use global vars in states

2025-12-22 00:43:09 +01:00 · 2022-10-11 11:57:15 -04:00
parent 46bdd1acad
commit b526532ab6
219 changed files with 412 additions and 472 deletions
--- a/salt/curator/files/action/delete.yml
+++ b/salt/curator/files/action/delete.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set log_size_limit = salt['pillar.get']('elasticsearch:log_size_limit', '') -%}
+{%- set log_size_limit = salt['pillar.get']('elasticsearch:log_size_limit') -%}
 actions:
  1:
    action: delete_indices
--- a/salt/curator/files/action/so-aws-close.yml
+++ b/salt/curator/files/action/so-aws-close.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-aws:close', 30) -%}
+{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-aws:close') -%}
 actions:
  1:
    action: close
--- a/salt/curator/files/action/so-aws-delete.yml
+++ b/salt/curator/files/action/so-aws-delete.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-aws:delete', 365) -%}
+{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-aws:delete') -%}
 actions:
  1:
    action: delete_indices
--- a/salt/curator/files/action/so-aws-warm.yml
+++ b/salt/curator/files/action/so-aws-warm.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-aws:warm', 7) -%}
+{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-aws:warm') -%}
 actions:
  1:
    action: allocation
--- a/salt/curator/files/action/so-azure-close.yml
+++ b/salt/curator/files/action/so-azure-close.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-azure:close', 30) -%}
+{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-azure:close') -%}
 actions:
  1:
    action: close
--- a/salt/curator/files/action/so-azure-delete.yml
+++ b/salt/curator/files/action/so-azure-delete.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-azure:delete', 365) -%}
+{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-azure:delete') -%}
 actions:
  1:
    action: delete_indices
--- a/salt/curator/files/action/so-azure-warm.yml
+++ b/salt/curator/files/action/so-azure-warm.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-azure:warm', 7) -%}
+{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-azure:warm') -%}
 actions:
  1:
    action: allocation
--- a/salt/curator/files/action/so-barracuda-close.yml
+++ b/salt/curator/files/action/so-barracuda-close.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-barracuda:close', 30) -%}
+{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-barracuda:close') -%}
 actions:
  1:
    action: close
--- a/salt/curator/files/action/so-barracuda-delete.yml
+++ b/salt/curator/files/action/so-barracuda-delete.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-barracuda:delete', 365) -%}
+{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-barracuda:delete') -%}
 actions:
  1:
    action: delete_indices
--- a/salt/curator/files/action/so-barracuda-warm.yml
+++ b/salt/curator/files/action/so-barracuda-warm.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-barracuda:warm', 7) -%}
+{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-barracuda:warm') -%}
 actions:
  1:
    action: allocation
--- a/salt/curator/files/action/so-beats-close.yml
+++ b/salt/curator/files/action/so-beats-close.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-beats:close', 30) -%}
+{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-beats:close') -%}
 actions:
  1:
    action: close
--- a/salt/curator/files/action/so-beats-delete.yml
+++ b/salt/curator/files/action/so-beats-delete.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-beats:delete', 365) -%}
+{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-beats:delete') -%}
 actions:
  1:
    action: delete_indices
--- a/salt/curator/files/action/so-beats-warm.yml
+++ b/salt/curator/files/action/so-beats-warm.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-beats:warm', 7) -%}
+{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-beats:warm') -%}
 actions:
  1:
    action: allocation
--- a/salt/curator/files/action/so-bluecoat-close.yml
+++ b/salt/curator/files/action/so-bluecoat-close.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-bluecoat:close', 30) -%}
+{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-bluecoat:close') -%}
 actions:
  1:
    action: close
--- a/salt/curator/files/action/so-bluecoat-delete.yml
+++ b/salt/curator/files/action/so-bluecoat-delete.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-bluecoat:delete', 365) -%}
+{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-bluecoat:delete') -%}
 actions:
  1:
    action: delete_indices
--- a/salt/curator/files/action/so-bluecoat-warm.yml
+++ b/salt/curator/files/action/so-bluecoat-warm.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-bluecoat:warm', 7) -%}
+{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-bluecoat:warm') -%}
 actions:
  1:
    action: allocation
--- a/salt/curator/files/action/so-cef-close.yml
+++ b/salt/curator/files/action/so-cef-close.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-cef:close', 30) -%}
+{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-cef:close') -%}
 actions:
  1:
    action: close
--- a/salt/curator/files/action/so-cef-delete.yml
+++ b/salt/curator/files/action/so-cef-delete.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cef:delete', 365) -%}
+{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cef:delete') -%}
 actions:
  1:
    action: delete_indices
--- a/salt/curator/files/action/so-cef-warm.yml
+++ b/salt/curator/files/action/so-cef-warm.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cef:warm', 7) -%}
+{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cef:warm') -%}
 actions:
  1:
    action: allocation
--- a/salt/curator/files/action/so-checkpoint-close.yml
+++ b/salt/curator/files/action/so-checkpoint-close.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-checkpoint:close', 30) -%}
+{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-checkpoint:close') -%}
 actions:
  1:
    action: close
--- a/salt/curator/files/action/so-checkpoint-delete.yml
+++ b/salt/curator/files/action/so-checkpoint-delete.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-checkpoint:delete', 365) -%}
+{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-checkpoint:delete') -%}
 actions:
  1:
    action: delete_indices
--- a/salt/curator/files/action/so-checkpoint-warm.yml
+++ b/salt/curator/files/action/so-checkpoint-warm.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-checkpoint:warm', 7) -%}
+{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-checkpoint:warm') -%}
 actions:
  1:
    action: allocation
--- a/salt/curator/files/action/so-cisco-close.yml
+++ b/salt/curator/files/action/so-cisco-close.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-cisco:close', 30) -%}
+{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-cisco:close') -%}
 actions:
  1:
    action: close
--- a/salt/curator/files/action/so-cisco-delete.yml
+++ b/salt/curator/files/action/so-cisco-delete.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cisco:delete', 365) -%}
+{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cisco:delete') -%}
 actions:
  1:
    action: delete_indices
--- a/salt/curator/files/action/so-cisco-warm.yml
+++ b/salt/curator/files/action/so-cisco-warm.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cisco:warm', 7) -%}
+{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cisco:warm') -%}
 actions:
  1:
    action: allocation
--- a/salt/curator/files/action/so-cyberark-close.yml
+++ b/salt/curator/files/action/so-cyberark-close.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-cyberark:close', 30) -%}
+{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-cyberark:close') -%}
 actions:
  1:
    action: close
--- a/salt/curator/files/action/so-cyberark-delete.yml
+++ b/salt/curator/files/action/so-cyberark-delete.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cyberark:delete', 365) -%}
+{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cyberark:delete') -%}
 actions:
  1:
    action: delete_indices
--- a/salt/curator/files/action/so-cyberark-warm.yml
+++ b/salt/curator/files/action/so-cyberark-warm.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cyberark:warm', 7) -%}
+{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cyberark:warm') -%}
 actions:
  1:
    action: allocation
--- a/salt/curator/files/action/so-cylance-close.yml
+++ b/salt/curator/files/action/so-cylance-close.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-cylance:close', 30) -%}
+{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-cylance:close') -%}
 actions:
  1:
    action: close
--- a/salt/curator/files/action/so-cylance-delete.yml
+++ b/salt/curator/files/action/so-cylance-delete.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cylance:delete', 365) -%}
+{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cylance:delete') -%}
 actions:
  1:
    action: delete_indices
--- a/salt/curator/files/action/so-cylance-warm.yml
+++ b/salt/curator/files/action/so-cylance-warm.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cylance:warm', 7) -%}
+{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cylance:warm') -%}
 actions:
  1:
    action: allocation
--- a/salt/curator/files/action/so-elasticsearch-close.yml
+++ b/salt/curator/files/action/so-elasticsearch-close.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-elasticsearch:close', 30) -%}
+{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-elasticsearch:close') -%}
 actions:
  1:
    action: close
--- a/salt/curator/files/action/so-elasticsearch-delete.yml
+++ b/salt/curator/files/action/so-elasticsearch-delete.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-elasticsearch:delete', 365) -%}
+{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-elasticsearch:delete') -%}
 actions:
  1:
    action: delete_indices
--- a/salt/curator/files/action/so-elasticsearch-warm.yml
+++ b/salt/curator/files/action/so-elasticsearch-warm.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-elasticsearch:warm', 7) -%}
+{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-elasticsearch:warm') -%}
 actions:
  1:
    action: allocation
--- a/salt/curator/files/action/so-endgame-close.yml
+++ b/salt/curator/files/action/so-endgame-close.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-endgame:close', 30) -%}
+{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-endgame:close') -%}
 actions:
  1:
    action: close
--- a/salt/curator/files/action/so-endgame-delete.yml
+++ b/salt/curator/files/action/so-endgame-delete.yml
@@ -4,7 +4,7 @@
 # Elastic License 2.0.


-{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-endgame:delete', 365) -%}
+{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-endgame:delete') -%}
 actions:
  1:
    action: delete_indices
--- a/salt/curator/files/action/so-endgame-warm.yml
+++ b/salt/curator/files/action/so-endgame-warm.yml
@@ -4,7 +4,7 @@
 # Elastic License 2.0.


-{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-endgame:warm', 7) -%}
+{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-endgame:warm') -%}
 actions:
  1:
    action: allocation
--- a/salt/curator/files/action/so-f5-close.yml
+++ b/salt/curator/files/action/so-f5-close.yml
@@ -4,7 +4,7 @@
 # Elastic License 2.0.


-{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-f5:close', 30) -%}
+{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-f5:close') -%}
 actions:
  1:
    action: close
--- a/salt/curator/files/action/so-f5-delete.yml
+++ b/salt/curator/files/action/so-f5-delete.yml
@@ -4,7 +4,7 @@
 # Elastic License 2.0.


-{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-f5:delete', 365) -%}
+{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-f5:delete') -%}
 actions:
  1:
    action: delete_indices
--- a/salt/curator/files/action/so-f5-warm.yml
+++ b/salt/curator/files/action/so-f5-warm.yml
@@ -4,7 +4,7 @@
 # Elastic License 2.0.


-{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-f5:warm', 7) -%}
+{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-f5:warm') -%}
 actions:
  1:
    action: allocation
--- a/salt/curator/files/action/so-firewall-close.yml
+++ b/salt/curator/files/action/so-firewall-close.yml
@@ -4,7 +4,7 @@
 # Elastic License 2.0.


-{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-firewall:close', 30) -%}
+{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-firewall:close') -%}
 actions:
  1:
    action: close
--- a/salt/curator/files/action/so-firewall-delete.yml
+++ b/salt/curator/files/action/so-firewall-delete.yml
@@ -4,7 +4,7 @@
 # Elastic License 2.0.


-{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-firewall:delete', 365) -%}
+{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-firewall:delete') -%}
 actions:
  1:
    action: delete_indices
--- a/salt/curator/files/action/so-firewall-warm.yml
+++ b/salt/curator/files/action/so-firewall-warm.yml
@@ -4,7 +4,7 @@
 # Elastic License 2.0.


-{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-firewall:warm', 7) -%}
+{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-firewall:warm') -%}
 actions:
  1:
    action: allocation
--- a/salt/curator/files/action/so-fortinet-close.yml
+++ b/salt/curator/files/action/so-fortinet-close.yml
@@ -4,7 +4,7 @@
 # Elastic License 2.0.


-{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-fortinet:close', 30) -%}
+{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-fortinet:close') -%}
 actions:
  1:
    action: close
--- a/salt/curator/files/action/so-fortinet-delete.yml
+++ b/salt/curator/files/action/so-fortinet-delete.yml
@@ -4,7 +4,7 @@
 # Elastic License 2.0.


-{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-fortinet:delete', 365) -%}
+{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-fortinet:delete') -%}
 actions:
  1:
    action: delete_indices
--- a/salt/curator/files/action/so-fortinet-warm.yml
+++ b/salt/curator/files/action/so-fortinet-warm.yml
@@ -4,7 +4,7 @@
 # Elastic License 2.0.


-{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-fortinet:warm', 7) -%}
+{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-fortinet:warm') -%}
 actions:
  1:
    action: allocation
--- a/salt/curator/files/action/so-gcp-close.yml
+++ b/salt/curator/files/action/so-gcp-close.yml
@@ -4,7 +4,7 @@
 # Elastic License 2.0.


-{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-gcp:close', 30) -%}
+{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-gcp:close') -%}
 actions:
  1:
    action: close
--- a/salt/curator/files/action/so-gcp-delete.yml
+++ b/salt/curator/files/action/so-gcp-delete.yml
@@ -4,7 +4,7 @@
 # Elastic License 2.0.


-{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-gcp:delete', 365) -%}
+{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-gcp:delete') -%}
 actions:
  1:
    action: delete_indices
--- a/salt/curator/files/action/so-gcp-warm.yml
+++ b/salt/curator/files/action/so-gcp-warm.yml
@@ -4,7 +4,7 @@
 # Elastic License 2.0.


-{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-gcp:warm', 7) -%}
+{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-gcp:warm') -%}
 actions:
  1:
    action: allocation
--- a/salt/curator/files/action/so-google_workspace-close.yml
+++ b/salt/curator/files/action/so-google_workspace-close.yml
@@ -4,7 +4,7 @@
 # Elastic License 2.0.


-{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-google_workspace:close', 30) -%}
+{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-google_workspace:close') -%}
 actions:
  1:
    action: close
--- a/salt/curator/files/action/so-google_workspace-delete.yml
+++ b/salt/curator/files/action/so-google_workspace-delete.yml
@@ -4,7 +4,7 @@
 # Elastic License 2.0.


-{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-google_workspace:delete', 365) -%}
+{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-google_workspace:delete') -%}
 actions:
  1:
    action: delete_indices
--- a/salt/curator/files/action/so-google_workspace-warm.yml
+++ b/salt/curator/files/action/so-google_workspace-warm.yml
@@ -4,7 +4,7 @@
 # Elastic License 2.0.


-{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-google_workspace:warm', 7) -%}
+{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-google_workspace:warm') -%}
 actions:
  1:
    action: allocation
--- a/salt/curator/files/action/so-ids-close.yml
+++ b/salt/curator/files/action/so-ids-close.yml
@@ -4,7 +4,7 @@
 # Elastic License 2.0.


-{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-ids:close', 30) -%}
+{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-ids:close') -%}
 actions:
  1:
    action: close
--- a/salt/curator/files/action/so-ids-delete.yml
+++ b/salt/curator/files/action/so-ids-delete.yml
@@ -4,7 +4,7 @@
 # Elastic License 2.0.


-{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-ids:delete', 365) -%}
+{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-ids:delete') -%}
 actions:
  1:
    action: delete_indices
--- a/salt/curator/files/action/so-ids-warm.yml
+++ b/salt/curator/files/action/so-ids-warm.yml
@@ -4,7 +4,7 @@
 # Elastic License 2.0.


-{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-ids:warm', 7) -%}
+{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-ids:warm') -%}
 actions:
  1:
    action: allocation
--- a/salt/curator/files/action/so-imperva-close.yml
+++ b/salt/curator/files/action/so-imperva-close.yml
@@ -4,7 +4,7 @@
 # Elastic License 2.0.


-{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-imperva:close', 30) -%}
+{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-imperva:close') -%}
 actions:
  1:
    action: close
--- a/salt/curator/files/action/so-imperva-delete.yml
+++ b/salt/curator/files/action/so-imperva-delete.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-imperva:delete', 365) -%}
+{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-imperva:delete') -%}
 actions:
  1:
    action: delete_indices
--- a/salt/curator/files/action/so-imperva-warm.yml
+++ b/salt/curator/files/action/so-imperva-warm.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-imperva:warm', 7) -%}
+{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-imperva:warm') -%}
 actions:
  1:
    action: allocation
--- a/salt/curator/files/action/so-import-close.yml
+++ b/salt/curator/files/action/so-import-close.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-import:close', 30) -%}
+{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-import:close') -%}
 actions:
  1:
    action: close
--- a/salt/curator/files/action/so-import-delete.yml
+++ b/salt/curator/files/action/so-import-delete.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-import:delete', 365) -%}
+{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-import:delete') -%}
 actions:
  1:
    action: delete_indices
--- a/salt/curator/files/action/so-import-warm.yml
+++ b/salt/curator/files/action/so-import-warm.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-import:warm', 7) -%}
+{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-import:warm') -%}
 actions:
  1:
    action: allocation
--- a/salt/curator/files/action/so-infoblox-close.yml
+++ b/salt/curator/files/action/so-infoblox-close.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-infoblox:close', 30) -%}
+{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-infoblox:close') -%}
 actions:
  1:
    action: close
--- a/salt/curator/files/action/so-infoblox-delete.yml
+++ b/salt/curator/files/action/so-infoblox-delete.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-infoblox:delete', 365) -%}
+{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-infoblox:delete') -%}
 actions:
  1:
    action: delete_indices
--- a/salt/curator/files/action/so-infoblox-warm.yml
+++ b/salt/curator/files/action/so-infoblox-warm.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-infoblox:warm', 7) -%}
+{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-infoblox:warm') -%}
 actions:
  1:
    action: allocation
--- a/salt/curator/files/action/so-juniper-close.yml
+++ b/salt/curator/files/action/so-juniper-close.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-juniper:close', 30) -%}
+{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-juniper:close') -%}
 actions:
  1:
    action: close
--- a/salt/curator/files/action/so-juniper-delete.yml
+++ b/salt/curator/files/action/so-juniper-delete.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-juniper:delete', 365) -%}
+{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-juniper:delete') -%}
 actions:
  1:
    action: delete_indices
--- a/salt/curator/files/action/so-juniper-warm.yml
+++ b/salt/curator/files/action/so-juniper-warm.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-aws:warm', 7) -%}
+{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-aws:warm') -%}
 actions:
  1:
    action: allocation
--- a/salt/curator/files/action/so-kibana-close.yml
+++ b/salt/curator/files/action/so-kibana-close.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-kibana:close', 30) -%}
+{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-kibana:close') -%}
 actions:
  1:
    action: close
--- a/salt/curator/files/action/so-kibana-delete.yml
+++ b/salt/curator/files/action/so-kibana-delete.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-kibana:delete', 365) -%}
+{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-kibana:delete') -%}
 actions:
  1:
    action: delete_indices
--- a/salt/curator/files/action/so-kibana-warm.yml
+++ b/salt/curator/files/action/so-kibana-warm.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-kibana:warm', 7) -%}
+{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-kibana:warm') -%}
 actions:
  1:
    action: allocation
--- a/salt/curator/files/action/so-kratos-close.yml
+++ b/salt/curator/files/action/so-kratos-close.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-kratos:close', 30) -%}
+{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-kratos:close') -%}
 actions:
  1:
    action: close
--- a/salt/curator/files/action/so-kratos-delete.yml
+++ b/salt/curator/files/action/so-kratos-delete.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-kratos:delete', 365) -%}
+{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-kratos:delete') -%}
 actions:
  1:
    action: delete_indices
--- a/salt/curator/files/action/so-kratos-warm.yml
+++ b/salt/curator/files/action/so-kratos-warm.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-kratos:warm', 7) -%}
+{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-kratos:warm') -%}
 actions:
  1:
    action: allocation
--- a/salt/curator/files/action/so-logstash-close.yml
+++ b/salt/curator/files/action/so-logstash-close.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-logstash:close', 30) -%}
+{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-logstash:close') -%}
 actions:
  1:
    action: close
--- a/salt/curator/files/action/so-logstash-delete.yml
+++ b/salt/curator/files/action/so-logstash-delete.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-logstash:delete', 365) -%}
+{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-logstash:delete') -%}
 actions:
  1:
    action: delete_indices
--- a/salt/curator/files/action/so-logstash-warm.yml
+++ b/salt/curator/files/action/so-logstash-warm.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-logstash:warm', 7) -%}
+{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-logstash:warm') -%}
 actions:
  1:
    action: allocation
--- a/salt/curator/files/action/so-microsoft-close.yml
+++ b/salt/curator/files/action/so-microsoft-close.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-microsoft:close', 30) -%}
+{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-microsoft:close') -%}
 actions:
  1:
    action: close
--- a/salt/curator/files/action/so-microsoft-delete.yml
+++ b/salt/curator/files/action/so-microsoft-delete.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-microsoft:delete', 365) -%}
+{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-microsoft:delete') -%}
 actions:
  1:
    action: delete_indices
--- a/salt/curator/files/action/so-microsoft-warm.yml
+++ b/salt/curator/files/action/so-microsoft-warm.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-microsoft:warm', 7) -%}
+{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-microsoft:warm') -%}
 actions:
  1:
    action: allocation
--- a/salt/curator/files/action/so-misp-close.yml
+++ b/salt/curator/files/action/so-misp-close.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-misp:close', 30) -%}
+{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-misp:close') -%}
 actions:
  1:
    action: close
--- a/salt/curator/files/action/so-misp-delete.yml
+++ b/salt/curator/files/action/so-misp-delete.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-misp:delete', 365) -%}
+{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-misp:delete') -%}
 actions:
  1:
    action: delete_indices
--- a/salt/curator/files/action/so-misp-warm.yml
+++ b/salt/curator/files/action/so-misp-warm.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-misp:warm', 7) -%}
+{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-misp:warm') -%}
 actions:
  1:
    action: allocation
--- a/salt/curator/files/action/so-netflow-close.yml
+++ b/salt/curator/files/action/so-netflow-close.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-netflow:close', 30) -%}
+{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-netflow:close') -%}
 actions:
  1:
    action: close
--- a/salt/curator/files/action/so-netflow-delete.yml
+++ b/salt/curator/files/action/so-netflow-delete.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-netflow:delete', 365) -%}
+{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-netflow:delete') -%}
 actions:
  1:
    action: delete_indices
--- a/salt/curator/files/action/so-netflow-warm.yml
+++ b/salt/curator/files/action/so-netflow-warm.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-netflow:warm', 7) -%}
+{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-netflow:warm') -%}
 actions:
  1:
    action: allocation
--- a/salt/curator/files/action/so-netscout-close.yml
+++ b/salt/curator/files/action/so-netscout-close.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-netscout:close', 30) -%}
+{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-netscout:close') -%}
 actions:
  1:
    action: close
--- a/salt/curator/files/action/so-netscout-delete.yml
+++ b/salt/curator/files/action/so-netscout-delete.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-netscout:delete', 365) -%}
+{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-netscout:delete') -%}
 actions:
  1:
    action: delete_indices
--- a/salt/curator/files/action/so-netscout-warm.yml
+++ b/salt/curator/files/action/so-netscout-warm.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-netscout:warm', 7) -%}
+{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-netscout:warm') -%}
 actions:
  1:
    action: allocation
--- a/salt/curator/files/action/so-o365-close.yml
+++ b/salt/curator/files/action/so-o365-close.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-o365:close', 30) -%}
+{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-o365:close') -%}
 actions:
  1:
    action: close
--- a/salt/curator/files/action/so-o365-delete.yml
+++ b/salt/curator/files/action/so-o365-delete.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-o365:delete', 365) -%}
+{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-o365:delete') -%}
 actions:
  1:
    action: delete_indices
--- a/salt/curator/files/action/so-o365-warm.yml
+++ b/salt/curator/files/action/so-o365-warm.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-o365:warm', 7) -%}
+{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-o365:warm') -%}
 actions:
  1:
    action: allocation
--- a/salt/curator/files/action/so-okta-close.yml
+++ b/salt/curator/files/action/so-okta-close.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-okta:close', 30) -%}
+{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-okta:close') -%}
 actions:
  1:
    action: close
--- a/salt/curator/files/action/so-okta-warm.yml
+++ b/salt/curator/files/action/so-okta-warm.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-okta:warm', 7) -%}
+{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-okta:warm') -%}
 actions:
  1:
    action: allocation
--- a/salt/curator/files/action/so-okta.delete.yml
+++ b/salt/curator/files/action/so-okta.delete.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-okta:delete', 365) -%}
+{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-okta:delete') -%}
 actions:
  1:
    action: delete_indices
--- a/salt/curator/files/action/so-osquery-close.yml
+++ b/salt/curator/files/action/so-osquery-close.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-osquery:close', 30) -%}
+{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-osquery:close') -%}
 actions:
  1:
    action: close
--- a/salt/curator/files/action/so-osquery-delete.yml
+++ b/salt/curator/files/action/so-osquery-delete.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-osquery:delete', 365) -%}
+{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-osquery:delete') -%}
 actions:
  1:
    action: delete_indices
--- a/salt/curator/files/action/so-osquery-warm.yml
+++ b/salt/curator/files/action/so-osquery-warm.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-osquery:warm', 7) -%}
+{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-osquery:warm') -%}
 actions:
  1:
    action: allocation
--- a/salt/curator/files/action/so-ossec-close.yml
+++ b/salt/curator/files/action/so-ossec-close.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-ossec:close', 30) -%}
+{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-ossec:close') -%}
 actions:
  1:
    action: close
--- a/salt/curator/files/action/so-ossec-delete.yml
+++ b/salt/curator/files/action/so-ossec-delete.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-ossec:delete', 365) -%}
+{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-ossec:delete') -%}
 actions:
  1:
    action: delete_indices
--- a/salt/curator/files/action/so-ossec-warm.yml
+++ b/salt/curator/files/action/so-ossec-warm.yml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-ossec:warm', 7) -%}
+{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-ossec:warm') -%}
 actions:
  1:
    action: allocation
--- a/Show More
+++ b/Show More