CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-21 08:23:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add index management lifecycle policy defintion and reference in index template

Browse Source
This commit is contained in:
Wes
2023-02-10 15:10:30 +00:00
parent d17cf89c68
commit c9118699a9
1 changed files with 202 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

202
salt/elasticsearch/defaults.yaml
View File

@@ -1430,6 +1430,8 @@ elasticsearch:
date_detection: false date_detection: false
settings: settings:
index: index:
lifecycle:
name: so-elasticsearch-logs
mapping: mapping:
total_fields: total_fields:
limit: 5000 limit: 5000
@@ -1498,6 +1500,25 @@ elasticsearch:
- common-settings - common-settings
- common-dynamic-mappings - common-dynamic-mappings
priority: 500 priority: 500
policy:
phases:
hot:
min_age: 0ms
actions:
set_priority:
priority: 100
rollover:
max_age: 30d
max_primary_shard_size: 50gb
cold:
min_age: 30d
actions:
set_priority:
priority: 0
delete:
min_age: 365d
actions:
delete: {}
so-endgame: so-endgame:
index_sorting: False index_sorting: False
index_template: index_template:
@@ -2183,6 +2204,8 @@ elasticsearch:
date_detection: false date_detection: false
settings: settings:
index: index:
lifecycle:
name: so-suricata-logs
mapping: mapping:
total_fields: total_fields:
limit: 5000 limit: 5000
@@ -2251,6 +2274,25 @@ elasticsearch:
- common-settings - common-settings
- common-dynamic-mappings - common-dynamic-mappings
priority: 500 priority: 500
policy:
phases:
hot:
min_age: 0ms
actions:
set_priority:
priority: 100
rollover:
max_age: 30d
max_primary_shard_size: 50gb
cold:
min_age: 30d
actions:
set_priority:
priority: 0
delete:
min_age: 365d
actions:
delete: {}
so-imperva: so-imperva:
index_sorting: False index_sorting: False
index_template: index_template:
@@ -2351,6 +2393,8 @@ elasticsearch:
date_detection: false date_detection: false
settings: settings:
index: index:
lifecycle:
name: so-import-logs
mapping: mapping:
total_fields: total_fields:
limit: 5000 limit: 5000
@@ -2419,6 +2463,25 @@ elasticsearch:
- common-dynamic-mappings - common-dynamic-mappings
- winlog-mappings - winlog-mappings
priority: 500 priority: 500
policy:
phases:
hot:
min_age: 0ms
actions:
set_priority:
priority: 100
rollover:
max_age: 30d
max_primary_shard_size: 50gb
cold:
min_age: 30d
actions:
set_priority:
priority: 0
delete:
min_age: 365d
actions:
delete: {}
so-infoblox: so-infoblox:
index_sorting: False index_sorting: False
index_template: index_template:
@@ -2671,6 +2734,25 @@ elasticsearch:
- common-settings - common-settings
- common-dynamic-mappings - common-dynamic-mappings
priority: 500 priority: 500
policy:
phases:
hot:
min_age: 0ms
actions:
set_priority:
priority: 100
rollover:
max_age: 30d
max_primary_shard_size: 50gb
cold:
min_age: 30d
actions:
set_priority:
priority: 0
delete:
min_age: 365d
actions:
delete: {}
so-kratos: so-kratos:
warm: 7 warm: 7
close: 30 close: 30
@@ -2754,6 +2836,25 @@ elasticsearch:
- common-settings - common-settings
- common-dynamic-mappings - common-dynamic-mappings
priority: 500 priority: 500
policy:
phases:
hot:
min_age: 0ms
actions:
set_priority:
priority: 100
rollover:
max_age: 30d
max_primary_shard_size: 50gb
cold:
min_age: 30d
actions:
set_priority:
priority: 0
delete:
min_age: 365d
actions:
delete: {}
so-logstash: so-logstash:
index_sorting: False index_sorting: False
index_template: index_template:
@@ -2770,6 +2871,8 @@ elasticsearch:
date_detection: false date_detection: false
settings: settings:
index: index:
lifecycle:
name: so-logstash-logs
mapping: mapping:
total_fields: total_fields:
limit: 5000 limit: 5000
@@ -2838,6 +2941,25 @@ elasticsearch:
- common-settings - common-settings
- common-dynamic-mappings - common-dynamic-mappings
priority: 500 priority: 500
policy:
phases:
hot:
min_age: 0ms
actions:
set_priority:
priority: 100
rollover:
max_age: 30d
max_primary_shard_size: 50gb
cold:
min_age: 30d
actions:
set_priority:
priority: 0
delete:
min_age: 365d
actions:
delete: {}
so-microsoft: so-microsoft:
index_sorting: False index_sorting: False
index_template: index_template:
@@ -3691,6 +3813,8 @@ elasticsearch:
date_detection: false date_detection: false
settings: settings:
index: index:
lifecycle:
name: so-redis-logs
mapping: mapping:
total_fields: total_fields:
limit: 5000 limit: 5000
@@ -3759,6 +3883,25 @@ elasticsearch:
- common-settings - common-settings
- common-dynamic-mappings - common-dynamic-mappings
priority: 500 priority: 500
policy:
phases:
hot:
min_age: 0ms
actions:
set_priority:
priority: 100
rollover:
max_age: 30d
max_primary_shard_size: 50gb
cold:
min_age: 30d
actions:
set_priority:
priority: 0
delete:
min_age: 365d
actions:
delete: {}
so-snort: so-snort:
index_sorting: False index_sorting: False
index_template: index_template:
@@ -4262,6 +4405,25 @@ elasticsearch:
- common-settings - common-settings
- common-dynamic-mappings - common-dynamic-mappings
priority: 500 priority: 500
policy:
phases:
hot:
min_age: 0ms
actions:
set_priority:
priority: 100
rollover:
max_age: 30d
max_primary_shard_size: 50gb
cold:
min_age: 30d
actions:
set_priority:
priority: 0
delete:
min_age: 365d
actions:
delete: {}
so-syslog: so-syslog:
index_sorting: False index_sorting: False
index_template: index_template:
@@ -4347,6 +4509,25 @@ elasticsearch:
- common-settings - common-settings
- common-dynamic-mappings - common-dynamic-mappings
priority: 500 priority: 500
policy:
phases:
hot:
min_age: 0ms
actions:
set_priority:
priority: 100
rollover:
max_age: 30d
max_primary_shard_size: 50gb
cold:
min_age: 30d
actions:
set_priority:
priority: 0
delete:
min_age: 365d
actions:
delete: {}
so-tomcat: so-tomcat:
index_sorting: False index_sorting: False
index_template: index_template:
@@ -4447,6 +4628,8 @@ elasticsearch:
date_detection: false date_detection: false
settings: settings:
index: index:
lifecycle:
name: so-zeek-logs
mapping: mapping:
total_fields: total_fields:
limit: 5000 limit: 5000
@@ -4517,6 +4700,25 @@ elasticsearch:
- common-settings - common-settings
- common-dynamic-mappings - common-dynamic-mappings
priority: 500 priority: 500
policy:
phases:
hot:
min_age: 0ms
actions:
set_priority:
priority: 100
rollover:
max_age: 30d
max_primary_shard_size: 50gb
cold:
min_age: 30d
actions:
set_priority:
priority: 0
delete:
min_age: 365d
actions:
delete: {}
so-zscaler: so-zscaler:
index_sorting: False index_sorting: False
index_template: index_template: