New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FIX: Change Elasticsearch min_age setting for cold phase #12890

Closed

dougburks opened this issue Apr 30, 2024 · 1 comment

Assignees

Milestone

Contributor

dougburks commented Apr 30, 2024 •

edited

Currently, our default for warm min_age is 30d and cold min_age is the same 30d:
https://github.com/Security-Onion-Solutions/securityonion/blob/2.4/dev/salt/elasticsearch/defaults.yaml#L149-L172

We should change the cold min_age to something else like 60d perhaps.

We should make this change in the global_overrides section and in each of the individual index sections.

We should also change the ex. 30d in the description at:
https://github.com/Security-Onion-Solutions/securityonion/blob/2.4/dev/salt/elasticsearch/soc_elasticsearch.yaml#L123
and
https://github.com/Security-Onion-Solutions/securityonion/blob/2.4/dev/salt/elasticsearch/soc_elasticsearch.yaml#L305

The text was updated successfully, but these errors were encountered:

dougburks added this to the 2.4.70 milestone

dougburks assigned weslambert

Contributor

weslambert commented May 1, 2024

weslambert closed this as completed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment