mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
30 lines
891 B
YAML
30 lines
891 B
YAML
{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-cylance:close', 30) -%}
|
|
---
|
|
# Remember, leave a key empty if there is no value. None will be a string,
|
|
# not a Python "NoneType"
|
|
#
|
|
# Also remember that all examples have 'disable_action' set to True. If you
|
|
# want to use this action as a template, be sure to set this to False after
|
|
# copying it.
|
|
actions:
|
|
1:
|
|
action: close
|
|
description: >-
|
|
Close cylance indices older than {{cur_close_days}} days.
|
|
options:
|
|
delete_aliases: False
|
|
timeout_override:
|
|
continue_if_exception: False
|
|
disable_action: False
|
|
filters:
|
|
- filtertype: pattern
|
|
kind: regex
|
|
value: '^(logstash-cylance.*|so-cylance.*)$'
|
|
- filtertype: age
|
|
source: name
|
|
direction: older
|
|
timestring: '%Y.%m.%d'
|
|
unit: days
|
|
unit_count: {{cur_close_days}}
|
|
exclude:
|