Hi...
I am installing my ELK and I need to rotate the logs in the server.
now i have ELK 4.5, and to do this log rotation I've used the curator (3.4.1-1) which works very good but that's manual for example sudo curator delete indices --older-than 365 --time-unit days --timestring '%Y.%m.%d'
I simply wanted to use it as crontab job as 45 16 * * * sudo curator delete indices --older-than 365 --time-unit days --timestring '%Y.%m.%d'
for keeping my logs for single year only.
the job didn't succeed knowing that am very new to Linux systems and am network guy not a developer.
how to make this job automatic? why the crontab does't execute my curator command?
TIA
What version? The Elastic Stack jumped from version 2.4 to 5.0.
I would bet that the issue is that you are running with sudo. You don't need sudo to run Curator. It only needs a client connection to Elasticsearch. It should never need to run as root.
Also, Elasticsearch Curator version 5.0 is out now, so 3.4 is more than a bit outdated.
In addition to Aarons answer, consider the following hints:
you wanna check if curator gets executed (then check the curator log) or if there is a problem executing the curator at all (maybe you know this already).
A usual error is not specifying the full path of a binary when using cron (cron is using a different PATH environment than your login session).
make sure curator gets really executed by probably checking cron logs (on a RedHat based server in /var/log/cron and setting the correct full binary path of curator which you can find using whereis curator, again on a RedHat based RPM installation it would be /usr/bin/curator)
If you dont make any progress, the actual output of the cron-log error or more specifically the curator log would be helpful.
Thank you so much for your reply.
as I've already mentioned that i have a very short experience with the
linux and the EL, plus an not a developer.
Regarding the version of curator, thus what i got from my used documents
and installation from the store.
Unfortunately am not at office to have screenshot of the ELK version but it
is 4.5.
Upgrading the whole stack is considered but we still building and
discovering things we need.
Regarding the solution of my issue you suggest, i will try again without
the sudo.
Thank you so much for your help.
Thank you so much for your help. I appreciate it.
About the version, I checked again, was my mistake , it's ELK 4.4.2
That must just be Kibana. There's no such thing as 'ELK' 4.4.2.
Kibana 4.x works with the Elasticsearch 2.x, and Logstash can work with almost any Elasticsearch.
We no longer refer to these as 'ELK', because there are more components, like Beats, and Monitoring, and the commercial plugins. The correct terminology is to name them individually, or collectively as the "Elastic Stack."
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.