This is our current curator actionfile:
actions: 1: action: delete_indices description: "Delete indices over 7 days old." options: ignore_empty_list: True filters: - filtertype: age source: name direction: older timestring: '%Y.%m.%d' unit: days unit_count: 7 exclude: False - filtertype: pattern kind: regex value: '^.*string1*' exclude: True - filtertype: pattern kind: regex value: '^.*string2*' exclude: True - filtertype: pattern kind: regex value: '^.*string3*' exclude: True
So the idea is that this should delete all indices OVER 7 days old EXCEPT indices containing string1, string2, or string3. However, running a _cat/indices on my cluster, I am seeing a number of old indices which don't contain those string values, but curator returns this:
2017-02-14 03:27:47,968 INFO Preparing Action ID: 1, "delete_indices" 2017-02-14 03:27:47,977 INFO Trying Action ID: 1, "delete_indices": Delete indices over 7 days old. 2017-02-14 03:27:48,055 INFO Skipping action "delete_indices" due to empty list: <class 'curator.exceptions.NoIndices'> 2017-02-14 03:27:48,055 INFO Action ID: 1, "delete_indices" completed. 2017-02-14 03:27:48,055 INFO Job completed.
I am 100% sure that none of those indices names contain the values "string1", "string2", or "string3", and all of them are named using the appropriate date-naming convention, ex.
This is my curator.yml file:
client: hosts: - HOST_IP port: 9200 timeout: 900 master_only: True
Is my curator filter written correctly for my goal?? It appears to me to be so, and I thought it had worked in the past but I'm unclear as to why it is not functioning now. Are there other checks I can run to see more in-depth what is happening when I run curator??