elasticsearch

Distributions

Tools

Clearing old logs

Install elasticsearch-curator

  • Add the repository keys
1
wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
  • Set up the repository
1
echo 'deb https://packages.elastic.co/curator/5/debian stable main' >> /etc/apt/sources.list.d/elastic.list
  • Update apt repo and install elasticsearch-curator
1
sudo apt-get update && sudo apt-get install elasticsearch-curator

Setting up curator

1
root@logs01:~/curator# cat curator.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
client:
  hosts:
    - 127.0.0.1
  port: 9200
  url_prefix:
  use_ssl: False
  certificate:
  client_cert:
  client_key:
  ssl_no_validate: False
  http_auth:
  timeout: 30
  master_only: False

root@logs01:~/curator# cat actions.yml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
actions:
  1:
    action: delete_indices
    description: >-
      Delete indices older than 45 days (based on index name), for logstash-
      prefixed indices. Ignore the error if the filter does not result in an
      actionable list of indices (ignore_empty_list) and exit cleanly.
    options:
      ignore_empty_list: True
      disable_action: False
    filters:
    - filtertype: pattern
      kind: prefix
      value: logstash-
    - filtertype: age
      source: name
      direction: older
      timestring: '%Y.%m.%d'
      unit: days
      unit_count: 60

Setting up cronjob

vim /etc/cron.d/curator

1
2
3
# Clearing elasticsearch indexes previous to 60 days
PATH=/usr/lib/sysstat:/usr/sbin:/usr/sbin:/usr/bin:/sbin:/bin
59 23 * * * root curator --config /root/curator/curator.yml /root/curator/actions.yml

Utilities

  • awesome-elasticsearch - A curated list of the most important and useful resources about elasticsearch: articles, videos, blogs, tips and tricks, use cases. All about Elasticsearch!

Comments

⬆︎TOP