From c5051604807b1125367ebb223f8b3c7b8fe1778d Mon Sep 17 00:00:00 2001 From: reyesj2 <94730068+reyesj2@users.noreply.github.com> Date: Thu, 11 Jun 2026 15:13:28 -0500 Subject: [PATCH] set default DLM retention 90d --- salt/elasticsearch/defaults.yaml | 122 +++++++++++++++---------------- 1 file changed, 61 insertions(+), 61 deletions(-) diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml index 7b49074e8..ffb53ecbc 100644 --- a/salt/elasticsearch/defaults.yaml +++ b/salt/elasticsearch/defaults.yaml @@ -75,7 +75,7 @@ elasticsearch: global_overrides: # Tie this into cluster setting for data_streams.lifecycle.retention.default data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: template: settings: @@ -157,7 +157,7 @@ elasticsearch: so-common: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - agent-mappings @@ -517,7 +517,7 @@ elasticsearch: so-idh: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - agent-mappings @@ -627,7 +627,7 @@ elasticsearch: so-import: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - agent-mappings @@ -811,7 +811,7 @@ elasticsearch: so-kismet: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - kismet-mappings @@ -862,7 +862,7 @@ elasticsearch: so-kratos: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - agent-mappings @@ -932,7 +932,7 @@ elasticsearch: so-hydra: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - agent-mappings @@ -1079,7 +1079,7 @@ elasticsearch: so-logs: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - so-data-streams-mappings @@ -1161,7 +1161,7 @@ elasticsearch: so-logs-detections_x_alerts: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - so-data-streams-mappings @@ -1226,7 +1226,7 @@ elasticsearch: so-logs-elastic_agent: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - event-mappings @@ -1343,7 +1343,7 @@ elasticsearch: so-elastic-agent-monitor: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - event-mappings @@ -1407,7 +1407,7 @@ elasticsearch: so-logs-elastic_agent_x_apm_server: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - logs-elastic_agent.apm_server@package @@ -1473,7 +1473,7 @@ elasticsearch: so-logs-elastic_agent_x_auditbeat: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - logs-elastic_agent.auditbeat@package @@ -1539,7 +1539,7 @@ elasticsearch: so-logs-elastic_agent_x_cloudbeat: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - logs-elastic_agent.cloudbeat@package @@ -1605,7 +1605,7 @@ elasticsearch: so-logs-elastic_agent_x_endpoint_security: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - event-mappings @@ -1666,7 +1666,7 @@ elasticsearch: so-logs-elastic_agent_x_filebeat: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - event-mappings @@ -1727,7 +1727,7 @@ elasticsearch: so-logs-elastic_agent_x_fleet_server: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - event-mappings @@ -1785,7 +1785,7 @@ elasticsearch: so-logs-elastic_agent_x_heartbeat: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - logs-elastic_agent.heartbeat@package @@ -1851,7 +1851,7 @@ elasticsearch: so-logs-elastic_agent_x_metricbeat: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - event-mappings @@ -1912,7 +1912,7 @@ elasticsearch: so-logs-elastic_agent_x_osquerybeat: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - event-mappings @@ -1973,7 +1973,7 @@ elasticsearch: so-logs-elastic_agent_x_packetbeat: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - logs-elastic_agent.packetbeat@package @@ -2039,7 +2039,7 @@ elasticsearch: so-logs-elasticsearch_x_server: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - logs-elasticsearch.server@package @@ -2105,7 +2105,7 @@ elasticsearch: so-logs-endpoint_x_actions: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - .logs-endpoint.actions@package @@ -2166,7 +2166,7 @@ elasticsearch: so-logs-endpoint_x_action_x_responses: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - .logs-endpoint.action.responses@package @@ -2227,7 +2227,7 @@ elasticsearch: so-logs-endpoint_x_alerts: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - logs-endpoint.alerts@package @@ -2288,7 +2288,7 @@ elasticsearch: so-logs-endpoint_x_diagnostic_x_collection: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - .logs-endpoint.diagnostic.collection@package @@ -2365,7 +2365,7 @@ elasticsearch: so-logs-endpoint_x_events_x_api: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - logs-endpoint.events.api@package @@ -2426,7 +2426,7 @@ elasticsearch: so-logs-endpoint_x_events_x_file: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - logs-endpoint.events.file@package @@ -2487,7 +2487,7 @@ elasticsearch: so-logs-endpoint_x_events_x_library: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - logs-endpoint.events.library@package @@ -2548,7 +2548,7 @@ elasticsearch: so-logs-endpoint_x_events_x_network: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - logs-endpoint.events.network@package @@ -2609,7 +2609,7 @@ elasticsearch: so-logs-endpoint_x_events_x_process: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - logs-endpoint.events.process@package @@ -2670,7 +2670,7 @@ elasticsearch: so-logs-endpoint_x_events_x_registry: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - logs-endpoint.events.registry@package @@ -2731,7 +2731,7 @@ elasticsearch: so-logs-endpoint_x_events_x_security: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - logs-endpoint.events.security@package @@ -2792,7 +2792,7 @@ elasticsearch: so-logs-endpoint_x_heartbeat: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - .logs-endpoint.heartbeat@package @@ -2853,7 +2853,7 @@ elasticsearch: so-logs-http_endpoint_x_generic: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - logs-http_endpoint.generic@package @@ -2903,7 +2903,7 @@ elasticsearch: so-logs-httpjson_x_generic: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - logs-httpjson.generic@package @@ -2970,7 +2970,7 @@ elasticsearch: so-logs-osquery-manager_x_action_x_responses: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: _meta: managed: true @@ -3043,7 +3043,7 @@ elasticsearch: so-logs-osquery-manager_x_result: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: _meta: managed: true @@ -3097,7 +3097,7 @@ elasticsearch: so-logs-soc: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - agent-mappings @@ -3207,7 +3207,7 @@ elasticsearch: so-logs-system_x_application: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - event-mappings @@ -3258,7 +3258,7 @@ elasticsearch: so-logs-system_x_auth: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - event-mappings @@ -3309,7 +3309,7 @@ elasticsearch: so-logs-system_x_security: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - event-mappings @@ -3360,7 +3360,7 @@ elasticsearch: so-logs-system_x_syslog: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - event-mappings @@ -3411,7 +3411,7 @@ elasticsearch: so-logs-system_x_system: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - event-mappings @@ -3462,7 +3462,7 @@ elasticsearch: so-logs-windows_x_forwarded: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - logs-windows.forwarded@package @@ -3511,7 +3511,7 @@ elasticsearch: so-logs-windows_x_powershell: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - logs-windows.powershell@package @@ -3560,7 +3560,7 @@ elasticsearch: so-logs-windows_x_powershell_operational: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - logs-windows.powershell_operational@package @@ -3609,7 +3609,7 @@ elasticsearch: so-logs-windows_x_sysmon_operational: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - logs-windows.sysmon_operational@package @@ -3658,7 +3658,7 @@ elasticsearch: so-logs-winlog_x_winlog: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - logs-winlog.winlog@package @@ -3708,7 +3708,7 @@ elasticsearch: so-logstash: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - agent-mappings @@ -3825,7 +3825,7 @@ elasticsearch: so-metrics-endpoint_x_metadata: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - metrics-endpoint.metadata@package @@ -3874,7 +3874,7 @@ elasticsearch: so-metrics-endpoint_x_metrics: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - metrics-endpoint.metrics@package @@ -3923,7 +3923,7 @@ elasticsearch: so-metrics-endpoint_x_policy: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - metrics-endpoint.policy@package @@ -3972,7 +3972,7 @@ elasticsearch: so-metrics-fleet_server_x_agent_status: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - metrics@tsdb-settings @@ -3998,7 +3998,7 @@ elasticsearch: so-metrics-fleet_server_x_agent_versions: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - metrics@tsdb-settings @@ -4024,7 +4024,7 @@ elasticsearch: so-redis: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - agent-mappings @@ -4141,7 +4141,7 @@ elasticsearch: so-strelka: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - agent-mappings @@ -4260,7 +4260,7 @@ elasticsearch: so-suricata: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - agent-mappings @@ -4378,7 +4378,7 @@ elasticsearch: so-suricata_x_alerts: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - agent-mappings @@ -4496,7 +4496,7 @@ elasticsearch: so-syslog: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - agent-mappings @@ -4614,7 +4614,7 @@ elasticsearch: so-zeek: index_sorting: false data_stream_lifecycle: - data_retention: 7d + data_retention: 90d index_template: composed_of: - agent-mappings