Why?
You can use curator to manipulate elastic search indices. For example shrink or delete old ones.
Install
After installing elasticsearch in debian based:
Maker sure to add source to list (or you may have an old version installed instead):
Add to /etc/apt/sources.list.d/:
deb [arch=amd64] https://packages.elastic.co/curator/5/debian stable main
Then run:
apt-get update apt-get install elasticsearch-curator
Create config file (~/.curator/curator.yml)
client:
hosts:
- 127.0.0.1
port: 9200
url_prefix:
use_ssl: False
certificate:
client_cert:
client_key:
ssl_no_validate: False
http_auth:
timeout: 30
master_only: False
logging:
loglevel: INFO
logfile:
logformat: default
blacklist: ['elasticsearch', 'urllib3']
Create action file(s)
For example, to delete old indices (~/delete-indices.yml):
actions:
1:
action: delete_indices
description: >-
Delete logstash indices older than 7 days (based on index name)
options:
ignore_empty_list: True
disable_action: False
filters:
- filtertype: pattern
kind: prefix
value: logstash-
- filtertype: age
source: name
direction: older
timestring: '%Y.%m.%d'
unit: days
unit_count: 7
2:
action: delete_indices
description: >-
Delete all indices older than 30 days
options:
ignore_empty_list: True
disable_action: False
filters:
- filtertype: age
source: name
direction: older
timestring: '%Y.%m.%d'
unit: days
unit_count: 30
Execute Action
curator --dry-run ~/delete-indices.yml