.signals_log indices history

Search Guard
1

Signals_log index uses _index_template signals_log_template , can we configure it ? I would like to add lifecycle policy to it, which I can, but every deployment will change it back to default. I could make a secondary request after each sgctl deployment but maybe there is another way ?

Thanks.

{
  "index_templates": [
    {
      "name": "signals_log_template",
      "index_template": {
        "index_patterns": [
          ".signals_log_*"
        ],
        "template": {
          "settings": {
            "index": {
              "hidden": "true"
            }
          }
        },
        "composed_of": []
      }
    }
  ]
}
2

Hi @peter82,

What version of Search Guard are you using?
Could you please elaborate on “sgctl deployment” (the upload of SG configuration)?

Thanks,
Mantas

3

1.2.0 SG FLX, yes by sgctl deployment I meant deploy all SG configuration with sgctl tool to cluster where /sgconfig/ is path to all configs.

elasticsearch/kibana version 8.6.2

for instance:

./sgctl.sh update-config ./sgconfig/

.

4

actually you can solve this with another template with higher priority.

5

@peter82 thanks for sharing the Solution, I’ve been looking into this in my lab; if there are any alternative solutions (including the original template), I’ll let you know.

Thanks,
Mantas