Hello,
I created an index with their fields in kibana and I am ingesting logs to them. In coming days I will have a lot of logs, how can i do to deleted the older 7 days logs as an automatical task with version 7.x ?
Thanks for the support,
Tania
Are you using a single index or time based ones?
Here my index configuration based on time series data:
{
"mapping": {
"properties": {
"@timestamp": {
"type": "date"
},
"@version": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"code_status": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"dial_ms": {
"type": "float"
},
"dns_lookup_ms": {
"type": "float"
},
"endpoint": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"host": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"message": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"path": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"receive_response_ms": {
"type": "float"
},
"send_body_ms": {
"type": "float"
},
"send_headers_ms": {
"type": "float"
},
"total_response_time": {
"type": "float"
},
"wait_for_response_ms": {
"type": "float"
}
}
}
}
It is based on timestamp, so reading this field it could be cleaned up the old data
So your indices have a timestamp in their name as well?
i am ingesting the data by csv, the timestamp is created automatically with logstash
Hello,
Finally is it possible to afford with curator 5.7? No sure if it will delete all the index data, i just want to keep the more recent data.
Best regars,
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.