Hello all,
Thanks in advance
I want to delete the logs which are older 3 days from my elastic search index
I have read about curator and have few doubts pertaining to it. I was wondering what exactly rollover option does in curator and what configuration changes needs to be done in elasticsearch.yml to make this option work.
Do I have to create a new index with this option or can I use the existing indices to accommodate my need
It simply executes the Rollover API.
Nothing needs to be changed in elasticsearch.yml. It's only a series of normal API calls. Please refer to the Rollover API documentation to see how to create your initial index & alias.
if i have created an initial index using the logstash.conf will that impact the proceeding
I do have a index already created using the logstash.conf which i want use it, is that possible
That will depend on the index name, and whether you can point an alias at it.
I have my indices created per day basis my intent is to store 30 days of logs at any give point of time
example:06/12/2018-07/11/2018
on 07/12 i want to delete 06/12
can i use curator to achieve this
Yes. But if you're doing daily indices, you don't need Rollover. You can just use the regular age filter to catch indices older than a set number of days.
Hey @theuntergeek
If I don't want to use the curator is there way to delete time based indices
i have indices created per day and want to delete indices which are older than 30 days
Will there be any performance impact
Sure. Write your own script that makes the API calls you want.
There would be a performance impact for keeping indices for a longer period of time, but generally not an impact for deleting them.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.