Hi guys,
I would need some help with Index Lifecycle Policies, and it's setup.
I need to set up winlogbeat to store data for X days and delete it afterward. Simple as that.
Tried different configurations in ILM but I can't force it to delete.
The policy now is just a Hot phase, and after 80 days delete:
PUT _ilm/policy/winlogbeat
{
"policy": {
"phases": {
"hot": {
"min_age": "0ms",
"actions": {
"set_priority": {
"priority": 100
}
}
},
"delete": {
"min_age": "80d",
"actions": {
"delete": {
"delete_searchable_snapshot": true
}
}
}
}
}
}
Tried Hot, Warm, Delete having them on separate Instances but that didn't do the trick either.
Is there a command that I need to run to reapply the adjusted policy on indices? If so what command and where to run it?
Thanks a lot in advance!