问题描述

我以Logstash-Year-Week格式索引了许多我的日志。那就是如果我想删除几周以前的索引，那我怎么能在弹性搜索中实现呢？有没有一个简单，无缝的方式来做到这一点？

I have the many of my logs indexed in logstash-Year-Week format. That is if i want to delete indices older than a few weeks, how can I achieve that in elasticsearch. Is there an easy, seamless way to do that?

推荐答案

策展人将是一个理想的比赛。
您可以在这里找到链接 -

Curator would be an ideal match here.You can find the link here - https://github.com/elastic/curator

以下命令应该可以正常工作 -

A command like below should work just fine -

curator --host <IP> delete indices --older-than 30 --prefix "twitter-" --time-unit days  --timestring '%Y-%m-%d'

您可以在CRON中保留，以便偶尔删除索引。

You can keep in this in the CRON for removing the indices occasionally.

您可以在这里找到一些例子和文档 -

You can find some examples and docs here - https://www.elastic.co/guide/en/elasticsearch/client/curator/current/examples.html

这篇关于去除弹性材料中的旧指数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！