我想删除所有比今天早30天的日志示例logstash文件名在
之下logstash-2016-11-30
是否有任何配置我可以设置一个值,通过它自动删除旧数据。
哪个是更好的选项配置(* .yml)文件或触发查询。
答案 0 :(得分:2)
对于Curator 4.1.2,您可以使用crontab上的下一行:
00 00 * * * curator --config /etc/logstash/curator/curator.yml /etc/logstash/curator/delete
/etc/logstash/curator/curator.yml就像
# Remember, leave a key empty if there is no value. None will be a string,
# not a Python "NoneType"
client:
hosts:
- 127.0.0.1
port: 9200
url_prefix:
use_ssl: False
certificate:
client_cert:
client_key:
aws_key:
aws_secret_key:
aws_region:
ssl_no_validate: False
http_auth:
timeout: 30
master_only: False
logging:
loglevel: INFO
logfile:
logformat: default
blacklist: ['elasticsearch', 'urllib3']
和/ etc / logstash / curator / delete就像:
# Remember, leave a key empty if there is no value. None will be a string,
# not a Python "NoneType"
#
# Also remember that all examples have 'disable_action' set to True. If you
# want to use this action as a template, be sure to set this to False after
# copying it.
actions:
1:
action: delete_indices
description: >-
#Delete older than 30 days
options:
ignore_empty_list: True
timeout_override:
continue_if_exception: False
disable_action: False #True
filters:
- filtertype: pattern
kind: prefix
value: logstash-
exclude:
- filtertype: age
source: creation_date
direction: older
unit: days
unit_count: 30
exclude:
您可以创建新动作并使用其他“年龄”过滤器,例如秒,分钟......