diff --git a/elk_metrics_7x/roles/elastic_auditbeat/defaults/main.yml b/elk_metrics_7x/roles/elastic_auditbeat/defaults/main.yml
index 25ab8922..b7264e51 100644
--- a/elk_metrics_7x/roles/elastic_auditbeat/defaults/main.yml
+++ b/elk_metrics_7x/roles/elastic_auditbeat/defaults/main.yml
@@ -14,3 +14,14 @@
 # limitations under the License.
 
 auditbeat_service_state: restarted
+
+auditbeat_ilm_policy_name: "auditbeat-{{ beat_version }}"
+auditbeat_ilm_policy_template: "auditbeat-{{ beat_version }}"
+auditbeat_ilm_policy_filename: "auditbeat-ilm-policy.json"
+auditbeat_ilm_policy_file_location: "/etc/auditbeat"
+
+ilm_policy_name: "{{ auditbeat_ilm_policy_name | default('') }}"
+ilm_policy: "{{ (auditbeat_ilm_policy | default(default_ilm_policy)) | default({}) }}"
+ilm_policy_template: "{{ auditbeat_ilm_policy_template | default('') }}"
+ilm_policy_filename: "{{ (auditbeat_ilm_policy_filename | default(default_ilm_policy_filename)) | default('') }}"
+ilm_policy_file_location: "{{ (auditbeat_ilm_policy_file_location | default(default_ilm_policy_file_location)) | default('') }}"
diff --git a/elk_metrics_7x/roles/elastic_auditbeat/tasks/main.yml b/elk_metrics_7x/roles/elastic_auditbeat/tasks/main.yml
index 2e6cf744..1a25f2d8 100644
--- a/elk_metrics_7x/roles/elastic_auditbeat/tasks/main.yml
+++ b/elk_metrics_7x/roles/elastic_auditbeat/tasks/main.yml
@@ -82,6 +82,10 @@
   notify:
     - Enable and restart auditbeat
 
+- include_role:
+    name: elastic_ilm
+  when: ilm_policy.keys() | length > 0
+
 - name: Run the beat setup role
   include_role:
     name: elastic_beat_setup
diff --git a/elk_metrics_7x/roles/elastic_auditbeat/templates/auditbeat.yml.j2 b/elk_metrics_7x/roles/elastic_auditbeat/templates/auditbeat.yml.j2
index b8affa06..b0e6589a 100644
--- a/elk_metrics_7x/roles/elastic_auditbeat/templates/auditbeat.yml.j2
+++ b/elk_metrics_7x/roles/elastic_auditbeat/templates/auditbeat.yml.j2
@@ -813,6 +813,30 @@ processors:
 #=============================== Template ======================================
 {{ elk_macros.setup_template('auditbeat', inventory_hostname, data_nodes, elasticsearch_beat_settings) }}
 
+#============================== Setup ILM =====================================
+
+# Configure Index Lifecycle Management Index Lifecycle Management creates a
+# write alias and adds additional settings to the template.
+# The elasticsearch.output.index setting will be replaced with the write alias
+# if ILM is enabled.
+
+# Enabled ILM support. Valid values are true, false, and auto. The beat will
+# detect availabilty of Index Lifecycle Management in Elasticsearch and enable
+# or disable ILM support.
+#setup.ilm.enabled: auto
+
+# Configure the ILM write alias name.
+#setup.ilm.rollover_alias: "filebeat"
+
+# Configure rollover index pattern.
+#setup.ilm.pattern: "{now/d}-000001"
+{% if ilm_policy_name is defined %}
+setup.ilm.policy_name: "{{ ilm_policy_name }}"
+{% endif %}
+{% if ilm_policy_file_location is defined %}
+setup.ilm.policy_file: "{{ ilm_policy_file_location }}/{{ ilm_policy_filename }}"
+{% endif %}
+
 #============================== Kibana =====================================
 {% if (groups['kibana'] | length) > 0 %}
 {{ elk_macros.setup_kibana(hostvars[groups['kibana'][0]]['ansible_host'] ~ ':' ~ kibana_port) }}