Curator 5.5.1 Problem


#1

Hello, I have a question about the compatibility of curator 5.5.1 with elasticsearch 6.2.3. I created curator.yml and action.yml. When trying to run the curator with the command curator --config /home/rejnet/curator/curator.yml --dry-run /home/rejnet/curator/delete_index.yml
nothing happens.

curator,yml :

---
client:
  hosts:
    - 192.168.2.2
  port: 9200
  url_prefix:
  use_ssl: False
  certificate:
  client_cert:
  client_key:
  ssl_no_validate: False
  http_auth:
  timeout: 30
  master_only: False

logging:
  loglevel: INFO
  logfile:
  logformat: default
  blacklist: []

delete_index.yml :

---
# Remember, leave a key empty if there is no value.  None will be a string,
# not a Python "NoneType"
#
# Also remember that all examples have 'disable_action' set to True.  If you
# want to use this action as a template, be sure to set this to False after
# copying it.
actions:
  1:
    action: delete_indices
    description: >-
      Delete indices older than 10 days (based on index name), for suricata-
      prefixed indices. Ignore the error if the filter does not result in an
      actionable list of indices (ignore_empty_list) and exit cleanly.
    options:
      ignore_empty_list: True
      timeout_override:
      continue_if_exception: False
      disable_action: True
    filters:
    - filtertype: pattern
      kind: prefix
      value: suricata-
      exclude:
    - filtertype: age
      source: name
      direction: older
      timestring: '%Y.%m.%d'
      unit: days
      unit_count: 10
      exclude:
 2:
    action: delete_indices
    options:
      continue_if_exception: True
      disable_action: False
    filters:
    - filtertype: pattern
      kind: prefix
      value: metricbeat-
    - filtertype: age
      source: name
      direction: older
      timestring: '%Y.%m.%d'
      unit: days
      unit_count: 10
 3:
    action: delete_indices
    options:
      continue_if_exception: True
      disable_action: False
    filters:
    - filtertype: pattern
      kind: prefix
      value: snmp-
       - filtertype: age
      source: name
      direction: older
      timestring: '%Y.%m.%d'
      unit: days
      unit_count: 10
4:
    action: delete_indices
    options:
      continue_if_exception: True
      disable_action: False
    filters:
    - filtertype: pattern
      kind: prefix
      value: filebeat-
    - filtertype: age
      source: name
      direction: older
      timestring: '%Y.%m.%d'
      unit: days
      unit_count: 10
5:
    action: delete_indices
    options:
      continue_if_exception: True
      disable_action: False
    filters:
    - filtertype: pattern
      kind: prefix
      value: logstash-
    - filtertype: age
      source: name
      direction: older
      timestring: '%Y.%m.%d'
      unit: days
      unit_count: 10

Have you ever met anyone with such a problem?


(Aaron Mildenstein) #2

A recent joke about YAML formatting errors was that it should instead be labeled, "A Series of Unfortunate Indents."

The 4 and the 5 are not indented properly, and so Curator cannot make sense of the file.


(andy_zhou) #3

as i know ,this only test not delete the index... see the log..


#4

Thank you for the answers, the problem was about inappropriate indents in the yaml file, just like theuntergeek wrote.


(system) #5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.