I have daily indices (created through elasticsearch), Elasticsearch is running with basic xpack configuration (TLS certificate, authentication, and https )
I'm Trying to delete 'systemlog-' indices once in 2 days.
Below are the details:
curl -XGET https://localhost:9200/_cat/indices?v -k -u elastic:changeme
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
yellow open systemlog-2020.03.11 AUd9ZMlRQqSDQ9H6zrYc9w 1 1 5 0 54.4kb 54.4kb
yellow open systemlog-2020.03.10 c8lhzY4LTH6-leGW4mFQ6w 1 1 3138 0 1.4mb 1.4mb
green open .security-7 O-MxIJ_MTyid5Rp0X_KeWw 1 0 49 0 108.1kb 108.1kb
yellow open auditlog-2020.03.09 n0eTboxMSgG6c6M2qU0eqg 1 1 58946 0 21.4mb 21.4mb
green open .kibana_task_manager_1 Fyc4SuK7Rw-gCjK744Uyew 1 0 2 2 20.1kb 20.1kb
green open .apm-agent-configuration u3Y_tUH_QkCsVsCTfClB7A 1 0 0 0 283b 283b
yellow open systemlog-2020.03.09 4IU4p_icQcuvA6SGkY1KNA 1 1 43918 0 8.3mb 8.3mb
green open .kibana_1 1IYbcSHWQ6SD611P-fNQow 1 0 6 0 31.7kb 31.7kb
yellow open auditlog-2020.03.10 G7D74ZLDSNa4HwNfjkVY7w 1 1 540 0 172kb 172kb
yellow open auditlog-2020.03.11 TM1aXlU8T0mczO-5jfVniA 1 1 190 0 65kb 65kb
Curator config file: config.yml file
client:
hosts:
- 127.0.0.1
port: 9200
url_prefix:
use_ssl: True
certificate: /etc/elasticsearch/certs/elastic-certificates.p12
client_cert:
client_key:
ssl_no_validate: False
http_auth: elastic:changeme
timeout: 30
master_only: False
logging:
loglevel: DEBUG
logfile:
logformat: default
blacklist: ['elasticsearch', 'urllib3']
Action file: action_file.yml
actions:
1:
action: delete_indices
description:
options:
ignore_empty_list: True
disable_action: False
filters:
- filtertype: pattern
kind: prefix
value: systemlog-
- filtertype: age
source: name
direction: older
timestring: '%Y.%m.%d'
unit: days
unit_count: 2
Kindly review my yml files and let me know what changes are required to delete indices.
Currently, I'm unable to delete systelog-* indices.