Skip to content

Commit

Permalink
Removes list of default index patterns (#4558)
Browse files Browse the repository at this point in the history
* Removes list of default index patterns

* Removes outdated note

* Adds back and updates note

* Update docs/getting-started/advanced-setting.asciidoc

Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>

---------

Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>
  • Loading branch information
natasha-moore-elastic and nastasha-solomon authored Jan 11, 2024
1 parent 8332e3f commit 3a0e3ef
Showing 1 changed file with 3 additions and 11 deletions.
14 changes: 3 additions & 11 deletions docs/getting-started/advanced-setting.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -42,16 +42,8 @@ image::images/solution-advanced-settings.png[]
== Update default Elastic Security indices

The `securitySolution:defaultIndex` field defines which {es} indices the
{security-app} uses to collect data. By default, these index patterns are used to
match {es} indices:

* `apm-*-transaction*`
* `auditbeat-*`
* `endgame-*`
* `filebeat-*`
* `logs-*`
* `packetbeat-*`
* `winlogbeat-*`
{security-app} uses to collect data. By default, index patterns are used to
match sets of {es} indices.

NOTE: Index patterns use wildcards to specify a set of indices. For example, the
`filebeat-*` index pattern means all indices starting with `filebeat-` are
Expand All @@ -64,7 +56,7 @@ data shipped via {beats} and the {agent} is automatically added to the

You can add or remove any indices and index patterns as required. For background information on {es} indices, refer to {ref}/documents-indices.html[Data in: documents and indices].

NOTE: If you leave the `logs-*` index selected, by default, all Elastic cloud logs are excluded from all queries in the {security-app}. This is to avoid adding data from cloud monitoring to the app.
NOTE: If you leave the `-*elastic-cloud-logs-*` index pattern selected, all Elastic cloud logs are excluded from all queries in the {security-app} by default. This is to avoid adding data from cloud monitoring to the app.

IMPORTANT: {elastic-sec} requires {ecs-ref}[ECS-compliant data]. If you use third-party data
collectors to ship data to {es}, the data must be mapped to ECS.
Expand Down

0 comments on commit 3a0e3ef

Please sign in to comment.