diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml index 588bf7cf2..4f4f5a295 100644 --- a/salt/elasticsearch/defaults.yaml +++ b/salt/elasticsearch/defaults.yaml @@ -296,7 +296,7 @@ elasticsearch: - "logs-elastic_agent.apm_server@custom" - "so-fleet_globals-1" - "so-fleet_agent_id_verification-1" - priority: 200 + priority: 501 data_stream: hidden: false allow_custom_routing: false @@ -350,7 +350,7 @@ elasticsearch: - "logs-elastic_agent.auditbeat@custom" - "so-fleet_globals-1" - "so-fleet_agent_id_verification-1" - priority: 200 + priority: 501 data_stream: hidden: false allow_custom_routing: false @@ -404,7 +404,7 @@ elasticsearch: - "logs-elastic_agent.cloudbeat@custom" - "so-fleet_globals-1" - "so-fleet_agent_id_verification-1" - priority: 200 + priority: 501 policy: phases: hot: @@ -455,7 +455,7 @@ elasticsearch: - "logs-elastic_agent.endpoint_security@custom" - "so-fleet_globals-1" - "so-fleet_agent_id_verification-1" - priority: 200 + priority: 501 data_stream: hidden: false allow_custom_routing: false @@ -498,13 +498,8 @@ elasticsearch: sort: field: "@timestamp" order: desc - mappings: - _meta: - package: - name: elastic_agent - managed_by: security_onion - managed: true composed_of: + - "event-mappings" - "logs-elastic_agent.filebeat@package" - "logs-elastic_agent.filebeat@custom" - "so-fleet_globals-1" @@ -546,19 +541,11 @@ elasticsearch: settings: index: number_of_replicas: 0 - mapping: - total_fields: - limit: 5000 sort: field: "@timestamp" order: desc - mappings: - _meta: - package: - name: elastic_agent - managed_by: security_onion - managed: true composed_of: + - "event-mappings" - "logs-elastic_agent.fleet_server@package" - "logs-elastic_agent.fleet_server@custom" - "so-fleet_globals-1" @@ -617,7 +604,7 @@ elasticsearch: - "logs-elastic_agent.heartbeat@custom" - "so-fleet_globals-1" - "so-fleet_agent_id_verification-1" - priority: 200 + priority: 501 policy: phases: hot: @@ -664,11 +651,12 @@ elasticsearch: managed_by: security_onion managed: true composed_of: + - "event-mappings" - "logs-elastic_agent@package" - "logs-elastic_agent@custom" - "so-fleet_globals-1" - "so-fleet_agent_id_verification-1" - priority: 200 + priority: 501 data_stream: hidden: false allow_custom_routing: false @@ -711,18 +699,13 @@ elasticsearch: sort: field: "@timestamp" order: desc - mappings: - _meta: - package: - name: elastic_agent - managed_by: security_onion - managed: true composed_of: + - "event-mappings" - "logs-elastic_agent.metricbeat@package" - "logs-elastic_agent.metricbeat@custom" - "so-fleet_globals-1" - "so-fleet_agent_id_verification-1" - priority: 200 + priority: 501 data_stream: hidden: false allow_custom_routing: false @@ -765,13 +748,8 @@ elasticsearch: sort: field: "@timestamp" order: desc - mappings: - _meta: - package: - name: elastic_agent - managed_by: security_onion - managed: true composed_of: + - "event-mappings" - "logs-elastic_agent.osquerybeat@package" - "logs-elastic_agent.osquerybeat@custom" - "so-fleet_globals-1"