mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
32 lines
1.1 KiB
YAML
32 lines
1.1 KiB
YAML
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
|
|
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
|
|
# https://securityonion.net/license; you may not use this file except in compliance with the
|
|
# Elastic License 2.0.
|
|
|
|
{% import_yaml 'elasticsearch/defaults.yaml' as ELASTICDEFAULTS %}
|
|
{% set ELASTICMERGED = salt['pillar.get']('elasticsearch:retention', ELASTICDEFAULTS.elasticsearch.retention, merge=true) %}
|
|
|
|
{{ ELASTICMERGED.retention_pct }}
|
|
|
|
{%- set log_size_limit = salt['pillar.get']('elasticsearch:log_size_limit') %}
|
|
actions:
|
|
1:
|
|
action: delete_indices
|
|
description: >-
|
|
Delete indices when {{log_size_limit}}(GB) is exceeded.
|
|
options:
|
|
ignore_empty_list: True
|
|
disable_action: False
|
|
filters:
|
|
- filtertype: pattern
|
|
kind: regex
|
|
value: '^(logstash-.*|so-.*|.ds-logs-.*-so.*)$'
|
|
- filtertype: pattern
|
|
kind: regex
|
|
value: '^(so-case.*)$'
|
|
exclude: True
|
|
- filtertype: space
|
|
source: creation_date
|
|
use_age: True
|
|
disk_space: {{log_size_limit}}
|