From c880be8d45c5e09d8a27a8fb5990ee22650c0a37 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 21 Oct 2022 10:38:32 -0400 Subject: [PATCH] use curator defaults.yaml merged with pillar for actions --- salt/curator/files/action/so-aws-close.yml | 2 +- salt/curator/files/action/so-aws-delete.yml | 2 +- salt/curator/files/action/so-aws-warm.yml | 2 +- salt/curator/files/action/so-azure-close.yml | 2 +- salt/curator/files/action/so-azure-delete.yml | 2 +- salt/curator/files/action/so-azure-warm.yml | 2 +- salt/curator/files/action/so-barracuda-close.yml | 2 +- salt/curator/files/action/so-barracuda-delete.yml | 2 +- salt/curator/files/action/so-barracuda-warm.yml | 2 +- salt/curator/files/action/so-beats-close.yml | 2 +- salt/curator/files/action/so-beats-delete.yml | 2 +- salt/curator/files/action/so-beats-warm.yml | 2 +- salt/curator/files/action/so-bluecoat-close.yml | 2 +- salt/curator/files/action/so-bluecoat-delete.yml | 2 +- salt/curator/files/action/so-bluecoat-warm.yml | 2 +- salt/curator/files/action/so-cef-close.yml | 2 +- salt/curator/files/action/so-cef-delete.yml | 2 +- salt/curator/files/action/so-cef-warm.yml | 2 +- salt/curator/files/action/so-checkpoint-close.yml | 2 +- salt/curator/files/action/so-checkpoint-delete.yml | 2 +- salt/curator/files/action/so-checkpoint-warm.yml | 2 +- salt/curator/files/action/so-cisco-close.yml | 2 +- salt/curator/files/action/so-cisco-delete.yml | 2 +- salt/curator/files/action/so-cisco-warm.yml | 2 +- salt/curator/files/action/so-cyberark-close.yml | 2 +- salt/curator/files/action/so-cyberark-delete.yml | 2 +- salt/curator/files/action/so-cyberark-warm.yml | 2 +- salt/curator/files/action/so-cylance-close.yml | 2 +- salt/curator/files/action/so-cylance-delete.yml | 2 +- salt/curator/files/action/so-cylance-warm.yml | 2 +- salt/curator/files/action/so-elasticsearch-close.yml | 2 +- salt/curator/files/action/so-elasticsearch-delete.yml | 2 +- salt/curator/files/action/so-elasticsearch-warm.yml | 2 +- salt/curator/files/action/so-endgame-close.yml | 2 +- salt/curator/files/action/so-endgame-delete.yml | 2 +- salt/curator/files/action/so-endgame-warm.yml | 2 +- salt/curator/files/action/so-f5-close.yml | 2 +- salt/curator/files/action/so-f5-delete.yml | 2 +- salt/curator/files/action/so-f5-warm.yml | 2 +- salt/curator/files/action/so-firewall-close.yml | 2 +- salt/curator/files/action/so-firewall-delete.yml | 2 +- salt/curator/files/action/so-firewall-warm.yml | 2 +- salt/curator/files/action/so-fortinet-close.yml | 2 +- salt/curator/files/action/so-fortinet-delete.yml | 2 +- salt/curator/files/action/so-fortinet-warm.yml | 2 +- salt/curator/files/action/so-gcp-close.yml | 2 +- salt/curator/files/action/so-gcp-delete.yml | 2 +- salt/curator/files/action/so-gcp-warm.yml | 2 +- salt/curator/files/action/so-google_workspace-close.yml | 2 +- salt/curator/files/action/so-google_workspace-delete.yml | 2 +- salt/curator/files/action/so-google_workspace-warm.yml | 2 +- salt/curator/files/action/so-ids-close.yml | 2 +- salt/curator/files/action/so-ids-delete.yml | 2 +- salt/curator/files/action/so-ids-warm.yml | 2 +- salt/curator/files/action/so-imperva-close.yml | 2 +- salt/curator/files/action/so-imperva-delete.yml | 2 +- salt/curator/files/action/so-imperva-warm.yml | 2 +- salt/curator/files/action/so-import-close.yml | 2 +- salt/curator/files/action/so-import-delete.yml | 2 +- salt/curator/files/action/so-import-warm.yml | 2 +- salt/curator/files/action/so-infoblox-close.yml | 2 +- salt/curator/files/action/so-infoblox-delete.yml | 2 +- salt/curator/files/action/so-infoblox-warm.yml | 2 +- salt/curator/files/action/so-juniper-close.yml | 2 +- salt/curator/files/action/so-juniper-delete.yml | 2 +- salt/curator/files/action/so-juniper-warm.yml | 2 +- salt/curator/files/action/so-kibana-close.yml | 2 +- salt/curator/files/action/so-kibana-delete.yml | 2 +- salt/curator/files/action/so-kibana-warm.yml | 2 +- salt/curator/files/action/so-kratos-close.yml | 2 +- salt/curator/files/action/so-kratos-delete.yml | 2 +- salt/curator/files/action/so-kratos-warm.yml | 2 +- salt/curator/files/action/so-logstash-close.yml | 2 +- salt/curator/files/action/so-logstash-delete.yml | 2 +- salt/curator/files/action/so-logstash-warm.yml | 2 +- salt/curator/files/action/so-microsoft-close.yml | 2 +- salt/curator/files/action/so-microsoft-delete.yml | 2 +- salt/curator/files/action/so-microsoft-warm.yml | 2 +- salt/curator/files/action/so-misp-close.yml | 2 +- salt/curator/files/action/so-misp-delete.yml | 2 +- salt/curator/files/action/so-misp-warm.yml | 2 +- salt/curator/files/action/so-netflow-close.yml | 2 +- salt/curator/files/action/so-netflow-delete.yml | 2 +- salt/curator/files/action/so-netflow-warm.yml | 2 +- salt/curator/files/action/so-netscout-close.yml | 2 +- salt/curator/files/action/so-netscout-delete.yml | 2 +- salt/curator/files/action/so-netscout-warm.yml | 2 +- salt/curator/files/action/so-o365-close.yml | 2 +- salt/curator/files/action/so-o365-delete.yml | 2 +- salt/curator/files/action/so-o365-warm.yml | 2 +- salt/curator/files/action/so-okta-close.yml | 2 +- salt/curator/files/action/so-okta-warm.yml | 2 +- salt/curator/files/action/so-okta.delete.yml | 2 +- salt/curator/files/action/so-osquery-close.yml | 2 +- salt/curator/files/action/so-osquery-delete.yml | 2 +- salt/curator/files/action/so-osquery-warm.yml | 2 +- salt/curator/files/action/so-ossec-close.yml | 2 +- salt/curator/files/action/so-ossec-delete.yml | 2 +- salt/curator/files/action/so-ossec-warm.yml | 2 +- salt/curator/files/action/so-proofpoint-close.yml | 2 +- salt/curator/files/action/so-proofpoint-delete.yml | 2 +- salt/curator/files/action/so-proofpoint-warm.yml | 2 +- salt/curator/files/action/so-radware-close.yml | 2 +- salt/curator/files/action/so-radware-delete.yml | 2 +- salt/curator/files/action/so-radware-warm.yml | 2 +- salt/curator/files/action/so-redis-close.yml | 2 +- salt/curator/files/action/so-redis-delete.yml | 2 +- salt/curator/files/action/so-redis-warm.yml | 2 +- salt/curator/files/action/so-snort-close.yml | 2 +- salt/curator/files/action/so-snort-delete.yml | 2 +- salt/curator/files/action/so-snort-warm.yml | 2 +- salt/curator/files/action/so-snyk-close.yml | 2 +- salt/curator/files/action/so-snyk-delete.yml | 2 +- salt/curator/files/action/so-snyk-warm.yml | 2 +- salt/curator/files/action/so-sonicwall-close.yml | 2 +- salt/curator/files/action/so-sonicwall-delete.yml | 2 +- salt/curator/files/action/so-sonicwall-warm.yml | 2 +- salt/curator/files/action/so-sophos-close.yml | 2 +- salt/curator/files/action/so-sophos-delete.yml | 2 +- salt/curator/files/action/so-sophos-warm.yml | 2 +- salt/curator/files/action/so-strelka-close.yml | 2 +- salt/curator/files/action/so-strelka-delete.yml | 2 +- salt/curator/files/action/so-strelka-warm.yml | 2 +- salt/curator/files/action/so-syslog-close.yml | 2 +- salt/curator/files/action/so-syslog-delete.yml | 2 +- salt/curator/files/action/so-syslog-warm.yml | 2 +- salt/curator/files/action/so-tomcat-close.yml | 2 +- salt/curator/files/action/so-tomcat-delete.yml | 2 +- salt/curator/files/action/so-tomcat-warm.yml | 2 +- salt/curator/files/action/so-zeek-close.yml | 2 +- salt/curator/files/action/so-zeek-delete.yml | 2 +- salt/curator/files/action/so-zeek-warm.yml | 2 +- salt/curator/files/action/so-zscaler-close.yml | 2 +- salt/curator/files/action/so-zscaler-delete.yml | 2 +- salt/curator/files/action/so-zscaler-warm.yml | 2 +- salt/curator/init.sls | 4 ++++ salt/curator/map.jinja | 3 +++ salt/elasticsearch/defaults.yaml | 6 +++--- 138 files changed, 145 insertions(+), 138 deletions(-) diff --git a/salt/curator/files/action/so-aws-close.yml b/salt/curator/files/action/so-aws-close.yml index 568579d67..b7f386166 100644 --- a/salt/curator/files/action/so-aws-close.yml +++ b/salt/curator/files/action/so-aws-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-aws:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-aws.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-aws-delete.yml b/salt/curator/files/action/so-aws-delete.yml index b93f2b14d..880581a3d 100644 --- a/salt/curator/files/action/so-aws-delete.yml +++ b/salt/curator/files/action/so-aws-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-aws:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-aws.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-aws-warm.yml b/salt/curator/files/action/so-aws-warm.yml index a4608f0bf..8f6366697 100644 --- a/salt/curator/files/action/so-aws-warm.yml +++ b/salt/curator/files/action/so-aws-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-aws:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-aws.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-azure-close.yml b/salt/curator/files/action/so-azure-close.yml index a49825266..eaee00fa7 100644 --- a/salt/curator/files/action/so-azure-close.yml +++ b/salt/curator/files/action/so-azure-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-azure:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-azure.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-azure-delete.yml b/salt/curator/files/action/so-azure-delete.yml index 062388c0e..7027c8d15 100644 --- a/salt/curator/files/action/so-azure-delete.yml +++ b/salt/curator/files/action/so-azure-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-azure:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-azure.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-azure-warm.yml b/salt/curator/files/action/so-azure-warm.yml index aaac2fc03..79848d80e 100644 --- a/salt/curator/files/action/so-azure-warm.yml +++ b/salt/curator/files/action/so-azure-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-azure:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-azure.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-barracuda-close.yml b/salt/curator/files/action/so-barracuda-close.yml index 35032bc56..d4737612e 100644 --- a/salt/curator/files/action/so-barracuda-close.yml +++ b/salt/curator/files/action/so-barracuda-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-barracuda:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-barracuda.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-barracuda-delete.yml b/salt/curator/files/action/so-barracuda-delete.yml index bf8e7638f..e7db59766 100644 --- a/salt/curator/files/action/so-barracuda-delete.yml +++ b/salt/curator/files/action/so-barracuda-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-barracuda:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-barracuda.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-barracuda-warm.yml b/salt/curator/files/action/so-barracuda-warm.yml index d61cbce61..ebb4f943d 100644 --- a/salt/curator/files/action/so-barracuda-warm.yml +++ b/salt/curator/files/action/so-barracuda-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-barracuda:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-barracuda.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-beats-close.yml b/salt/curator/files/action/so-beats-close.yml index bcd138c38..37bd2f762 100644 --- a/salt/curator/files/action/so-beats-close.yml +++ b/salt/curator/files/action/so-beats-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-beats:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-beats.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-beats-delete.yml b/salt/curator/files/action/so-beats-delete.yml index fa072c1e2..deb861f05 100644 --- a/salt/curator/files/action/so-beats-delete.yml +++ b/salt/curator/files/action/so-beats-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-beats:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-beats.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-beats-warm.yml b/salt/curator/files/action/so-beats-warm.yml index ae733ce3b..365a0a03b 100644 --- a/salt/curator/files/action/so-beats-warm.yml +++ b/salt/curator/files/action/so-beats-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-beats:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-beats.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-bluecoat-close.yml b/salt/curator/files/action/so-bluecoat-close.yml index 349a21a27..ab96964f0 100644 --- a/salt/curator/files/action/so-bluecoat-close.yml +++ b/salt/curator/files/action/so-bluecoat-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-bluecoat:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-bluecoat.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-bluecoat-delete.yml b/salt/curator/files/action/so-bluecoat-delete.yml index c2aad1419..8a496afe4 100644 --- a/salt/curator/files/action/so-bluecoat-delete.yml +++ b/salt/curator/files/action/so-bluecoat-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-bluecoat:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-bluecoat.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-bluecoat-warm.yml b/salt/curator/files/action/so-bluecoat-warm.yml index b50f0db0b..03966b053 100644 --- a/salt/curator/files/action/so-bluecoat-warm.yml +++ b/salt/curator/files/action/so-bluecoat-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-bluecoat:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-bluecoat.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-cef-close.yml b/salt/curator/files/action/so-cef-close.yml index 57bcb3a2a..093de32d2 100644 --- a/salt/curator/files/action/so-cef-close.yml +++ b/salt/curator/files/action/so-cef-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-cef:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-cef.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-cef-delete.yml b/salt/curator/files/action/so-cef-delete.yml index 3bda2246f..372015d23 100644 --- a/salt/curator/files/action/so-cef-delete.yml +++ b/salt/curator/files/action/so-cef-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cef:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-cef.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-cef-warm.yml b/salt/curator/files/action/so-cef-warm.yml index b2143c1ce..39ba1d574 100644 --- a/salt/curator/files/action/so-cef-warm.yml +++ b/salt/curator/files/action/so-cef-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cef:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-cef.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-checkpoint-close.yml b/salt/curator/files/action/so-checkpoint-close.yml index 938eaf25f..a894bcbb5 100644 --- a/salt/curator/files/action/so-checkpoint-close.yml +++ b/salt/curator/files/action/so-checkpoint-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-checkpoint:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-checkpoint.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-checkpoint-delete.yml b/salt/curator/files/action/so-checkpoint-delete.yml index d0048162d..ebfcec86b 100644 --- a/salt/curator/files/action/so-checkpoint-delete.yml +++ b/salt/curator/files/action/so-checkpoint-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-checkpoint:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-checkpoint.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-checkpoint-warm.yml b/salt/curator/files/action/so-checkpoint-warm.yml index a66335593..73a012d99 100644 --- a/salt/curator/files/action/so-checkpoint-warm.yml +++ b/salt/curator/files/action/so-checkpoint-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-checkpoint:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-checkpoint.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-cisco-close.yml b/salt/curator/files/action/so-cisco-close.yml index a097e466d..06b6d9f4b 100644 --- a/salt/curator/files/action/so-cisco-close.yml +++ b/salt/curator/files/action/so-cisco-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-cisco:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-cisco.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-cisco-delete.yml b/salt/curator/files/action/so-cisco-delete.yml index 0cb98a634..f057a1de0 100644 --- a/salt/curator/files/action/so-cisco-delete.yml +++ b/salt/curator/files/action/so-cisco-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cisco:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-cisco.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-cisco-warm.yml b/salt/curator/files/action/so-cisco-warm.yml index 5240f401b..9ca5812ad 100644 --- a/salt/curator/files/action/so-cisco-warm.yml +++ b/salt/curator/files/action/so-cisco-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cisco:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-cisco.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-cyberark-close.yml b/salt/curator/files/action/so-cyberark-close.yml index deb0dd869..56a769682 100644 --- a/salt/curator/files/action/so-cyberark-close.yml +++ b/salt/curator/files/action/so-cyberark-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-cyberark:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-cyberark.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-cyberark-delete.yml b/salt/curator/files/action/so-cyberark-delete.yml index 1fbf83f44..51256ce58 100644 --- a/salt/curator/files/action/so-cyberark-delete.yml +++ b/salt/curator/files/action/so-cyberark-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cyberark:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-cyberark.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-cyberark-warm.yml b/salt/curator/files/action/so-cyberark-warm.yml index 3e8ef7ec2..14fa3dff6 100644 --- a/salt/curator/files/action/so-cyberark-warm.yml +++ b/salt/curator/files/action/so-cyberark-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cyberark:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-cyberark.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-cylance-close.yml b/salt/curator/files/action/so-cylance-close.yml index 064c5f02a..2368d37d7 100644 --- a/salt/curator/files/action/so-cylance-close.yml +++ b/salt/curator/files/action/so-cylance-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-cylance:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-cylance.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-cylance-delete.yml b/salt/curator/files/action/so-cylance-delete.yml index 42df1877b..0676057d5 100644 --- a/salt/curator/files/action/so-cylance-delete.yml +++ b/salt/curator/files/action/so-cylance-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cylance:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-cylance.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-cylance-warm.yml b/salt/curator/files/action/so-cylance-warm.yml index 97e94c49e..6a0f7ca65 100644 --- a/salt/curator/files/action/so-cylance-warm.yml +++ b/salt/curator/files/action/so-cylance-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cylance:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-cylance.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-elasticsearch-close.yml b/salt/curator/files/action/so-elasticsearch-close.yml index 517972ea6..25e6f0d10 100644 --- a/salt/curator/files/action/so-elasticsearch-close.yml +++ b/salt/curator/files/action/so-elasticsearch-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-elasticsearch:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-elasticsearch.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-elasticsearch-delete.yml b/salt/curator/files/action/so-elasticsearch-delete.yml index 805d86c85..17ac1c77b 100644 --- a/salt/curator/files/action/so-elasticsearch-delete.yml +++ b/salt/curator/files/action/so-elasticsearch-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-elasticsearch:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-elasticsearch.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-elasticsearch-warm.yml b/salt/curator/files/action/so-elasticsearch-warm.yml index dc844ccba..3d3f3cfa6 100644 --- a/salt/curator/files/action/so-elasticsearch-warm.yml +++ b/salt/curator/files/action/so-elasticsearch-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-elasticsearch:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-elasticsearch.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-endgame-close.yml b/salt/curator/files/action/so-endgame-close.yml index 92de8afe8..a748838bf 100644 --- a/salt/curator/files/action/so-endgame-close.yml +++ b/salt/curator/files/action/so-endgame-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-endgame:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-endgame.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-endgame-delete.yml b/salt/curator/files/action/so-endgame-delete.yml index bd208da1d..efd43fc86 100644 --- a/salt/curator/files/action/so-endgame-delete.yml +++ b/salt/curator/files/action/so-endgame-delete.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-endgame:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-endgame.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-endgame-warm.yml b/salt/curator/files/action/so-endgame-warm.yml index 5c9cd8268..f90fcacea 100644 --- a/salt/curator/files/action/so-endgame-warm.yml +++ b/salt/curator/files/action/so-endgame-warm.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-endgame:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-endgame.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-f5-close.yml b/salt/curator/files/action/so-f5-close.yml index a7d3f14c7..ed9d2025d 100644 --- a/salt/curator/files/action/so-f5-close.yml +++ b/salt/curator/files/action/so-f5-close.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-f5:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-f5.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-f5-delete.yml b/salt/curator/files/action/so-f5-delete.yml index e696922e5..0679a50bb 100644 --- a/salt/curator/files/action/so-f5-delete.yml +++ b/salt/curator/files/action/so-f5-delete.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-f5:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-f5.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-f5-warm.yml b/salt/curator/files/action/so-f5-warm.yml index ed3453321..51f430b88 100644 --- a/salt/curator/files/action/so-f5-warm.yml +++ b/salt/curator/files/action/so-f5-warm.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-f5:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-f5.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-firewall-close.yml b/salt/curator/files/action/so-firewall-close.yml index dccf7068b..f153e0547 100644 --- a/salt/curator/files/action/so-firewall-close.yml +++ b/salt/curator/files/action/so-firewall-close.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-firewall:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-firewall.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-firewall-delete.yml b/salt/curator/files/action/so-firewall-delete.yml index fff3315b9..99046c6fe 100644 --- a/salt/curator/files/action/so-firewall-delete.yml +++ b/salt/curator/files/action/so-firewall-delete.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-firewall:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-firewall.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-firewall-warm.yml b/salt/curator/files/action/so-firewall-warm.yml index a882f34ab..e68067d8a 100644 --- a/salt/curator/files/action/so-firewall-warm.yml +++ b/salt/curator/files/action/so-firewall-warm.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-firewall:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-firewall.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-fortinet-close.yml b/salt/curator/files/action/so-fortinet-close.yml index 7218e83a2..e001efc6d 100644 --- a/salt/curator/files/action/so-fortinet-close.yml +++ b/salt/curator/files/action/so-fortinet-close.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-fortinet:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-fortinet.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-fortinet-delete.yml b/salt/curator/files/action/so-fortinet-delete.yml index 707ef5da5..1299baf89 100644 --- a/salt/curator/files/action/so-fortinet-delete.yml +++ b/salt/curator/files/action/so-fortinet-delete.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-fortinet:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-fortinet.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-fortinet-warm.yml b/salt/curator/files/action/so-fortinet-warm.yml index 4b0959022..b419c073c 100644 --- a/salt/curator/files/action/so-fortinet-warm.yml +++ b/salt/curator/files/action/so-fortinet-warm.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-fortinet:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-fortinet.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-gcp-close.yml b/salt/curator/files/action/so-gcp-close.yml index 1541f9076..1dbd29d5c 100644 --- a/salt/curator/files/action/so-gcp-close.yml +++ b/salt/curator/files/action/so-gcp-close.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-gcp:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-gcp.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-gcp-delete.yml b/salt/curator/files/action/so-gcp-delete.yml index d7d463332..4486161a4 100644 --- a/salt/curator/files/action/so-gcp-delete.yml +++ b/salt/curator/files/action/so-gcp-delete.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-gcp:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-gcp.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-gcp-warm.yml b/salt/curator/files/action/so-gcp-warm.yml index 52ec004f7..cf76c3ec6 100644 --- a/salt/curator/files/action/so-gcp-warm.yml +++ b/salt/curator/files/action/so-gcp-warm.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-gcp:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-gcp.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-google_workspace-close.yml b/salt/curator/files/action/so-google_workspace-close.yml index 00b44e1e1..0de4162ab 100644 --- a/salt/curator/files/action/so-google_workspace-close.yml +++ b/salt/curator/files/action/so-google_workspace-close.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-google_workspace:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-google_workspace.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-google_workspace-delete.yml b/salt/curator/files/action/so-google_workspace-delete.yml index ca8a7571a..6ab479909 100644 --- a/salt/curator/files/action/so-google_workspace-delete.yml +++ b/salt/curator/files/action/so-google_workspace-delete.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-google_workspace:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-google_workspace.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-google_workspace-warm.yml b/salt/curator/files/action/so-google_workspace-warm.yml index 94f9d8bd5..535095275 100644 --- a/salt/curator/files/action/so-google_workspace-warm.yml +++ b/salt/curator/files/action/so-google_workspace-warm.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-google_workspace:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-google_workspace.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-ids-close.yml b/salt/curator/files/action/so-ids-close.yml index e7ea3f073..de1e601b9 100644 --- a/salt/curator/files/action/so-ids-close.yml +++ b/salt/curator/files/action/so-ids-close.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-ids:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-ids.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-ids-delete.yml b/salt/curator/files/action/so-ids-delete.yml index f5748d08d..75419b365 100644 --- a/salt/curator/files/action/so-ids-delete.yml +++ b/salt/curator/files/action/so-ids-delete.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-ids:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-ids.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-ids-warm.yml b/salt/curator/files/action/so-ids-warm.yml index e79621e72..c079b1932 100644 --- a/salt/curator/files/action/so-ids-warm.yml +++ b/salt/curator/files/action/so-ids-warm.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-ids:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-ids.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-imperva-close.yml b/salt/curator/files/action/so-imperva-close.yml index 74b5c47e6..c219abc0b 100644 --- a/salt/curator/files/action/so-imperva-close.yml +++ b/salt/curator/files/action/so-imperva-close.yml @@ -4,7 +4,7 @@ # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-imperva:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-imperva.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-imperva-delete.yml b/salt/curator/files/action/so-imperva-delete.yml index 08e781e95..82307b7ca 100644 --- a/salt/curator/files/action/so-imperva-delete.yml +++ b/salt/curator/files/action/so-imperva-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-imperva:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-imperva.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-imperva-warm.yml b/salt/curator/files/action/so-imperva-warm.yml index 220ef1fe6..5586abac8 100644 --- a/salt/curator/files/action/so-imperva-warm.yml +++ b/salt/curator/files/action/so-imperva-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-imperva:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-imperva.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-import-close.yml b/salt/curator/files/action/so-import-close.yml index e851798e8..d6c4d768c 100644 --- a/salt/curator/files/action/so-import-close.yml +++ b/salt/curator/files/action/so-import-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-import:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-import.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-import-delete.yml b/salt/curator/files/action/so-import-delete.yml index a3ba76435..7be96b2d4 100644 --- a/salt/curator/files/action/so-import-delete.yml +++ b/salt/curator/files/action/so-import-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-import:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-import.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-import-warm.yml b/salt/curator/files/action/so-import-warm.yml index b29bfe96b..4d17d1811 100644 --- a/salt/curator/files/action/so-import-warm.yml +++ b/salt/curator/files/action/so-import-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-import:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-import.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-infoblox-close.yml b/salt/curator/files/action/so-infoblox-close.yml index 8c50d291f..d5a68bedc 100644 --- a/salt/curator/files/action/so-infoblox-close.yml +++ b/salt/curator/files/action/so-infoblox-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-infoblox:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-infoblox.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-infoblox-delete.yml b/salt/curator/files/action/so-infoblox-delete.yml index e231af0b5..2d9064c9b 100644 --- a/salt/curator/files/action/so-infoblox-delete.yml +++ b/salt/curator/files/action/so-infoblox-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-infoblox:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-infoblox.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-infoblox-warm.yml b/salt/curator/files/action/so-infoblox-warm.yml index 712a96c6b..86b2e0c52 100644 --- a/salt/curator/files/action/so-infoblox-warm.yml +++ b/salt/curator/files/action/so-infoblox-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-infoblox:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-infoblox.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-juniper-close.yml b/salt/curator/files/action/so-juniper-close.yml index 266e884df..268982cd5 100644 --- a/salt/curator/files/action/so-juniper-close.yml +++ b/salt/curator/files/action/so-juniper-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-juniper:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-juniper.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-juniper-delete.yml b/salt/curator/files/action/so-juniper-delete.yml index bbe59cf5e..0f00e0fd1 100644 --- a/salt/curator/files/action/so-juniper-delete.yml +++ b/salt/curator/files/action/so-juniper-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-juniper:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-juniper.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-juniper-warm.yml b/salt/curator/files/action/so-juniper-warm.yml index a4608f0bf..8f6366697 100644 --- a/salt/curator/files/action/so-juniper-warm.yml +++ b/salt/curator/files/action/so-juniper-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-aws:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-aws.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-kibana-close.yml b/salt/curator/files/action/so-kibana-close.yml index 47bc752df..04b4fbf66 100644 --- a/salt/curator/files/action/so-kibana-close.yml +++ b/salt/curator/files/action/so-kibana-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-kibana:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-kibana.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-kibana-delete.yml b/salt/curator/files/action/so-kibana-delete.yml index c1da5997c..661932445 100644 --- a/salt/curator/files/action/so-kibana-delete.yml +++ b/salt/curator/files/action/so-kibana-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-kibana:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-kibana.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-kibana-warm.yml b/salt/curator/files/action/so-kibana-warm.yml index d1c2f55eb..e224fe5b1 100644 --- a/salt/curator/files/action/so-kibana-warm.yml +++ b/salt/curator/files/action/so-kibana-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-kibana:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-kibana.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-kratos-close.yml b/salt/curator/files/action/so-kratos-close.yml index b12bec607..161184416 100644 --- a/salt/curator/files/action/so-kratos-close.yml +++ b/salt/curator/files/action/so-kratos-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-kratos:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-kratos.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-kratos-delete.yml b/salt/curator/files/action/so-kratos-delete.yml index 86d457d32..96153e194 100644 --- a/salt/curator/files/action/so-kratos-delete.yml +++ b/salt/curator/files/action/so-kratos-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-kratos:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-kratos.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-kratos-warm.yml b/salt/curator/files/action/so-kratos-warm.yml index 509792f4c..360cc1b7f 100644 --- a/salt/curator/files/action/so-kratos-warm.yml +++ b/salt/curator/files/action/so-kratos-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-kratos:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-kratos.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-logstash-close.yml b/salt/curator/files/action/so-logstash-close.yml index e91ce0fd9..157053e71 100644 --- a/salt/curator/files/action/so-logstash-close.yml +++ b/salt/curator/files/action/so-logstash-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-logstash:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-logstash.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-logstash-delete.yml b/salt/curator/files/action/so-logstash-delete.yml index 3aa73874d..ef3934e0f 100644 --- a/salt/curator/files/action/so-logstash-delete.yml +++ b/salt/curator/files/action/so-logstash-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-logstash:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-logstash.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-logstash-warm.yml b/salt/curator/files/action/so-logstash-warm.yml index 8865026b0..141cf70ed 100644 --- a/salt/curator/files/action/so-logstash-warm.yml +++ b/salt/curator/files/action/so-logstash-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-logstash:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-logstash.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-microsoft-close.yml b/salt/curator/files/action/so-microsoft-close.yml index 0401883f0..77bd0492d 100644 --- a/salt/curator/files/action/so-microsoft-close.yml +++ b/salt/curator/files/action/so-microsoft-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-microsoft:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-microsoft.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-microsoft-delete.yml b/salt/curator/files/action/so-microsoft-delete.yml index 35aa95173..ccea10afd 100644 --- a/salt/curator/files/action/so-microsoft-delete.yml +++ b/salt/curator/files/action/so-microsoft-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-microsoft:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-microsoft.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-microsoft-warm.yml b/salt/curator/files/action/so-microsoft-warm.yml index f702bbbe9..76cd09f1e 100644 --- a/salt/curator/files/action/so-microsoft-warm.yml +++ b/salt/curator/files/action/so-microsoft-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-microsoft:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-microsoft.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-misp-close.yml b/salt/curator/files/action/so-misp-close.yml index c32b3992a..396f10b1e 100644 --- a/salt/curator/files/action/so-misp-close.yml +++ b/salt/curator/files/action/so-misp-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-misp:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-misp.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-misp-delete.yml b/salt/curator/files/action/so-misp-delete.yml index 7e432c969..f3c3c5932 100644 --- a/salt/curator/files/action/so-misp-delete.yml +++ b/salt/curator/files/action/so-misp-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-misp:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-misp.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-misp-warm.yml b/salt/curator/files/action/so-misp-warm.yml index be0447c7e..5986e1f11 100644 --- a/salt/curator/files/action/so-misp-warm.yml +++ b/salt/curator/files/action/so-misp-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-misp:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-misp.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-netflow-close.yml b/salt/curator/files/action/so-netflow-close.yml index 1069aebb4..2c32d9d32 100644 --- a/salt/curator/files/action/so-netflow-close.yml +++ b/salt/curator/files/action/so-netflow-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-netflow:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-netflow.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-netflow-delete.yml b/salt/curator/files/action/so-netflow-delete.yml index f697daf33..f2cf3aec6 100644 --- a/salt/curator/files/action/so-netflow-delete.yml +++ b/salt/curator/files/action/so-netflow-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-netflow:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-netflow.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-netflow-warm.yml b/salt/curator/files/action/so-netflow-warm.yml index 4d0dcf1ff..974629e85 100644 --- a/salt/curator/files/action/so-netflow-warm.yml +++ b/salt/curator/files/action/so-netflow-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-netflow:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-netflow.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-netscout-close.yml b/salt/curator/files/action/so-netscout-close.yml index d5ebfe41d..ebc56788f 100644 --- a/salt/curator/files/action/so-netscout-close.yml +++ b/salt/curator/files/action/so-netscout-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-netscout:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-netscout.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-netscout-delete.yml b/salt/curator/files/action/so-netscout-delete.yml index 46ea94c76..3d359e7c6 100644 --- a/salt/curator/files/action/so-netscout-delete.yml +++ b/salt/curator/files/action/so-netscout-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-netscout:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-netscout.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-netscout-warm.yml b/salt/curator/files/action/so-netscout-warm.yml index 9b568ca36..76170ddb7 100644 --- a/salt/curator/files/action/so-netscout-warm.yml +++ b/salt/curator/files/action/so-netscout-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-netscout:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-netscout.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-o365-close.yml b/salt/curator/files/action/so-o365-close.yml index db0202e07..56ea536d2 100644 --- a/salt/curator/files/action/so-o365-close.yml +++ b/salt/curator/files/action/so-o365-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-o365:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-o365.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-o365-delete.yml b/salt/curator/files/action/so-o365-delete.yml index 350808e3d..9decade30 100644 --- a/salt/curator/files/action/so-o365-delete.yml +++ b/salt/curator/files/action/so-o365-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-o365:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-o365.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-o365-warm.yml b/salt/curator/files/action/so-o365-warm.yml index 60f9b7364..9d06cc41d 100644 --- a/salt/curator/files/action/so-o365-warm.yml +++ b/salt/curator/files/action/so-o365-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-o365:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-o365.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-okta-close.yml b/salt/curator/files/action/so-okta-close.yml index ddbb4852f..40190d55a 100644 --- a/salt/curator/files/action/so-okta-close.yml +++ b/salt/curator/files/action/so-okta-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-okta:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-okta.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-okta-warm.yml b/salt/curator/files/action/so-okta-warm.yml index 31d2bcf41..2b4cae686 100644 --- a/salt/curator/files/action/so-okta-warm.yml +++ b/salt/curator/files/action/so-okta-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-okta:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-okta.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-okta.delete.yml b/salt/curator/files/action/so-okta.delete.yml index 358c387d5..b20cd08ba 100644 --- a/salt/curator/files/action/so-okta.delete.yml +++ b/salt/curator/files/action/so-okta.delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-okta:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-okta.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-osquery-close.yml b/salt/curator/files/action/so-osquery-close.yml index b19f1c26d..94b9bd038 100644 --- a/salt/curator/files/action/so-osquery-close.yml +++ b/salt/curator/files/action/so-osquery-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-osquery:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-osquery.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-osquery-delete.yml b/salt/curator/files/action/so-osquery-delete.yml index 468ab5715..9cac814ea 100644 --- a/salt/curator/files/action/so-osquery-delete.yml +++ b/salt/curator/files/action/so-osquery-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-osquery:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-osquery.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-osquery-warm.yml b/salt/curator/files/action/so-osquery-warm.yml index 24cc30848..ffc9ffbe5 100644 --- a/salt/curator/files/action/so-osquery-warm.yml +++ b/salt/curator/files/action/so-osquery-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-osquery:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-osquery.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-ossec-close.yml b/salt/curator/files/action/so-ossec-close.yml index bd4c3bea0..68bae31bb 100644 --- a/salt/curator/files/action/so-ossec-close.yml +++ b/salt/curator/files/action/so-ossec-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-ossec:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-ossec.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-ossec-delete.yml b/salt/curator/files/action/so-ossec-delete.yml index 4149fd767..9b0570eb3 100644 --- a/salt/curator/files/action/so-ossec-delete.yml +++ b/salt/curator/files/action/so-ossec-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-ossec:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-ossec.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-ossec-warm.yml b/salt/curator/files/action/so-ossec-warm.yml index 6913aa06b..f54f7384f 100644 --- a/salt/curator/files/action/so-ossec-warm.yml +++ b/salt/curator/files/action/so-ossec-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-ossec:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-ossec.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-proofpoint-close.yml b/salt/curator/files/action/so-proofpoint-close.yml index 89bb191d4..b142db9cf 100644 --- a/salt/curator/files/action/so-proofpoint-close.yml +++ b/salt/curator/files/action/so-proofpoint-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-proofpoint:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-proofpoint.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-proofpoint-delete.yml b/salt/curator/files/action/so-proofpoint-delete.yml index aad867ddd..33a32df1b 100644 --- a/salt/curator/files/action/so-proofpoint-delete.yml +++ b/salt/curator/files/action/so-proofpoint-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-proofpoint:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-proofpoint.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-proofpoint-warm.yml b/salt/curator/files/action/so-proofpoint-warm.yml index fd686d728..2ef035564 100644 --- a/salt/curator/files/action/so-proofpoint-warm.yml +++ b/salt/curator/files/action/so-proofpoint-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-proofpoint:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-proofpoint.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-radware-close.yml b/salt/curator/files/action/so-radware-close.yml index dacd1d369..6d75da94a 100644 --- a/salt/curator/files/action/so-radware-close.yml +++ b/salt/curator/files/action/so-radware-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-radware:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-radware.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-radware-delete.yml b/salt/curator/files/action/so-radware-delete.yml index 5793adbe9..a55a9589c 100644 --- a/salt/curator/files/action/so-radware-delete.yml +++ b/salt/curator/files/action/so-radware-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-radware:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-radware.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-radware-warm.yml b/salt/curator/files/action/so-radware-warm.yml index 29859a96a..cb414cbac 100644 --- a/salt/curator/files/action/so-radware-warm.yml +++ b/salt/curator/files/action/so-radware-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-radware:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-radware.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-redis-close.yml b/salt/curator/files/action/so-redis-close.yml index bca8129fc..bb645a1bf 100644 --- a/salt/curator/files/action/so-redis-close.yml +++ b/salt/curator/files/action/so-redis-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-redis:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-redis.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-redis-delete.yml b/salt/curator/files/action/so-redis-delete.yml index 47af44653..eca656080 100644 --- a/salt/curator/files/action/so-redis-delete.yml +++ b/salt/curator/files/action/so-redis-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-redis:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-redis.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-redis-warm.yml b/salt/curator/files/action/so-redis-warm.yml index 38d0ee577..c4df91472 100644 --- a/salt/curator/files/action/so-redis-warm.yml +++ b/salt/curator/files/action/so-redis-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-redis:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-redis.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-snort-close.yml b/salt/curator/files/action/so-snort-close.yml index 7555db52b..5f1b9ca5b 100644 --- a/salt/curator/files/action/so-snort-close.yml +++ b/salt/curator/files/action/so-snort-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-snort:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-snort.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-snort-delete.yml b/salt/curator/files/action/so-snort-delete.yml index 5c70a08fa..e8996b925 100644 --- a/salt/curator/files/action/so-snort-delete.yml +++ b/salt/curator/files/action/so-snort-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-snort:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-snort.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-snort-warm.yml b/salt/curator/files/action/so-snort-warm.yml index 2c95ad699..83dcc886c 100644 --- a/salt/curator/files/action/so-snort-warm.yml +++ b/salt/curator/files/action/so-snort-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-snort:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-snort.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-snyk-close.yml b/salt/curator/files/action/so-snyk-close.yml index cda27ffcf..6d36d7fa3 100644 --- a/salt/curator/files/action/so-snyk-close.yml +++ b/salt/curator/files/action/so-snyk-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-snyk:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-snyk.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-snyk-delete.yml b/salt/curator/files/action/so-snyk-delete.yml index b3e306bcd..fd6ca2327 100644 --- a/salt/curator/files/action/so-snyk-delete.yml +++ b/salt/curator/files/action/so-snyk-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-snyk:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-snyk.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-snyk-warm.yml b/salt/curator/files/action/so-snyk-warm.yml index 01394605d..481889e7d 100644 --- a/salt/curator/files/action/so-snyk-warm.yml +++ b/salt/curator/files/action/so-snyk-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-snyk:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-snyk.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-sonicwall-close.yml b/salt/curator/files/action/so-sonicwall-close.yml index ad5520607..1d2a3f0cd 100644 --- a/salt/curator/files/action/so-sonicwall-close.yml +++ b/salt/curator/files/action/so-sonicwall-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-sonicwall:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-sonicwall.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-sonicwall-delete.yml b/salt/curator/files/action/so-sonicwall-delete.yml index efa598bdb..041ef66e0 100644 --- a/salt/curator/files/action/so-sonicwall-delete.yml +++ b/salt/curator/files/action/so-sonicwall-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-sonicwall:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-sonicwall.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-sonicwall-warm.yml b/salt/curator/files/action/so-sonicwall-warm.yml index 5d9cfbfc4..44e548c02 100644 --- a/salt/curator/files/action/so-sonicwall-warm.yml +++ b/salt/curator/files/action/so-sonicwall-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-sonicwall:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-sonicwall.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-sophos-close.yml b/salt/curator/files/action/so-sophos-close.yml index 0a4cd9c26..fd1cda641 100644 --- a/salt/curator/files/action/so-sophos-close.yml +++ b/salt/curator/files/action/so-sophos-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-sophos:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-sophos.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-sophos-delete.yml b/salt/curator/files/action/so-sophos-delete.yml index 0bcf922a6..43eceee9a 100644 --- a/salt/curator/files/action/so-sophos-delete.yml +++ b/salt/curator/files/action/so-sophos-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-sophos:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-sophos.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-sophos-warm.yml b/salt/curator/files/action/so-sophos-warm.yml index 50874c8ae..8c427feb1 100644 --- a/salt/curator/files/action/so-sophos-warm.yml +++ b/salt/curator/files/action/so-sophos-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-sophos:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-sophos.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-strelka-close.yml b/salt/curator/files/action/so-strelka-close.yml index 1af30fd6c..77478da98 100644 --- a/salt/curator/files/action/so-strelka-close.yml +++ b/salt/curator/files/action/so-strelka-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-strelka:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-strelka.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-strelka-delete.yml b/salt/curator/files/action/so-strelka-delete.yml index c48a80c92..251e51dd7 100644 --- a/salt/curator/files/action/so-strelka-delete.yml +++ b/salt/curator/files/action/so-strelka-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-strelka:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-strelka.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-strelka-warm.yml b/salt/curator/files/action/so-strelka-warm.yml index 641601e7a..42526b350 100644 --- a/salt/curator/files/action/so-strelka-warm.yml +++ b/salt/curator/files/action/so-strelka-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-strelka:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-strelka.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-syslog-close.yml b/salt/curator/files/action/so-syslog-close.yml index d04a7e1ac..821d384f1 100644 --- a/salt/curator/files/action/so-syslog-close.yml +++ b/salt/curator/files/action/so-syslog-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-syslog:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-syslog.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-syslog-delete.yml b/salt/curator/files/action/so-syslog-delete.yml index 5fa7878c8..00d7a3546 100644 --- a/salt/curator/files/action/so-syslog-delete.yml +++ b/salt/curator/files/action/so-syslog-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-syslog:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-syslog.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-syslog-warm.yml b/salt/curator/files/action/so-syslog-warm.yml index e94a1f118..90572f8e5 100644 --- a/salt/curator/files/action/so-syslog-warm.yml +++ b/salt/curator/files/action/so-syslog-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-syslog:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-syslog.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-tomcat-close.yml b/salt/curator/files/action/so-tomcat-close.yml index ac75659a3..922e35cba 100644 --- a/salt/curator/files/action/so-tomcat-close.yml +++ b/salt/curator/files/action/so-tomcat-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-tomcat:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-tomcat.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-tomcat-delete.yml b/salt/curator/files/action/so-tomcat-delete.yml index cf68c0933..45e952424 100644 --- a/salt/curator/files/action/so-tomcat-delete.yml +++ b/salt/curator/files/action/so-tomcat-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-tomcat:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-tomcat.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-tomcat-warm.yml b/salt/curator/files/action/so-tomcat-warm.yml index 0b2772d6c..3306e8107 100644 --- a/salt/curator/files/action/so-tomcat-warm.yml +++ b/salt/curator/files/action/so-tomcat-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-tomcat:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-tomcat.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-zeek-close.yml b/salt/curator/files/action/so-zeek-close.yml index de18b146b..dcf151961 100644 --- a/salt/curator/files/action/so-zeek-close.yml +++ b/salt/curator/files/action/so-zeek-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-zeek:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-zeek.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-zeek-delete.yml b/salt/curator/files/action/so-zeek-delete.yml index bc902fd5c..799554af3 100644 --- a/salt/curator/files/action/so-zeek-delete.yml +++ b/salt/curator/files/action/so-zeek-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-zeek:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-zeek.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-zeek-warm.yml b/salt/curator/files/action/so-zeek-warm.yml index 490e21c12..244619ba7 100644 --- a/salt/curator/files/action/so-zeek-warm.yml +++ b/salt/curator/files/action/so-zeek-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-zeek:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-zeek.warm -%} actions: 1: action: allocation diff --git a/salt/curator/files/action/so-zscaler-close.yml b/salt/curator/files/action/so-zscaler-close.yml index ba1d36029..37c59ff18 100644 --- a/salt/curator/files/action/so-zscaler-close.yml +++ b/salt/curator/files/action/so-zscaler-close.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-zscaler:close') -%} +{%- set cur_close_days = CURATORMERGED.elasticsearch.index_settings.so-zscaler.close -%} actions: 1: action: close diff --git a/salt/curator/files/action/so-zscaler-delete.yml b/salt/curator/files/action/so-zscaler-delete.yml index fe663ba3a..66fa8337e 100644 --- a/salt/curator/files/action/so-zscaler-delete.yml +++ b/salt/curator/files/action/so-zscaler-delete.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-zscaler:delete') -%} +{%- set DELETE_DAYS = CURATORMERGED.elasticsearch.index_settings.so-zscaler.delete -%} actions: 1: action: delete_indices diff --git a/salt/curator/files/action/so-zscaler-warm.yml b/salt/curator/files/action/so-zscaler-warm.yml index c5d20b868..cdebe867a 100644 --- a/salt/curator/files/action/so-zscaler-warm.yml +++ b/salt/curator/files/action/so-zscaler-warm.yml @@ -3,7 +3,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-zscaler:warm') -%} +{%- set WARM_DAYS = CURATORMERGED.elasticsearch.index_settings.so-zscaler.warm -%} actions: 1: action: allocation diff --git a/salt/curator/init.sls b/salt/curator/init.sls index 7c47c23d4..9671020e5 100644 --- a/salt/curator/init.sls +++ b/salt/curator/init.sls @@ -7,6 +7,7 @@ {% if sls in allowed_states %} {% from 'vars/globals.map.jinja' import GLOBALS %} {% from "curator/map.jinja" import CURATOROPTIONS %} +{% from "curator/map.jinja" import CURATORMERGED %} {% set REMOVECURATORCRON = False %} # Curator @@ -45,6 +46,9 @@ actionconfs: - user: 934 - group: 939 - template: jinja + - defaults: + CURATORMERGED: {{ CURATORMERGED }} + curconf: file.managed: diff --git a/salt/curator/map.jinja b/salt/curator/map.jinja index 1fcebf5ad..f049603d9 100644 --- a/salt/curator/map.jinja +++ b/salt/curator/map.jinja @@ -13,3 +13,6 @@ {% do CURATOROPTIONS.update({'start': True}) %} {% do CURATOROPTIONS.update({'status': 'running'}) %} {% endif %} + +{% import 'curator/defaults.yaml' as CURATORDEFAULTS %} +{% set CURATORMERGED = salt['pillar.get']('elasticsearch:index_settings', CURATORDEFAULTS, merge=true) %} diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml index 37eab28a0..f1a5a7dd5 100644 --- a/salt/elasticsearch/defaults.yaml +++ b/salt/elasticsearch/defaults.yaml @@ -9,9 +9,9 @@ elasticsearch: disk: threshold_enabled: true watermark: - low: 85% - high: 90% - flood_stage: 95% + low: 80% + high: 85% + flood_stage: 90% network: host: 0.0.0.0 path: