Hello
I have installed the “Fortinet FortiGate Firewall Logs” integration.
I did the respective configuration
The datastream was created and I am receiving logs normally.
My problem is that it took a policy called “logs” and I need to apply an index life cycle of 1 day and for obvious reasons I cannot modify the “logs” policy because it would affect the other datastreams, I need to apply a policy only for Fortinet.
If the ILM policy is associated to the index template, then I go to the fortinet index template but I have no idea what to modify to apply the ILM I created manually called “Fortinet-policy” which removes the index in 1 day.
I also see that there are some “component templates” and not knowing what they do or what they are for I am worried about moving something that generates problems to the ingest that at the moment works fine.
Thank you for your help
