ELK study notes the Elasticsearch delete the specified date data (+ script timed tasks)

Others 2019-11-27 18:56:16 views: null

0x00 Overview

Currently ES version is 6.3.x, after a long period of accumulation, within the ES more and more data, you need to delete the log before the specified log.

For example, only requires 60 days of the log, then it would drop all indexes and logs 60 days before.

 

Before the day XX 0x01 ES delete indexes and data

# ! / Bin / SH 
# ES version 6.3.x 


function delIndex () 
{ 
        # Index Enter the name you want to delete here, for example, to delete filebeat-xxx index log, here to enter 'filebeat-' 
        index_name = $ 1 # the number of days here enter data retention, for example, you want to keep the last 60 days of data, here to enter 60 
        savedays = $ 2 # $ 3 variable is the number of days, for example, you want to keep 60 days of data, enter here 90, it is to be deleted first 60 to 90 days of data of this time, 60 <= 90 the while [savedays -le $ $. 3 ] 
        do # where es is the index date format, some 2019.11.26, some 2019-11-26 
                format_day = ' % the Y .% m.% D ' # format_day ='% Y-M-% D% ' # timestamp part by the index date command here, e.g. 2019.11.26 or 2019-11-26 
                sevendayago = `date -d "
        
        
        
                
                
                
                - $ {} savedays Day " + $ {}` format_day 
                
                # index up a complete data es Here, the data format or filebeat-2019.11.26-2019-11-26 filebeat 
                index = $ $ index_name sevendayago
                 # echo $ sevendayago 
                echo index $ 
                curl -XDELETE " http://127.0.0.1:9200/${index} " 
                # Exit 0 
                
                # delete index finished day 60, day 61 to start deleting the index until the first 90 days 
                savedays = `expr savedays. 1 + $ ` 
        DONE 
} 

# before deleting index close to the index, and then delete the index 
# logic logically consistent with the above to delete 
function closeIndex () 
{ 
        index_name=$1
        savedays=$2
        while [ $savedays -le $3 ]
        do

                format_day='%Y.%m.%d'
                #format_day='%Y-%m-%d'
                sevendayago=`date -d "-${savedays} day " +${format_day}`
                index=$index_name$sevendayago
                #echo $sevendayago
                echo $index
                curl -XPOST "http://127.0.0.1:9200/${index}/_close?pretty"
                #exit 0
                expr $ = `savedays savedays. 1 + ` 
        DONE 
} 

# close to Day 60 Day 90 Index 
closeIndex 'filebeat-' 60 90 # Remove the 60th day to the 90th day index 
deleteIndex 'filebeat-' 60 90

 

0x03 summary

The above shell script content can be made by adding crontab regular tasks.

 

Guess you like

Origin www.cnblogs.com/JetpropelledSnake/p/11944381.html
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com