Move to non-destructive

salt/manager/tools/sbin_jinja/so-elastic-fleet-reset

@@ -14,7 +14,6 @@ require_manager
 # Inform user we are about to remove Elastic Fleet data
 echo
 echo "This script will remove the current Elastic Fleet install and all of its data and then rerun Elastic Fleet setup."
-echo "This includes data previously ingested with Fleet such as Zeek and Suricata logs."
 echo "Deployed Elastic Agents will no longer be enrolled and will need to be reinstalled."
 echo "This script should only be used as a last resort to reinstall Elastic Fleet." 
 echo
@@ -33,8 +32,8 @@ so-elastic-fleet-stop --force
 
 status "Deleting Fleet Data from Pillars..."
 so-yaml.py remove /opt/so/saltstack/local/pillar/minions/{{ GLOBALS.minion_id }}.sls elasticfleet
-sed -i "/fleet_grid_enrollment_token_general.*/d" /opt/so/saltstack/local/pillar/global/soc_global.sls
+so-yaml.py remove /opt/so/saltstack/local/pillar/global/soc_global.sls global.fleet_grid_enrollment_token_general
-sed -i "/fleet_grid_enrollment_token_heavy.*/d" /opt/so/saltstack/local/pillar/global/soc_global.sls
+so-yaml.py remove /opt/so/saltstack/local/pillar/global/soc_global.sls global.fleet_grid_enrollment_token_heavy
 
 status "Deleting Elastic Fleet data..."
 
@@ -62,15 +61,6 @@ do
     done
 done
 
-status "Deleting Fleet-related Data Streams..."
-DATASTREAMS="logs-suricata-so","logs-kratos-so","logs-soc-so","logs-zeek-so"
-JSON_STRING=$( jq -n \
-                --arg DATASTREAMLIST "$DATASTREAMS" \
-                '{"dataStreams":[$DATASTREAMLIST]}'
-                )
-curl -K /opt/so/conf/elasticsearch/curl.config -L -X POST "localhost:5601/api/index_management/delete_data_streams" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d "$JSON_STRING"
-
-
 status "Restarting Kibana..."
 so-kibana-restart --force