使用 ElasticSearch Curator 7天定期删除日志
背景
Curator 是 Elastic 官方发布的一个管理 Elasticsearch 索引的工具,可以完成许多索引生命周期的管理工作。
我使用的 elasticseraech 8.0 以上的版本,所有我直接安装最新版的curator,服务器是centos 7 的
二进制安装
下载
1wget https://packages.elastic.co/curator/5/centos/7/Packages/elasticsearch-curator-5.8.4-1.x86_64.rpm
安装 curator
1rpm -ivh elasticsearch-curator-5.8.4-1.x86_64.rpm
2curator --version
进入安装文件,创建文件
1cd /opt/elasticsearch-curator
2mkdir log
3cd log
4touch run.log
创建config.yml文件在log目录下
config.yml样例如下: 配置说明参考官网说明:config.yml
1# Rmember, leave a key empty if there is no value. None will be a string,
2# not a Python "NoneType"
3client:
4 hosts:
5 - 192.168.10.17 # elasticsearch IP 地址
6 port: 9200
7 url_prefix:
8 use_ssl: False
9 certificate:
10 client_cert:
11 client_key:
12 ssl_no_validate: False
13 http_auth: elastic:password # elastic 密码,没有就不用写
14 timeout: 30
15 master_only: False
16
17logging:
18 loglevel: INFO
19 logfile: /opt/elasticsearch-curator/log/run.log
20 logformat: default
21 blacklist: ['elasticsearch', 'urllib3']
创建 elk-7-action.yml 执行 7天自动删除所有日志
aelk-7-action.yml 样例如下: 配置说明参考官网说明:action.yml
1# Remember, leave a key empty if there is no value. None will be a string,
2# not a Python "NoneType"
3#
4# Also remember that all examples have 'disable_action' set to True. If you
5# want to use this action as a template, be sure to set this to False after
6# copying it.
7actions:
8 1:
9 action: delete_indices
10 description: >-
11 Delete indices older than 7 days (based on index creation_date)
12 options:
13 timeout_override:
14 continue_if_exception: False
15 disable_action: False
16 filters:
17 - filtertype: age
18 source: creation_date
19 direction: older
20 unit: days
21 unit_count: 7
执行
1curator --config /opt/elasticsearch-curator/log/config.yml /opt/elasticsearch-curator/log/elk-7-action.yml
定时执行
1crontab -e
20 0 * * * curator --config /opt/elasticsearch-curator/log/config.yml /opt/elasticsearch-curator/log/elk-7-action.yml
wq 保存定时任务
总结
curator适用于基于时间或者template其他方式创建的索引,不适合单一索引存储N久历史数据的操作的场景。
