allow setting spiDataMaxIndices for Arkime's config.ini

idaholab / Malcolm

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

https://idaholab.github.io/Malcolm/

Other

327 stars 53 forks source link

allow setting spiDataMaxIndices for Arkime's config.ini #471

Closed mmguero closed 1 month ago

mmguero commented 1 month ago

Allow setting spiDataMaxIndices for Arkime's config.ini via an environment variable in arkime.env.

mmguero commented 1 month ago

ARKIME_SPI_DATA_MAX_INDICES - the maximum number of indices for querying SPI data, or set to -1 to disable any max. The Arkime documentation warns "OpenSearch/Elasticsearch MAY blow up if we ... search too many indices." (default 7)