diff --git a/elk/README.md b/elk/README.md index 5de564f..6ea0608 100644 --- a/elk/README.md +++ b/elk/README.md @@ -4,3 +4,34 @@ ELK - Elasticsearch - Logstash - Kibana + +## Delete indices older than 7 days + +```yaml +--- +actions: + 1: + action: delete_indices + description: >- + Delete indices older than 7 days (based on index name), for logstash- + prefixed indices. Ignore the error if the filter does not result in an + actionable list of indices (ignore_empty_list) and exit cleanly. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: prefix + value: logstash- + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: 7 +``` + +```bash +$ pip install elasticsearch-curator +$ curator delete-indices.yml +``` diff --git a/elk/delete-indices.yml b/elk/delete-indices.yml new file mode 100644 index 0000000..8439fb9 --- /dev/null +++ b/elk/delete-indices.yml @@ -0,0 +1,21 @@ +--- +actions: + 1: + action: delete_indices + description: >- + Delete indices older than 7 days (based on index name), for logstash- + prefixed indices. Ignore the error if the filter does not result in an + actionable list of indices (ignore_empty_list) and exit cleanly. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: prefix + value: logstash- + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: 7