mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-06-12 13:19:22 +02:00
set default DLM retention 90d
This commit is contained in:
reyesj2
@@ -75,7 +75,7 @@ elasticsearch:
|
||||
global_overrides:
|
||||
# Tie this into cluster setting for data_streams.lifecycle.retention.default
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
template:
|
||||
settings:
|
||||
@@ -157,7 +157,7 @@ elasticsearch:
|
||||
so-common:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- agent-mappings
|
||||
@@ -517,7 +517,7 @@ elasticsearch:
|
||||
so-idh:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- agent-mappings
|
||||
@@ -627,7 +627,7 @@ elasticsearch:
|
||||
so-import:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- agent-mappings
|
||||
@@ -811,7 +811,7 @@ elasticsearch:
|
||||
so-kismet:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- kismet-mappings
|
||||
@@ -862,7 +862,7 @@ elasticsearch:
|
||||
so-kratos:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- agent-mappings
|
||||
@@ -932,7 +932,7 @@ elasticsearch:
|
||||
so-hydra:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- agent-mappings
|
||||
@@ -1079,7 +1079,7 @@ elasticsearch:
|
||||
so-logs:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- so-data-streams-mappings
|
||||
@@ -1161,7 +1161,7 @@ elasticsearch:
|
||||
so-logs-detections_x_alerts:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- so-data-streams-mappings
|
||||
@@ -1226,7 +1226,7 @@ elasticsearch:
|
||||
so-logs-elastic_agent:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- event-mappings
|
||||
@@ -1343,7 +1343,7 @@ elasticsearch:
|
||||
so-elastic-agent-monitor:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- event-mappings
|
||||
@@ -1407,7 +1407,7 @@ elasticsearch:
|
||||
so-logs-elastic_agent_x_apm_server:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- logs-elastic_agent.apm_server@package
|
||||
@@ -1473,7 +1473,7 @@ elasticsearch:
|
||||
so-logs-elastic_agent_x_auditbeat:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- logs-elastic_agent.auditbeat@package
|
||||
@@ -1539,7 +1539,7 @@ elasticsearch:
|
||||
so-logs-elastic_agent_x_cloudbeat:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- logs-elastic_agent.cloudbeat@package
|
||||
@@ -1605,7 +1605,7 @@ elasticsearch:
|
||||
so-logs-elastic_agent_x_endpoint_security:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- event-mappings
|
||||
@@ -1666,7 +1666,7 @@ elasticsearch:
|
||||
so-logs-elastic_agent_x_filebeat:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- event-mappings
|
||||
@@ -1727,7 +1727,7 @@ elasticsearch:
|
||||
so-logs-elastic_agent_x_fleet_server:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- event-mappings
|
||||
@@ -1785,7 +1785,7 @@ elasticsearch:
|
||||
so-logs-elastic_agent_x_heartbeat:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- logs-elastic_agent.heartbeat@package
|
||||
@@ -1851,7 +1851,7 @@ elasticsearch:
|
||||
so-logs-elastic_agent_x_metricbeat:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- event-mappings
|
||||
@@ -1912,7 +1912,7 @@ elasticsearch:
|
||||
so-logs-elastic_agent_x_osquerybeat:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- event-mappings
|
||||
@@ -1973,7 +1973,7 @@ elasticsearch:
|
||||
so-logs-elastic_agent_x_packetbeat:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- logs-elastic_agent.packetbeat@package
|
||||
@@ -2039,7 +2039,7 @@ elasticsearch:
|
||||
so-logs-elasticsearch_x_server:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- logs-elasticsearch.server@package
|
||||
@@ -2105,7 +2105,7 @@ elasticsearch:
|
||||
so-logs-endpoint_x_actions:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- .logs-endpoint.actions@package
|
||||
@@ -2166,7 +2166,7 @@ elasticsearch:
|
||||
so-logs-endpoint_x_action_x_responses:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- .logs-endpoint.action.responses@package
|
||||
@@ -2227,7 +2227,7 @@ elasticsearch:
|
||||
so-logs-endpoint_x_alerts:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- logs-endpoint.alerts@package
|
||||
@@ -2288,7 +2288,7 @@ elasticsearch:
|
||||
so-logs-endpoint_x_diagnostic_x_collection:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- .logs-endpoint.diagnostic.collection@package
|
||||
@@ -2365,7 +2365,7 @@ elasticsearch:
|
||||
so-logs-endpoint_x_events_x_api:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- logs-endpoint.events.api@package
|
||||
@@ -2426,7 +2426,7 @@ elasticsearch:
|
||||
so-logs-endpoint_x_events_x_file:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- logs-endpoint.events.file@package
|
||||
@@ -2487,7 +2487,7 @@ elasticsearch:
|
||||
so-logs-endpoint_x_events_x_library:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- logs-endpoint.events.library@package
|
||||
@@ -2548,7 +2548,7 @@ elasticsearch:
|
||||
so-logs-endpoint_x_events_x_network:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- logs-endpoint.events.network@package
|
||||
@@ -2609,7 +2609,7 @@ elasticsearch:
|
||||
so-logs-endpoint_x_events_x_process:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- logs-endpoint.events.process@package
|
||||
@@ -2670,7 +2670,7 @@ elasticsearch:
|
||||
so-logs-endpoint_x_events_x_registry:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- logs-endpoint.events.registry@package
|
||||
@@ -2731,7 +2731,7 @@ elasticsearch:
|
||||
so-logs-endpoint_x_events_x_security:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- logs-endpoint.events.security@package
|
||||
@@ -2792,7 +2792,7 @@ elasticsearch:
|
||||
so-logs-endpoint_x_heartbeat:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- .logs-endpoint.heartbeat@package
|
||||
@@ -2853,7 +2853,7 @@ elasticsearch:
|
||||
so-logs-http_endpoint_x_generic:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- logs-http_endpoint.generic@package
|
||||
@@ -2903,7 +2903,7 @@ elasticsearch:
|
||||
so-logs-httpjson_x_generic:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- logs-httpjson.generic@package
|
||||
@@ -2970,7 +2970,7 @@ elasticsearch:
|
||||
so-logs-osquery-manager_x_action_x_responses:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
_meta:
|
||||
managed: true
|
||||
@@ -3043,7 +3043,7 @@ elasticsearch:
|
||||
so-logs-osquery-manager_x_result:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
_meta:
|
||||
managed: true
|
||||
@@ -3097,7 +3097,7 @@ elasticsearch:
|
||||
so-logs-soc:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- agent-mappings
|
||||
@@ -3207,7 +3207,7 @@ elasticsearch:
|
||||
so-logs-system_x_application:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- event-mappings
|
||||
@@ -3258,7 +3258,7 @@ elasticsearch:
|
||||
so-logs-system_x_auth:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- event-mappings
|
||||
@@ -3309,7 +3309,7 @@ elasticsearch:
|
||||
so-logs-system_x_security:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- event-mappings
|
||||
@@ -3360,7 +3360,7 @@ elasticsearch:
|
||||
so-logs-system_x_syslog:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- event-mappings
|
||||
@@ -3411,7 +3411,7 @@ elasticsearch:
|
||||
so-logs-system_x_system:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- event-mappings
|
||||
@@ -3462,7 +3462,7 @@ elasticsearch:
|
||||
so-logs-windows_x_forwarded:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- logs-windows.forwarded@package
|
||||
@@ -3511,7 +3511,7 @@ elasticsearch:
|
||||
so-logs-windows_x_powershell:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- logs-windows.powershell@package
|
||||
@@ -3560,7 +3560,7 @@ elasticsearch:
|
||||
so-logs-windows_x_powershell_operational:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- logs-windows.powershell_operational@package
|
||||
@@ -3609,7 +3609,7 @@ elasticsearch:
|
||||
so-logs-windows_x_sysmon_operational:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- logs-windows.sysmon_operational@package
|
||||
@@ -3658,7 +3658,7 @@ elasticsearch:
|
||||
so-logs-winlog_x_winlog:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- logs-winlog.winlog@package
|
||||
@@ -3708,7 +3708,7 @@ elasticsearch:
|
||||
so-logstash:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- agent-mappings
|
||||
@@ -3825,7 +3825,7 @@ elasticsearch:
|
||||
so-metrics-endpoint_x_metadata:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- metrics-endpoint.metadata@package
|
||||
@@ -3874,7 +3874,7 @@ elasticsearch:
|
||||
so-metrics-endpoint_x_metrics:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- metrics-endpoint.metrics@package
|
||||
@@ -3923,7 +3923,7 @@ elasticsearch:
|
||||
so-metrics-endpoint_x_policy:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- metrics-endpoint.policy@package
|
||||
@@ -3972,7 +3972,7 @@ elasticsearch:
|
||||
so-metrics-fleet_server_x_agent_status:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- metrics@tsdb-settings
|
||||
@@ -3998,7 +3998,7 @@ elasticsearch:
|
||||
so-metrics-fleet_server_x_agent_versions:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- metrics@tsdb-settings
|
||||
@@ -4024,7 +4024,7 @@ elasticsearch:
|
||||
so-redis:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- agent-mappings
|
||||
@@ -4141,7 +4141,7 @@ elasticsearch:
|
||||
so-strelka:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- agent-mappings
|
||||
@@ -4260,7 +4260,7 @@ elasticsearch:
|
||||
so-suricata:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- agent-mappings
|
||||
@@ -4378,7 +4378,7 @@ elasticsearch:
|
||||
so-suricata_x_alerts:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- agent-mappings
|
||||
@@ -4496,7 +4496,7 @@ elasticsearch:
|
||||
so-syslog:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- agent-mappings
|
||||
@@ -4614,7 +4614,7 @@ elasticsearch:
|
||||
so-zeek:
|
||||
index_sorting: false
|
||||
data_stream_lifecycle:
|
||||
data_retention: 7d
|
||||
data_retention: 90d
|
||||
index_template:
|
||||
composed_of:
|
||||
- agent-mappings
|
||||
|
||||
Reference in New Issue
Block a user