Hi All, what will be the best approach to implement policy where only last 3months of logs are being kept and analysed in the elasticsearch?
I'm currently testing curator- any advise on best approach?
Thanks a lot guys.
Cheers, Tomek
Curator is 100% the best option.
Thanks Mark, any recommendations on the commands I can use to keep logs for only certain time? I'm using curator version 3.5.1
Cheers, Tomek
https://www.elastic.co/guide/en/elasticsearch/client/curator/3.5/index.html is the best bet for that, I'd have to refer to it anyway 
That's fine Mark, no probs, I will digest the document and try to figure out some commands,
Will share the most useful in this thread,
Cheers, Tomek