowdstrike.alert-logs
               number_of_replicas: 0
         composed_of:
         - logs-crowdstrike.alert@package
@@ -4551,6 +4553,8 @@ elasticsearch:
         template:
           settings:
             index:
+              lifecycle:
+                name: so-logs-crowdstrike.falcon-logs
               number_of_replicas: 0
         composed_of:
         - logs-crowdstrike.falcon@package
@@ -4595,6 +4599,8 @@ elasticsearch:
         template:
           settings:
             index:
+              lifecycle:
+                name: so-logs-crowdstrike.fdr-logs
               number_of_replicas: 0
         composed_of:
         - logs-crowdstrike.fdr@package
@@ -4639,6 +4645,8 @@ elasticsearch:
         template:
           settings:
             index:
+              lifecycle:
+                name: so-logs-crowdstrike.host-logs
               number_of_replicas: 0
         composed_of:
         - logs-crowdstrike.host@package