Hello everyone,
thanks in advance to anyone who can solve my doubt.
Could someone explain me what is the difference between the data streams that have the "Managed" tag and the ones that don't have it. How can I remove it?
.conf output
if [type] == "deepsecurity"
{
elasticsearch {
id => "10402_output_deepsecurity"
hosts => ["https://myhost:9200"]
data_stream => true
data_stream_type => "logs"
data_stream_dataset => "deep"
data_stream_namespace => "produccion"
user => "myuser"
password => "mypassword"
ssl_enabled => true
ssl_certificate_authorities => "/etc/logstash/certs/certificado-ca.crt"
}
}
}
Policy
PUT /_ilm/policy/deep-index-policy
{
"policy": {
"phases": {
"hot": {
"min_age": "0ms",
"actions": {
"rollover": {
"max_size": "30MB"
}
}
},
"delete": {
"min_age": "90d",
"actions": {
"delete": {}
}
}
}
}
}
Index Template
PUT _index_template/deep-index-template
{
"template": {
"settings": {
"index": {
"lifecycle": {
"name": "deep-index-policy",
"rollover_alias": "deep"
}
}
}
},
"index_patterns": [
"deep-*"
],
"data_stream": {},
"priority": 200
}