support to change .alerts-ilm-policy

**Describe the feature:**
<details><summary>Currently in 8.11.1, `.alerts-ilm-policy` policy is installed by kibana</summary>

```
# GET _ilm/policy/.alerts-ilm-policy 200 OK
{
  ".alerts-ilm-policy": {
    "version": 1,
    "modified_date": "2023-12-01T10:55:10.913Z",
    "policy": {
      "phases": {
        "hot": {
          "min_age": "0ms",
          "actions": {
            "rollover": {
              "max_age": "30d",
              "max_primary_shard_size": "50gb"
            }
          }
        }
      },
      "_meta": {
        "managed": true
      }
    },
    "in_use_by": {
      "indices": [
        ".internal.alerts-observability.metrics.alerts-default-000001",
        ".internal.alerts-observability.logs.alerts-default-000001",
        ".internal.alerts-observability.uptime.alerts-default-000001",
        ".internal.alerts-observability.threshold.alerts-default-000001",
        ".internal.alerts-ml.anomaly-detection.alerts-default-000001",
        ".internal.alerts-observability.slo.alerts-default-000001",
        ".internal.alerts-security.alerts-default-000001",
        ".internal.alerts-observability.apm.alerts-default-000001",
        ".internal.alerts-stack.alerts-default-000001"
      ],
      "data_streams": [],
      "composable_templates": [
        ".alerts-observability.threshold.alerts-default-index-template",
        ".alerts-observability.slo.alerts-default-index-template",
        ".alerts-ml.anomaly-detection.alerts-default-index-template",
        ".alerts-observability.uptime.alerts-default-index-template",
        ".alerts-observability.logs.alerts-default-index-template",
        ".alerts-stack.alerts-default-index-template",
        ".alerts-observability.apm.alerts-default-index-template",
        ".alerts-security.alerts-default-index-template",
        ".alerts-observability.metrics.alerts-default-index-template"
      ]
    }
  }
}
```

</details>

This rolls over the indices after 30 days or 50gb but does not move indices to warm/cold/frozen/delete steps - eventually causing hot nodes to run out of disk space

Generally built-in ILM policies provided by elasticsearch can be customer per [doc](https://www.elastic.co/guide/en/elasticsearch/reference/8.11/example-using-index-lifecycle-policy.html)

However kibana currently (tested in `8.11.1`) overrides `.alerts-ilm-policy` policy on restart hence there is no support to customise this ILM policy, hence the indices need to be managed by external tool to move to warm or delete old rolled over indices ([curator](https://www.elastic.co/guide/en/elasticsearch/client/curator/8.0/index.html) for example)

**Describe a specific use case for the feature:**
Support for customising `.alerts-ilm-policy` policy to allow to move managed indices to wam/cold/frozen/delete steps


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

support to change .alerts-ilm-policy #172357

jguay
openedon Dec 1, 2023

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

support to change .alerts-ilm-policy #172357

Description

jguayopenedon Dec 1, 2023

Metadata