From c3b83f1fc8b453e00486162bd9afb6b26d36580a Mon Sep 17 00:00:00 2001
From: Wes <wlambertts@gmail.com>
Date: Wed, 11 Jan 2023 14:03:11 +0000
Subject: [PATCH] Update template settings to use data streams

---
 salt/elasticsearch/defaults.yaml | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml
index f1a5a7dd5..92c5c6e13 100644
--- a/salt/elasticsearch/defaults.yaml
+++ b/salt/elasticsearch/defaults.yaml
@@ -1152,8 +1152,9 @@ elasticsearch:
       delete: 365
       index_sorting: False
       index_template:
+        data_stream: {}
         index_patterns:
-          - so-*
+          - logs-*_so
         template:
           mappings:
             dynamic_templates:
@@ -2154,11 +2155,12 @@ elasticsearch:
           - common-settings
           - common-dynamic-mappings
         priority: 500
-    so-ids:
+    so-suricata:
       index_sorting: False
       index_template:
+        data_stream: {}
         index_patterns:
-          - so-ids*
+          - logs-*-suricata_so
         template:
           mappings:
             dynamic_templates:
@@ -2324,8 +2326,9 @@ elasticsearch:
     so-import:
       index_sorting: False
       index_template:
+        data_stream: {}
         index_patterns:
-          - so-import*
+          - logs-*-import_so
         template:
           mappings:
             dynamic_templates:
@@ -4162,8 +4165,9 @@ elasticsearch:
     so-strelka:
       index_sorting: False
       index_template:
+        data_stream: {}
         index_patterns:
-          - so-strelka*
+          - logs-*-strelka_so
         template:
           mappings:
             dynamic_templates:
@@ -4415,8 +4419,9 @@ elasticsearch:
     so-zeek:
       index_sorting: False
       index_template:
+        data_stream: {}
         index_patterns:
-          - so-zeek*
+          - logs-*-zeek_so
         template:
           mappings:
             dynamic_templates: