securityonion/salt/elasticfleet/integration-defaults.yaml

so-logs-INTPLACEHOLDER_x_COMPLACEHOLDER:
  index_sorting: False
  index_template:
    composed_of:
      - "logs-INTPLACEHOLDER.COMPLACEHOLDER@package"
      - "logs-INTPLACEHOLDER.COMPLACEHOLDER@custom"
      - "so-fleet_globals-1"
      - "so-fleet_agent_id_verification-1"
    data_stream:
      hidden: false
      allow_custom_routing: false
    ignore_missing_COMPLACEHOLDER_templates:
      - "logs-INTPLACEHOLDER.COMPLACEHOLDER@custom"
    index_patterns:
      - "logs-INTPLACEHOLDER.COMPLACEHOLDER-*"
    priority: 501
    template:
      settings:
        index:
          lifecycle:
            name: "so-logs-INTPLACEHOLDER.COMPLACEHOLDER-logs"
          number_of_replicas: 0
  policy:
    phases:
      cold:
        actions:
          set_priority:
            priority: 0
        min_age: "60d"
      delete:
        actions:
          delete: {}
        min_age: "365d"
      hot:
        actions:
          rollover:
            max_age: "30d"
            max_primary_shard_size: "50gb"
          set_priority:
            priority: 100
        min_age: "0ms"
      warm:
        actions:
          set_priority:
            priority: 50
        min_age: "30d"