Merge pull request #12450 from Security-Onion-Solutions/fix/suricata_max_age

Roll Suricata logs daily to prevent alerts from being deleted when not meeting size threshold

Author: weslambert

salt/elasticsearch/defaults.yaml

@@ -10597,7 +10597,7 @@ elasticsearch:
           hot:
             actions:
               rollover:
-                max_age: 30d
+                max_age: 1d
                 max_primary_shard_size: 50gb
               set_priority:
                 priority: 100