From ca80548bf0ad6d9a62a9aa1be04698d748f4aa49 Mon Sep 17 00:00:00 2001
From: weslambert <wlambertts@gmail.com>
Date: Fri, 13 Jan 2023 16:15:58 -0500
Subject: [PATCH] Remove so-ids since the data stream is now 'logs-suricata-*'

---
 setup/so-functions | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/so-functions b/setup/so-functions
index c4e7d48e0..d9c9bc2b2 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1075,7 +1075,7 @@ elasticsearch_pillar() {
         "        bool:"\
         "          max_clause_count: 3500"\
 		"  index_settings:"\ > $elasticsearch_pillar_file
-		for INDEX in aws azure barracuda beats bluecoat cef checkpoint cisco cyberark cylance elasticsearch endgame f5 firewall fortinet gcp google_workspace ids imperva infoblox juniper kibana logstash microsoft misp netflow netscout o365 okta osquery proofpoint radware redis snort snyk sonicwall sophos strelka syslog tomcat zeek zscaler
+		for INDEX in aws azure barracuda beats bluecoat cef checkpoint cisco cyberark cylance elasticsearch endgame f5 firewall fortinet gcp google_workspace imperva infoblox juniper kibana logstash microsoft misp netflow netscout o365 okta osquery proofpoint radware redis snort snyk sonicwall sophos strelka syslog tomcat zeek zscaler
 		do
 			printf '%s\n'\
 				"    so-$INDEX:"\