Delete old elasticsearch indexes (TLS, auth enabled for elasticsearch) using curator

I have daily indices (created through elasticsearch), Elasticsearch is running with basic xpack configuration (TLS certificate, authentication, and https )

I'm Trying to delete 'systemlog-' indices once in 2 days.

Below are the details:

curl -XGET https://localhost:9200/_cat/indices?v -k -u elastic:changeme

health status index uuid pri rep docs.count docs.deleted store.size
yellow open systemlog-2020.03.11 AUd9ZMlRQqSDQ9H6zrYc9w 1 1 5 0 54.4kb 54.4kb
yellow open systemlog-2020.03.10 c8lhzY4LTH6-leGW4mFQ6w 1 1 3138 0 1.4mb 1.4mb
green open .security-7 O-MxIJ_MTyid5Rp0X_KeWw 1 0 49 0 108.1kb 108.1kb
yellow open auditlog-2020.03.09 n0eTboxMSgG6c6M2qU0eqg 1 1 58946 0 21.4mb 21.4mb
green open .kibana_task_manager_1 Fyc4SuK7Rw-gCjK744Uyew 1 0 2 2 20.1kb 20.1kb
green open .apm-agent-configuration u3Y_tUH_QkCsVsCTfClB7A 1 0 0 0 283b 283b
yellow open systemlog-2020.03.09 4IU4p_icQcuvA6SGkY1KNA 1 1 43918 0 8.3mb 8.3mb
green open .kibana_1 1IYbcSHWQ6SD611P-fNQow 1 0 6 0 31.7kb 31.7kb
yellow open auditlog-2020.03.10 G7D74ZLDSNa4HwNfjkVY7w 1 1 540 0 172kb 172kb
yellow open auditlog-2020.03.11 TM1aXlU8T0mczO-5jfVniA 1 1 190 0 65kb 65kb

Curator config file: config.yml file

port: 9200
use_ssl: True
certificate: /etc/elasticsearch/certs/elastic-certificates.p12
ssl_no_validate: False
http_auth: elastic:changeme
timeout: 30
master_only: False

loglevel: DEBUG
logformat: default
blacklist: ['elasticsearch', 'urllib3']

Action file: action_file.yml

action: delete_indices
ignore_empty_list: True
disable_action: False
- filtertype: pattern
kind: prefix
value: systemlog-
- filtertype: age
source: name
direction: older
timestring: '%Y.%m.%d'
unit: days
unit_count: 2

Kindly review my yml files and let me know what changes are required to delete indices.
Currently, I'm unable to delete systelog-* indices.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.