Elasticsearch Curator Delete index Quick Guide

Elasticsearch Curator Delete index Quick Guide

Curator is a useful tool for maintaining to Elastic search.

Here’s what we can do with this tool:

https://www.elastic.co/guide/en/elasticsearch/client/curator/current/about-features.html

One of the most used functions is the Action to create or delete an index.

Instead of looking at how to use it, here’s an easy way to do it.

Install

Here’s how to install it on Ubuntu and Centos.

Ubuntu

Signing Key:

wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

Installation:

sudo apt-get update && sudo apt-get install elasticsearch-curator

CentOS 7

Signing key:

rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch

Create Repository:

vi /etc/yum.repos.d/curator.repo

[curator-5] name=CentOS/RHEL 7 repository for Elasticsearch Curator 5.x packages baseurl=https://packages.elastic.co/curator/5/centos/7 gpgcheck=1 gpgkey=https://packages.elastic.co/GPG-KEY-elasticsearch enabled=1

Installation:

yum install elasticsearch-curator

TEST

There is a CLI command that you can easily execute before registering the task. curator_cli can be used by entering parameters directly into the CLI.

Below is a command to check the index starting with logstash which is 30 days old.

curator_cli --host 127.0.0.1 show_indices --filter_list '{"filtertype":"age","source":"logstash","timestring":"%Y.%m.%d","unit":"days","unit_count":30,"direction":"older"}'

If it runs normally without any errors, you can check the index list for more than 30 days.

If you change show_indices to delete_indices here, the actual deletion proceeds.

If you use the action and configuration file (yml) rather than the CLI method, you can make the file as follows.

vi action_delete_indices.yml
actions:
  1:
    action: delete_indices
    description: Delete indices with %Y.%m.%d date is older than 30 days
    options:
      ignore_empty_list: True
    filters:
      - filtertype: age
        source: logstash
        timestring: '%Y.%m.%d'
        unit: days
        unit_count: 30

Now create config.yml with access information.

vi config.yml
client:
  hosts:
    — localhost
  port: 9200
  url_prefix:
  use_ssl: False
  certificate:
  client_cert:
  client_key:
  aws_key:
  aws_secret_key:
  aws_region:
  ssl_no_validate: False
  http_auth:
  timeout: 100
  master_only: False
logging:
  loglevel: INFO
  logfile:
  logformat: default
  blacklist: [‘elasticsearch’]

Just enter the values ​​for each field and save it.

Let’s try it out.

curator ./curator-action.yml --config ./curator-config.yml --dry-run

The –dry-run option is useful for testing as it verify that the task is running without action.

Apply

The actual application can be managed periodically using Crontab.

crontab -e
00 6 * * * root curator /path/action_delete_indices.yml --config /path/config.yml

This configuration will clean up the indices older than 30 days, running every day at 6 AM.

Facebook Comments

Leave A Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Detection ADBlockPlease, Disable or add to white list on our site.