hello
Im would delete before 24 hours elasticsearch document
And put this inside the cron
what is the query " delete before 24 hours elasticsearch document" ??
my elk server received log from 4 nginx server,
I just want to keep logs 24 hours in advance,
And the rest of it will be erased
curl -XDELETE 'http://localhost:9200/filebeat-2018.02.07/_query' -d '
{
"query": {
"filtered" : {
"query" : {
"term" : { "termName" : "termValue" }
},
"filter" : {
"range" : { "@timestamp" : { "lt" : "now-30d" }}
}
}
}
}'
Something like that
Why does not someone answer?
Read this and specifically the "Also be patient" part.
Here is the documentation for the delete by query: https://www.elastic.co/guide/en/elasticsearch/reference/6.2/docs-delete-by-query.html
Thankful
I solved the problem using this command
curator_cli --host 127.0.0.1 --timeout 300 --port 9200 --http_auth elastic:changeme delete_indices --filter_list '[{"filtertype":"age", "source":"name", "direction":"older", "unit":"days", "unit_count":1, "timestring":"%Y.%m.%d"}]'
I just want to put this command inside the cron or crontab ??
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.