remove comments

2026-06-16 07:08:41 +02:00 · 2026-06-15 13:31:23 -05:00
parent c505160480
commit d10f21399c
3 changed files with 7 additions and 17 deletions
@@ -19,18 +19,9 @@ elasticsearch:
              flood_stage: 90%
              high: 85%
              low: 80%
-    # don't want to set retention here since it will make ES restart with every update +
-    #   potentially case where we could unintentially fall back to retention 7d and cause data loss
-    # data_streams:
-    #   lifecycle:
-    #     retention:
-    #       default: 7d
    indices:
      id_field_data:
        enabled: false
-    # index:
-      # lifecycle:
-        # prefer_ilm: true
    logger:
      org:
        elasticsearch:
@@ -73,7 +64,6 @@ elasticsearch:
            verification_mode: none
  index_settings:
    global_overrides:
-    # Tie this into cluster setting for data_streams.lifecycle.retention.default
      data_stream_lifecycle:
        data_retention: 90d
      index_template:
@@ -2110,6 +2100,7 @@ elasticsearch:
        composed_of:
        - .logs-endpoint.actions@package
        - .logs-endpoint.actions@custom
+        - endpoint@custom
        - event-mappings
        - so-fleet_integrations.ip_mappings-1
        - so-fleet_globals-1
@@ -2119,8 +2110,9 @@ elasticsearch:
          hidden: false
        ignore_missing_component_templates:
        - .logs-endpoint.actions@custom
+        - endpoint@custom
        index_patterns:
-        - logs-endpoint.actions-*
+        - .logs-endpoint.actions-*
        priority: 501
        template:
          settings:
@@ -2171,6 +2163,7 @@ elasticsearch:
        composed_of:
        - .logs-endpoint.action.responses@package
        - .logs-endpoint.action.responses@custom
+        - endpoint@custom
        - event-mappings
        - so-fleet_integrations.ip_mappings-1
        - so-fleet_globals-1
@@ -2180,14 +2173,15 @@ elasticsearch:
          hidden: false
        ignore_missing_component_templates:
        - .logs-endpoint.action.responses@custom
+        - endpoint@custom
        index_patterns:
-        - logs-endpoint.action.responses-*
+        - .logs-endpoint.action.responses-*
        priority: 501
        template:
          settings:
            index:
              lifecycle:
-                name: so-logs-endpoint.actions-logs
+                name: so-logs-endpoint.action.responses-logs
              mapping:
                total_fields:
                  limit: 5000
@@ -90,7 +90,6 @@ set_data_stream_lifecycle() {

    if ! output=$(so-elasticsearch-query "_data_stream/${data_stream}/_lifecycle" -XPUT -d "$body" --retry 3 --retry-delay 5 --fail); then
        echo "Failed to set data stream lifecycle for $data_stream."
-        echo "$output"
        return 1
    fi

@@ -113,7 +112,6 @@ disable_data_stream_lifecycle() {

    if ! output=$(so-elasticsearch-query "_data_stream/${data_stream}/_lifecycle" -XPUT -d "$body" --retry 3 --retry-delay 5 --fail); then
        echo "Failed to disable data stream lifecycle for $data_stream."
-        echo "$output"
        return 1
    fi

@@ -803,8 +803,6 @@ kibana_backport_streams_index_template() {
        return 0
    fi

-    ## NOTE: Should really add a check here for existing .kibana_streams index and then update its config in place
-
 }

 up_to_3.2.0() {