mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-21 08:23:08 +01:00
Add index management lifecycle policy defintion and reference in index template
This commit is contained in:
Wes
@@ -1430,6 +1430,8 @@ elasticsearch:
|
||||
date_detection: false
|
||||
settings:
|
||||
index:
|
||||
lifecycle:
|
||||
name: so-elasticsearch-logs
|
||||
mapping:
|
||||
total_fields:
|
||||
limit: 5000
|
||||
@@ -1498,6 +1500,25 @@ elasticsearch:
|
||||
- common-settings
|
||||
- common-dynamic-mappings
|
||||
priority: 500
|
||||
policy:
|
||||
phases:
|
||||
hot:
|
||||
min_age: 0ms
|
||||
actions:
|
||||
set_priority:
|
||||
priority: 100
|
||||
rollover:
|
||||
max_age: 30d
|
||||
max_primary_shard_size: 50gb
|
||||
cold:
|
||||
min_age: 30d
|
||||
actions:
|
||||
set_priority:
|
||||
priority: 0
|
||||
delete:
|
||||
min_age: 365d
|
||||
actions:
|
||||
delete: {}
|
||||
so-endgame:
|
||||
index_sorting: False
|
||||
index_template:
|
||||
@@ -2183,6 +2204,8 @@ elasticsearch:
|
||||
date_detection: false
|
||||
settings:
|
||||
index:
|
||||
lifecycle:
|
||||
name: so-suricata-logs
|
||||
mapping:
|
||||
total_fields:
|
||||
limit: 5000
|
||||
@@ -2251,6 +2274,25 @@ elasticsearch:
|
||||
- common-settings
|
||||
- common-dynamic-mappings
|
||||
priority: 500
|
||||
policy:
|
||||
phases:
|
||||
hot:
|
||||
min_age: 0ms
|
||||
actions:
|
||||
set_priority:
|
||||
priority: 100
|
||||
rollover:
|
||||
max_age: 30d
|
||||
max_primary_shard_size: 50gb
|
||||
cold:
|
||||
min_age: 30d
|
||||
actions:
|
||||
set_priority:
|
||||
priority: 0
|
||||
delete:
|
||||
min_age: 365d
|
||||
actions:
|
||||
delete: {}
|
||||
so-imperva:
|
||||
index_sorting: False
|
||||
index_template:
|
||||
@@ -2351,6 +2393,8 @@ elasticsearch:
|
||||
date_detection: false
|
||||
settings:
|
||||
index:
|
||||
lifecycle:
|
||||
name: so-import-logs
|
||||
mapping:
|
||||
total_fields:
|
||||
limit: 5000
|
||||
@@ -2419,6 +2463,25 @@ elasticsearch:
|
||||
- common-dynamic-mappings
|
||||
- winlog-mappings
|
||||
priority: 500
|
||||
policy:
|
||||
phases:
|
||||
hot:
|
||||
min_age: 0ms
|
||||
actions:
|
||||
set_priority:
|
||||
priority: 100
|
||||
rollover:
|
||||
max_age: 30d
|
||||
max_primary_shard_size: 50gb
|
||||
cold:
|
||||
min_age: 30d
|
||||
actions:
|
||||
set_priority:
|
||||
priority: 0
|
||||
delete:
|
||||
min_age: 365d
|
||||
actions:
|
||||
delete: {}
|
||||
so-infoblox:
|
||||
index_sorting: False
|
||||
index_template:
|
||||
@@ -2671,6 +2734,25 @@ elasticsearch:
|
||||
- common-settings
|
||||
- common-dynamic-mappings
|
||||
priority: 500
|
||||
policy:
|
||||
phases:
|
||||
hot:
|
||||
min_age: 0ms
|
||||
actions:
|
||||
set_priority:
|
||||
priority: 100
|
||||
rollover:
|
||||
max_age: 30d
|
||||
max_primary_shard_size: 50gb
|
||||
cold:
|
||||
min_age: 30d
|
||||
actions:
|
||||
set_priority:
|
||||
priority: 0
|
||||
delete:
|
||||
min_age: 365d
|
||||
actions:
|
||||
delete: {}
|
||||
so-kratos:
|
||||
warm: 7
|
||||
close: 30
|
||||
@@ -2754,6 +2836,25 @@ elasticsearch:
|
||||
- common-settings
|
||||
- common-dynamic-mappings
|
||||
priority: 500
|
||||
policy:
|
||||
phases:
|
||||
hot:
|
||||
min_age: 0ms
|
||||
actions:
|
||||
set_priority:
|
||||
priority: 100
|
||||
rollover:
|
||||
max_age: 30d
|
||||
max_primary_shard_size: 50gb
|
||||
cold:
|
||||
min_age: 30d
|
||||
actions:
|
||||
set_priority:
|
||||
priority: 0
|
||||
delete:
|
||||
min_age: 365d
|
||||
actions:
|
||||
delete: {}
|
||||
so-logstash:
|
||||
index_sorting: False
|
||||
index_template:
|
||||
@@ -2770,6 +2871,8 @@ elasticsearch:
|
||||
date_detection: false
|
||||
settings:
|
||||
index:
|
||||
lifecycle:
|
||||
name: so-logstash-logs
|
||||
mapping:
|
||||
total_fields:
|
||||
limit: 5000
|
||||
@@ -2838,6 +2941,25 @@ elasticsearch:
|
||||
- common-settings
|
||||
- common-dynamic-mappings
|
||||
priority: 500
|
||||
policy:
|
||||
phases:
|
||||
hot:
|
||||
min_age: 0ms
|
||||
actions:
|
||||
set_priority:
|
||||
priority: 100
|
||||
rollover:
|
||||
max_age: 30d
|
||||
max_primary_shard_size: 50gb
|
||||
cold:
|
||||
min_age: 30d
|
||||
actions:
|
||||
set_priority:
|
||||
priority: 0
|
||||
delete:
|
||||
min_age: 365d
|
||||
actions:
|
||||
delete: {}
|
||||
so-microsoft:
|
||||
index_sorting: False
|
||||
index_template:
|
||||
@@ -3691,6 +3813,8 @@ elasticsearch:
|
||||
date_detection: false
|
||||
settings:
|
||||
index:
|
||||
lifecycle:
|
||||
name: so-redis-logs
|
||||
mapping:
|
||||
total_fields:
|
||||
limit: 5000
|
||||
@@ -3759,6 +3883,25 @@ elasticsearch:
|
||||
- common-settings
|
||||
- common-dynamic-mappings
|
||||
priority: 500
|
||||
policy:
|
||||
phases:
|
||||
hot:
|
||||
min_age: 0ms
|
||||
actions:
|
||||
set_priority:
|
||||
priority: 100
|
||||
rollover:
|
||||
max_age: 30d
|
||||
max_primary_shard_size: 50gb
|
||||
cold:
|
||||
min_age: 30d
|
||||
actions:
|
||||
set_priority:
|
||||
priority: 0
|
||||
delete:
|
||||
min_age: 365d
|
||||
actions:
|
||||
delete: {}
|
||||
so-snort:
|
||||
index_sorting: False
|
||||
index_template:
|
||||
@@ -4262,6 +4405,25 @@ elasticsearch:
|
||||
- common-settings
|
||||
- common-dynamic-mappings
|
||||
priority: 500
|
||||
policy:
|
||||
phases:
|
||||
hot:
|
||||
min_age: 0ms
|
||||
actions:
|
||||
set_priority:
|
||||
priority: 100
|
||||
rollover:
|
||||
max_age: 30d
|
||||
max_primary_shard_size: 50gb
|
||||
cold:
|
||||
min_age: 30d
|
||||
actions:
|
||||
set_priority:
|
||||
priority: 0
|
||||
delete:
|
||||
min_age: 365d
|
||||
actions:
|
||||
delete: {}
|
||||
so-syslog:
|
||||
index_sorting: False
|
||||
index_template:
|
||||
@@ -4347,6 +4509,25 @@ elasticsearch:
|
||||
- common-settings
|
||||
- common-dynamic-mappings
|
||||
priority: 500
|
||||
policy:
|
||||
phases:
|
||||
hot:
|
||||
min_age: 0ms
|
||||
actions:
|
||||
set_priority:
|
||||
priority: 100
|
||||
rollover:
|
||||
max_age: 30d
|
||||
max_primary_shard_size: 50gb
|
||||
cold:
|
||||
min_age: 30d
|
||||
actions:
|
||||
set_priority:
|
||||
priority: 0
|
||||
delete:
|
||||
min_age: 365d
|
||||
actions:
|
||||
delete: {}
|
||||
so-tomcat:
|
||||
index_sorting: False
|
||||
index_template:
|
||||
@@ -4447,6 +4628,8 @@ elasticsearch:
|
||||
date_detection: false
|
||||
settings:
|
||||
index:
|
||||
lifecycle:
|
||||
name: so-zeek-logs
|
||||
mapping:
|
||||
total_fields:
|
||||
limit: 5000
|
||||
@@ -4517,6 +4700,25 @@ elasticsearch:
|
||||
- common-settings
|
||||
- common-dynamic-mappings
|
||||
priority: 500
|
||||
policy:
|
||||
phases:
|
||||
hot:
|
||||
min_age: 0ms
|
||||
actions:
|
||||
set_priority:
|
||||
priority: 100
|
||||
rollover:
|
||||
max_age: 30d
|
||||
max_primary_shard_size: 50gb
|
||||
cold:
|
||||
min_age: 30d
|
||||
actions:
|
||||
set_priority:
|
||||
priority: 0
|
||||
delete:
|
||||
min_age: 365d
|
||||
actions:
|
||||
delete: {}
|
||||
so-zscaler:
|
||||
index_sorting: False
|
||||
index_template:
|
||||
|
||||
Reference in New Issue
Block a user