From 264db4da0a33c72b9e0136fe0bb8dc275f346c64 Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic Date: Thu, 4 Jan 2024 12:15:55 +0000 Subject: [PATCH 1/4] Removes list of default index patterns --- docs/getting-started/advanced-setting.asciidoc | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/docs/getting-started/advanced-setting.asciidoc b/docs/getting-started/advanced-setting.asciidoc index 2c5b23f41d..e744bffa09 100644 --- a/docs/getting-started/advanced-setting.asciidoc +++ b/docs/getting-started/advanced-setting.asciidoc @@ -42,16 +42,8 @@ image::images/solution-advanced-settings.png[] == Update default Elastic Security indices The `securitySolution:defaultIndex` field defines which {es} indices the -{security-app} uses to collect data. By default, these index patterns are used to -match {es} indices: - -* `apm-*-transaction*` -* `auditbeat-*` -* `endgame-*` -* `filebeat-*` -* `logs-*` -* `packetbeat-*` -* `winlogbeat-*` +{security-app} uses to collect data. By default, index patterns are used to +match sets of {es} indices. NOTE: Index patterns use wildcards to specify a set of indices. For example, the `filebeat-*` index pattern means all indices starting with `filebeat-` are @@ -64,7 +56,7 @@ data shipped via {beats} and the {agent} is automatically added to the You can add or remove any indices and index patterns as required. For background information on {es} indices, refer to {ref}/documents-indices.html[Data in: documents and indices]. -NOTE: If you leave the `logs-*` index selected, by default, all Elastic cloud logs are excluded from all queries in the {security-app}. This is to avoid adding data from cloud monitoring to the app. +NOTE: If you leave the `logs-*` index pattern selected, by default, all Elastic cloud logs are excluded from all queries in the {security-app}. This is to avoid adding data from cloud monitoring to the app. IMPORTANT: {elastic-sec} requires {ecs-ref}[ECS-compliant data]. If you use third-party data collectors to ship data to {es}, the data must be mapped to ECS. From fa5c81a5f4b21efd92d15e33a4972be653004bb1 Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic Date: Mon, 8 Jan 2024 11:33:01 +0000 Subject: [PATCH 2/4] Removes outdated note --- docs/getting-started/advanced-setting.asciidoc | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/getting-started/advanced-setting.asciidoc b/docs/getting-started/advanced-setting.asciidoc index e744bffa09..f7f6a3d626 100644 --- a/docs/getting-started/advanced-setting.asciidoc +++ b/docs/getting-started/advanced-setting.asciidoc @@ -56,8 +56,6 @@ data shipped via {beats} and the {agent} is automatically added to the You can add or remove any indices and index patterns as required. For background information on {es} indices, refer to {ref}/documents-indices.html[Data in: documents and indices]. -NOTE: If you leave the `logs-*` index pattern selected, by default, all Elastic cloud logs are excluded from all queries in the {security-app}. This is to avoid adding data from cloud monitoring to the app. - IMPORTANT: {elastic-sec} requires {ecs-ref}[ECS-compliant data]. If you use third-party data collectors to ship data to {es}, the data must be mapped to ECS. <> lists ECS fields used in {elastic-sec}. From f000e0d3f156d479070a12dd8945d53235e9a0e2 Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic Date: Mon, 8 Jan 2024 15:23:24 +0000 Subject: [PATCH 3/4] Adds back and updates note --- docs/getting-started/advanced-setting.asciidoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/getting-started/advanced-setting.asciidoc b/docs/getting-started/advanced-setting.asciidoc index f7f6a3d626..595c4aac00 100644 --- a/docs/getting-started/advanced-setting.asciidoc +++ b/docs/getting-started/advanced-setting.asciidoc @@ -56,6 +56,8 @@ data shipped via {beats} and the {agent} is automatically added to the You can add or remove any indices and index patterns as required. For background information on {es} indices, refer to {ref}/documents-indices.html[Data in: documents and indices]. +NOTE: If you leave the `-*elastic-cloud-logs-*` index pattern selected, by default, all Elastic cloud logs are excluded from all queries in the {security-app}. This is to avoid adding data from cloud monitoring to the app. + IMPORTANT: {elastic-sec} requires {ecs-ref}[ECS-compliant data]. If you use third-party data collectors to ship data to {es}, the data must be mapped to ECS. <> lists ECS fields used in {elastic-sec}. From dde739a1d42d3cb202aa93ee8761152998b5bd29 Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> Date: Wed, 10 Jan 2024 17:37:34 +0000 Subject: [PATCH 4/4] Update docs/getting-started/advanced-setting.asciidoc Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> --- docs/getting-started/advanced-setting.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/getting-started/advanced-setting.asciidoc b/docs/getting-started/advanced-setting.asciidoc index 595c4aac00..38fe3dd10d 100644 --- a/docs/getting-started/advanced-setting.asciidoc +++ b/docs/getting-started/advanced-setting.asciidoc @@ -56,7 +56,7 @@ data shipped via {beats} and the {agent} is automatically added to the You can add or remove any indices and index patterns as required. For background information on {es} indices, refer to {ref}/documents-indices.html[Data in: documents and indices]. -NOTE: If you leave the `-*elastic-cloud-logs-*` index pattern selected, by default, all Elastic cloud logs are excluded from all queries in the {security-app}. This is to avoid adding data from cloud monitoring to the app. +NOTE: If you leave the `-*elastic-cloud-logs-*` index pattern selected, all Elastic cloud logs are excluded from all queries in the {security-app} by default. This is to avoid adding data from cloud monitoring to the app. IMPORTANT: {elastic-sec} requires {ecs-ref}[ECS-compliant data]. If you use third-party data collectors to ship data to {es}, the data must be mapped to ECS.