Specific retention duration for logs (Index Lifecycle Policy)

Hi guys,

I would need some help with Index Lifecycle Policies, and it's setup.

I need to set up winlogbeat to store data for X days and delete it afterward. Simple as that.
Tried different configurations in ILM but I can't force it to delete.

The policy now is just a Hot phase, and after 80 days delete:

PUT _ilm/policy/winlogbeat
{
  "policy": {
    "phases": {
      "hot": {
        "min_age": "0ms",
        "actions": {
          "set_priority": {
            "priority": 100
          }
        }
      },
      "delete": {
        "min_age": "80d",
        "actions": {
          "delete": {
            "delete_searchable_snapshot": true
          }
        }
      }
    }
  }
}

Tried Hot, Warm, Delete having them on separate Instances but that didn't do the trick either.

Is there a command that I need to run to reapply the adjusted policy on indices? If so what command and where to run it?

Thanks a lot in advance!

Did you follow this guide: Implementing Hot-Warm-Cold in Elasticsearch with Index Lifecycle Management | Elastic Blog ?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.