Curator 5.5.1 Problem

Hello, I have a question about the compatibility of curator 5.5.1 with elasticsearch 6.2.3. I created curator.yml and action.yml. When trying to run the curator with the command curator --config /home/rejnet/curator/curator.yml --dry-run /home/rejnet/curator/delete_index.yml
nothing happens.

curator,yml :

---
client:
  hosts:
    - 192.168.2.2
  port: 9200
  url_prefix:
  use_ssl: False
  certificate:
  client_cert:
  client_key:
  ssl_no_validate: False
  http_auth:
  timeout: 30
  master_only: False

logging:
  loglevel: INFO
  logfile:
  logformat: default
  blacklist: []

delete_index.yml :

---
# Remember, leave a key empty if there is no value.  None will be a string,
# not a Python "NoneType"
#
# Also remember that all examples have 'disable_action' set to True.  If you
# want to use this action as a template, be sure to set this to False after
# copying it.
actions:
  1:
    action: delete_indices
    description: >-
      Delete indices older than 10 days (based on index name), for suricata-
      prefixed indices. Ignore the error if the filter does not result in an
      actionable list of indices (ignore_empty_list) and exit cleanly.
    options:
      ignore_empty_list: True
      timeout_override:
      continue_if_exception: False
      disable_action: True
    filters:
    - filtertype: pattern
      kind: prefix
      value: suricata-
      exclude:
    - filtertype: age
      source: name
      direction: older
      timestring: '%Y.%m.%d'
      unit: days
      unit_count: 10
      exclude:
 2:
    action: delete_indices
    options:
      continue_if_exception: True
      disable_action: False
    filters:
    - filtertype: pattern
      kind: prefix
      value: metricbeat-
    - filtertype: age
      source: name
      direction: older
      timestring: '%Y.%m.%d'
      unit: days
      unit_count: 10
 3:
    action: delete_indices
    options:
      continue_if_exception: True
      disable_action: False
    filters:
    - filtertype: pattern
      kind: prefix
      value: snmp-
       - filtertype: age
      source: name
      direction: older
      timestring: '%Y.%m.%d'
      unit: days
      unit_count: 10
4:
    action: delete_indices
    options:
      continue_if_exception: True
      disable_action: False
    filters:
    - filtertype: pattern
      kind: prefix
      value: filebeat-
    - filtertype: age
      source: name
      direction: older
      timestring: '%Y.%m.%d'
      unit: days
      unit_count: 10
5:
    action: delete_indices
    options:
      continue_if_exception: True
      disable_action: False
    filters:
    - filtertype: pattern
      kind: prefix
      value: logstash-
    - filtertype: age
      source: name
      direction: older
      timestring: '%Y.%m.%d'
      unit: days
      unit_count: 10

Have you ever met anyone with such a problem?

A recent joke about YAML formatting errors was that it should instead be labeled, "A Series of Unfortunate Indents."

The 4 and the 5 are not indented properly, and so Curator cannot make sense of the file.

1 Like

as i know ,this only test not delete the index... see the log..

Thank you for the answers, the problem was about inappropriate indents in the yaml file, just like theuntergeek wrote.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.