mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
29 lines
912 B
YAML
29 lines
912 B
YAML
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
|
|
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
|
|
# https://securityonion.net/license; you may not use this file except in compliance with the
|
|
# Elastic License 2.0.
|
|
|
|
{%- set cur_close_days = CURATORMERGED['so-strelka'].close %}
|
|
actions:
|
|
1:
|
|
action: close
|
|
description: >-
|
|
Close Strelka indices older than {{cur_close_days}} days.
|
|
options:
|
|
allow_ilm_indices: True
|
|
delete_aliases: False
|
|
timeout_override:
|
|
ignore_empty_list: True
|
|
disable_action: False
|
|
filters:
|
|
- filtertype: pattern
|
|
kind: regex
|
|
value: '^(logstash-strelka.*|so-strelka.*)$'
|
|
- filtertype: age
|
|
source: name
|
|
direction: older
|
|
timestring: '%Y.%m.%d'
|
|
unit: days
|
|
unit_count: {{cur_close_days}}
|
|
exclude:
|