Rollover and alias for stream indices

[AlexRuiz7]

Description

One of the main requirements of the Data Persistence Model Redesign project is to include aliases and rollover policies to stream indices by default, as Index Management related features.

For Wazuh 5, we have identified 2 stream indices:

• wazuh-alerts data stream.
• wazuh-commands data stream.

The setup plugin (see wazuh/wazuh-indexer-plugins#9) generates indices for both data streams at startup, wazuh-alerts-5.x-0001 and .commands respectively.

On this issue, we are going to create aliases and rollover policies for both data streams, defining the rollover criteria.

We have not yet found a simple way of interacting with the OpenSearch's Indexer Management plugin, which is responsible for these things. As part of this issue, we will investigate how to implement these features within our setup plugin.

Functional requirements

• The wazuh-alerts data stream is associated to an alias.
• The wazuh-alerts data stream is managed by an active rollover policy.
• The wazuh-commands data stream is associated to an alias.
• The wazuh-commands data stream is managed by an active rollover policy.
• Aliases and rollover policies are generated automatically.

Implementation restrictions

• The initialization of the index aliases and the rollover policies are the responsibility of the setup plugin.

Plan

• Spike. Investigate how the IM plugin persists such data.
• Spike. Reproduce the IM creation of policies.
• Define aliases names.
• Define rollover policies.
• Apply changes.