Wazuh to create policies to manage indexes

32 views
Skip to first unread message

Rahul Cmv

unread,
Mar 29, 2023, 4:00:22 AM3/29/23
to Wazuh mailing list
In wazuh is there a way to create policies to manage indexes and raise alerts when its reaching 85% or 90% retention period?

Mateo James

unread,
Mar 29, 2023, 11:29:35 AM3/29/23
to Wazuh mailing list
Hi Rahul, thanks for using Wazuh!

Could you provide me the version of Wazuh and the version of the Indexer you are using?

Kind regards,
Mateo

Mateo James

unread,
Mar 29, 2023, 1:42:00 PM3/29/23
to Wazuh mailing list
Hi Rahul, meanwhile I will try to answer your question. 

You can do it manually using the API following the opensearch documentation in https://opensearch.org/docs/latest/im-plugin/ism/index/. Index State Management (ISM) is a plugin that lets you automate periodic, administrative operations by triggering them based on changes in the index age, index size. This will allow you to, for example, set a policy that sends you a notification message when the index size reaches certain level.

Hope this helps!
Mateo
Reply all
Reply to author
Forward
0 new messages