Merge pull request #11648 from Security-Onion-Solutions/fix/ilm_remov…

…e_policy Remove ILM policies for Cases and OSQuery manager indices
Security-Onion-Solutions · Oct 27, 2023 · 9a1e95c · 9a1e95c
2 parents d35483a + 76dd6f0
commit 9a1e95c
Showing 1 changed file with 0 additions and 78 deletions.
diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml
@@ -108,8 +108,6 @@ elasticsearch:
                 match_mapping_type: string
           settings:
             index:
-              lifecycle:
-                name: so-case-logs
               mapping:
                 total_fields:
                   limit: 1500
@@ -119,30 +117,6 @@ elasticsearch:
               sort:
                 field: '@timestamp'
                 order: desc
-      policy:
-        phases:
-          cold:
-            actions:
-              set_priority:
-                priority: 0
-            min_age: 30d
-          delete:
-            actions:
-              delete: {}
-            min_age: 365d
-          hot:
-            actions:
-              rollover:
-                max_age: 30d
-                max_primary_shard_size: 50gb
-              set_priority:
-                priority: 100
-            min_age: 0ms
-          warm:
-            actions:
-              set_priority:
-                priority: 50
-            min_age: 30d
     so-common:
       close: 30
       delete: 365
@@ -6349,33 +6323,7 @@ elasticsearch:
         template:
           settings:
             index:
-              lifecycle:
-                name: so-logs-osquery-manager-action.responses-logs
               number_of_replicas: 0
-      policy:
-        phases:
-          cold:
-            actions:
-              set_priority:
-                priority: 0
-            min_age: 30d
-          delete:
-            actions:
-              delete: {}
-            min_age: 365d
-          hot:
-            actions:
-              rollover:
-                max_age: 30d
-                max_primary_shard_size: 50gb
-              set_priority:
-                priority: 100
-            min_age: 0ms
-          warm:
-            actions:
-              set_priority:
-                priority: 50
-            min_age: 30d
     so-logs-osquery-manager-actions:
       index_sorting: false
       index_template:
@@ -6392,33 +6340,7 @@ elasticsearch:
         template:
           settings:
             index:
-              lifecycle:
-                name: so-logs-osquery-manager-actions-logs
               number_of_replicas: 0
-      policy:
-        phases:
-          cold:
-            actions:
-              set_priority:
-                priority: 0
-            min_age: 30d
-          delete:
-            actions:
-              delete: {}
-            min_age: 365d
-          hot:
-            actions:
-              rollover:
-                max_age: 30d
-                max_primary_shard_size: 50gb
-              set_priority:
-                priority: 100
-            min_age: 0ms
-          warm:
-            actions:
-              set_priority:
-                priority: 50
-            min_age: 30d
     so-logs-panw_x_panos:
       index_sorting: false
       index_template: