Hey there,
I configured SAP to have daily findings indices. For our monitoring, I’d like to have the daily findings (and all other related sap indices) to be rotated / created at midnight. Currently the index is created at an arbitrary time - when the age of the oldest findings exceeds the finding_history_max_age of course, which can be in the middle of the day.
How would I make the sap-indices be created at midnight?
#opensearch.yml:
[...]
plugins:
security:
alert_history_max_age: "1d"
alert_history_retention_period: "90d"
finding_history_max_age: "1d"
finding_history_retention_period: "90d"
correlation_history_max_age: "1d"
correlation_history_retention_period: "90d"