CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-11 19:52:51 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add index templates and lifecycle policies

Browse Source
This commit is contained in:
Wes
2024-05-31 17:46:19 +00:00
parent 37a928b065
commit f396247838
1 changed files with 72 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
salt/elasticsearch/defaults.yaml
View File

@@ -170,6 +170,78 @@ elasticsearch:
set_priority: set_priority:
priority: 50 priority: 50
min_age: 30d min_age: 30d
so-items:
index_sorting: false
index_template:
composed_of:
- so-items-mappings
index_patterns:
- .items-default-**
priority: 500
template:
mappings:
date_detection: false
settings:
index:
lifecycle:
name: so-items-logs
rollover_alias: ".items-default"
routing:
allocation:
include:
_tier_preference: "data_content"
mapping:
total_fields:
limit: 10000
number_of_replicas: 0
number_of_shards: 1
refresh_interval: 30s
sort:
field: '@timestamp'
order: desc
policy:
phases:
hot:
actions:
rollover:
max_size: 50gb
min_age: 0ms
so-lists:
index_sorting: false
index_template:
composed_of:
- so-lists-mappings
index_patterns:
- .lists-default-**
priority: 500
template:
mappings:
date_detection: false
settings:
index:
lifecycle:
name: so-lists-logs
rollover_alias: ".lists-default"
routing:
allocation:
include:
_tier_preference: "data_content"
mapping:
total_fields:
limit: 10000
number_of_replicas: 0
number_of_shards: 1
refresh_interval: 30s
sort:
field: '@timestamp'
order: desc
policy:
phases:
hot:
actions:
rollover:
max_size: 50gb
min_age: 0ms
so-case: so-case:
index_sorting: false index_sorting: false
index_template: index_template: