From c9118699a99e4c459674fb16cee83235b2abfbe7 Mon Sep 17 00:00:00 2001 From: Wes Date: Fri, 10 Feb 2023 15:10:30 +0000 Subject: [PATCH] Add index management lifecycle policy defintion and reference in index template --- salt/elasticsearch/defaults.yaml | 202 +++++++++++++++++++++++++++++++ 1 file changed, 202 insertions(+) diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml index 3d1182255..a0c431881 100644 --- a/salt/elasticsearch/defaults.yaml +++ b/salt/elasticsearch/defaults.yaml @@ -1430,6 +1430,8 @@ elasticsearch: date_detection: false settings: index: + lifecycle: + name: so-elasticsearch-logs mapping: total_fields: limit: 5000 @@ -1498,6 +1500,25 @@ elasticsearch: - common-settings - common-dynamic-mappings priority: 500 + policy: + phases: + hot: + min_age: 0ms + actions: + set_priority: + priority: 100 + rollover: + max_age: 30d + max_primary_shard_size: 50gb + cold: + min_age: 30d + actions: + set_priority: + priority: 0 + delete: + min_age: 365d + actions: + delete: {} so-endgame: index_sorting: False index_template: @@ -2183,6 +2204,8 @@ elasticsearch: date_detection: false settings: index: + lifecycle: + name: so-suricata-logs mapping: total_fields: limit: 5000 @@ -2251,6 +2274,25 @@ elasticsearch: - common-settings - common-dynamic-mappings priority: 500 + policy: + phases: + hot: + min_age: 0ms + actions: + set_priority: + priority: 100 + rollover: + max_age: 30d + max_primary_shard_size: 50gb + cold: + min_age: 30d + actions: + set_priority: + priority: 0 + delete: + min_age: 365d + actions: + delete: {} so-imperva: index_sorting: False index_template: @@ -2351,6 +2393,8 @@ elasticsearch: date_detection: false settings: index: + lifecycle: + name: so-import-logs mapping: total_fields: limit: 5000 @@ -2419,6 +2463,25 @@ elasticsearch: - common-dynamic-mappings - winlog-mappings priority: 500 + policy: + phases: + hot: + min_age: 0ms + actions: + set_priority: + priority: 100 + rollover: + max_age: 30d + max_primary_shard_size: 50gb + cold: + min_age: 30d + actions: + set_priority: + priority: 0 + delete: + min_age: 365d + actions: + delete: {} so-infoblox: index_sorting: False index_template: @@ -2671,6 +2734,25 @@ elasticsearch: - common-settings - common-dynamic-mappings priority: 500 + policy: + phases: + hot: + min_age: 0ms + actions: + set_priority: + priority: 100 + rollover: + max_age: 30d + max_primary_shard_size: 50gb + cold: + min_age: 30d + actions: + set_priority: + priority: 0 + delete: + min_age: 365d + actions: + delete: {} so-kratos: warm: 7 close: 30 @@ -2754,6 +2836,25 @@ elasticsearch: - common-settings - common-dynamic-mappings priority: 500 + policy: + phases: + hot: + min_age: 0ms + actions: + set_priority: + priority: 100 + rollover: + max_age: 30d + max_primary_shard_size: 50gb + cold: + min_age: 30d + actions: + set_priority: + priority: 0 + delete: + min_age: 365d + actions: + delete: {} so-logstash: index_sorting: False index_template: @@ -2770,6 +2871,8 @@ elasticsearch: date_detection: false settings: index: + lifecycle: + name: so-logstash-logs mapping: total_fields: limit: 5000 @@ -2838,6 +2941,25 @@ elasticsearch: - common-settings - common-dynamic-mappings priority: 500 + policy: + phases: + hot: + min_age: 0ms + actions: + set_priority: + priority: 100 + rollover: + max_age: 30d + max_primary_shard_size: 50gb + cold: + min_age: 30d + actions: + set_priority: + priority: 0 + delete: + min_age: 365d + actions: + delete: {} so-microsoft: index_sorting: False index_template: @@ -3691,6 +3813,8 @@ elasticsearch: date_detection: false settings: index: + lifecycle: + name: so-redis-logs mapping: total_fields: limit: 5000 @@ -3759,6 +3883,25 @@ elasticsearch: - common-settings - common-dynamic-mappings priority: 500 + policy: + phases: + hot: + min_age: 0ms + actions: + set_priority: + priority: 100 + rollover: + max_age: 30d + max_primary_shard_size: 50gb + cold: + min_age: 30d + actions: + set_priority: + priority: 0 + delete: + min_age: 365d + actions: + delete: {} so-snort: index_sorting: False index_template: @@ -4262,6 +4405,25 @@ elasticsearch: - common-settings - common-dynamic-mappings priority: 500 + policy: + phases: + hot: + min_age: 0ms + actions: + set_priority: + priority: 100 + rollover: + max_age: 30d + max_primary_shard_size: 50gb + cold: + min_age: 30d + actions: + set_priority: + priority: 0 + delete: + min_age: 365d + actions: + delete: {} so-syslog: index_sorting: False index_template: @@ -4347,6 +4509,25 @@ elasticsearch: - common-settings - common-dynamic-mappings priority: 500 + policy: + phases: + hot: + min_age: 0ms + actions: + set_priority: + priority: 100 + rollover: + max_age: 30d + max_primary_shard_size: 50gb + cold: + min_age: 30d + actions: + set_priority: + priority: 0 + delete: + min_age: 365d + actions: + delete: {} so-tomcat: index_sorting: False index_template: @@ -4447,6 +4628,8 @@ elasticsearch: date_detection: false settings: index: + lifecycle: + name: so-zeek-logs mapping: total_fields: limit: 5000 @@ -4517,6 +4700,25 @@ elasticsearch: - common-settings - common-dynamic-mappings priority: 500 + policy: + phases: + hot: + min_age: 0ms + actions: + set_priority: + priority: 100 + rollover: + max_age: 30d + max_primary_shard_size: 50gb + cold: + min_age: 30d + actions: + set_priority: + priority: 0 + delete: + min_age: 365d + actions: + delete: {} so-zscaler: index_sorting: False index_template: