search

jasonish / evebox

Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search
https://evebox.org/
MIT License
414 stars 67 forks source link

[elasticsearch] Date based retention policy #258

Open jasonish opened 1 year ago

jasonish commented 1 year ago

For Logstash style indexes, EveBox should be able to delete indexes older than a certain date, much like the old curator tool.

This does not apply to datastreams which should be configured in Elasticsearch itself.