From 3a0e3efedc4f9ec763d7ff379ad457c250cabcfe Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> Date: Thu, 11 Jan 2024 14:05:19 +0000 Subject: [PATCH] Removes list of default index patterns (#4558) * Removes list of default index patterns * Removes outdated note * Adds back and updates note * Update docs/getting-started/advanced-setting.asciidoc Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> --------- Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> --- docs/getting-started/advanced-setting.asciidoc | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/docs/getting-started/advanced-setting.asciidoc b/docs/getting-started/advanced-setting.asciidoc index 2c5b23f41d..38fe3dd10d 100644 --- a/docs/getting-started/advanced-setting.asciidoc +++ b/docs/getting-started/advanced-setting.asciidoc @@ -42,16 +42,8 @@ image::images/solution-advanced-settings.png[] == Update default Elastic Security indices The `securitySolution:defaultIndex` field defines which {es} indices the -{security-app} uses to collect data. By default, these index patterns are used to -match {es} indices: - -* `apm-*-transaction*` -* `auditbeat-*` -* `endgame-*` -* `filebeat-*` -* `logs-*` -* `packetbeat-*` -* `winlogbeat-*` +{security-app} uses to collect data. By default, index patterns are used to +match sets of {es} indices. NOTE: Index patterns use wildcards to specify a set of indices. For example, the `filebeat-*` index pattern means all indices starting with `filebeat-` are @@ -64,7 +56,7 @@ data shipped via {beats} and the {agent} is automatically added to the You can add or remove any indices and index patterns as required. For background information on {es} indices, refer to {ref}/documents-indices.html[Data in: documents and indices]. -NOTE: If you leave the `logs-*` index selected, by default, all Elastic cloud logs are excluded from all queries in the {security-app}. This is to avoid adding data from cloud monitoring to the app. +NOTE: If you leave the `-*elastic-cloud-logs-*` index pattern selected, all Elastic cloud logs are excluded from all queries in the {security-app} by default. This is to avoid adding data from cloud monitoring to the app. IMPORTANT: {elastic-sec} requires {ecs-ref}[ECS-compliant data]. If you use third-party data collectors to ship data to {es}, the data must be mapped to ECS.