惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Tenable Blog
Last Week in AI
Last Week in AI
P
Proofpoint News Feed
Engineering at Meta
Engineering at Meta
H
Help Net Security
F
Fortinet All Blogs
MyScale Blog
MyScale Blog
宝玉的分享
宝玉的分享
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
博客园 - 司徒正美
量子位
N
Netflix TechBlog - Medium
Apple Machine Learning Research
Apple Machine Learning Research
小众软件
小众软件
Recorded Future
Recorded Future
博客园 - 三生石上(FineUI控件)
Vercel News
Vercel News
aimingoo的专栏
aimingoo的专栏
I
InfoQ
Microsoft Security Blog
Microsoft Security Blog
Scott Helme
Scott Helme
The Last Watchdog
The Last Watchdog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
IT之家
IT之家
AI
AI
WordPress大学
WordPress大学
Security Archives - TechRepublic
Security Archives - TechRepublic
Google Online Security Blog
Google Online Security Blog
U
Unit 42
V2EX - 技术
V2EX - 技术
MongoDB | Blog
MongoDB | Blog
Schneier on Security
Schneier on Security
博客园 - Franky
H
Heimdal Security Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Jina AI
Jina AI
W
WeLiveSecurity
P
Privacy & Cybersecurity Law Blog
Cloudbric
Cloudbric
B
Blog RSS Feed
N
News | PayPal Newsroom
S
Securelist
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
I
Intezer
Hacker News - Newest:
Hacker News - Newest: "LLM"
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
博客园_首页
罗磊的独立博客
H
Hackread – Cybersecurity News, Data Breaches, AI and More
雷峰网
雷峰网

运维 on 打工人日志

Tmux 安装和使用教程 GNU/Linux 一键更换系统软件源脚本 在windows上安装appium 可观测性和监控的区别 systemd 守护命令 Linux crontab 命令 linux常用命令 linux基础知识 yaml 语法 iptables 基础知识 网络基础知识 linux服务基础知识 mysql基础知识 shell基础知识 运维知识图谱
使用 ElasticSearch Curator 7天定期删除日志
2023-11-06 · via 运维 on 打工人日志

使用 ElasticSearch Curator 7天定期删除日志

背景

Curator 是 Elastic 官方发布的一个管理 Elasticsearch 索引的工具,可以完成许多索引生命周期的管理工作。
我使用的 elasticseraech 8.0 以上的版本,所有我直接安装最新版的curator,服务器是centos 7 的

二进制安装

下载

1wget https://packages.elastic.co/curator/5/centos/7/Packages/elasticsearch-curator-5.8.4-1.x86_64.rpm

安装 curator

1rpm -ivh elasticsearch-curator-5.8.4-1.x86_64.rpm
2curator --version

进入安装文件,创建文件

1cd /opt/elasticsearch-curator
2mkdir log
3cd log
4touch run.log

创建config.yml文件在log目录下

config.yml样例如下: 配置说明参考官网说明:config.yml

 1# Rmember, leave a key empty if there is no value.  None will be a string,
 2# not a Python "NoneType"
 3client:
 4  hosts: 
 5    - 192.168.10.17  # elasticsearch IP 地址
 6  port: 9200
 7  url_prefix:
 8  use_ssl: False
 9  certificate:
10  client_cert:
11  client_key:
12  ssl_no_validate: False
13  http_auth: elastic:password # elastic 密码,没有就不用写
14  timeout: 30
15  master_only: False
16
17logging:
18  loglevel: INFO
19  logfile: /opt/elasticsearch-curator/log/run.log
20  logformat: default
21  blacklist: ['elasticsearch', 'urllib3']

创建 elk-7-action.yml 执行 7天自动删除所有日志

aelk-7-action.yml 样例如下: 配置说明参考官网说明:action.yml

 1# Remember, leave a key empty if there is no value.  None will be a string,
 2# not a Python "NoneType"
 3#
 4# Also remember that all examples have 'disable_action' set to True.  If you
 5# want to use this action as a template, be sure to set this to False after
 6# copying it.
 7actions:
 8  1:
 9    action: delete_indices
10    description: >-
11      Delete indices older than 7 days (based on index creation_date)      
12    options:
13      timeout_override:
14      continue_if_exception: False
15      disable_action: False
16    filters:
17    - filtertype: age
18      source: creation_date 
19      direction: older 
20      unit: days
21      unit_count: 7

执行

1curator --config /opt/elasticsearch-curator/log/config.yml /opt/elasticsearch-curator/log/elk-7-action.yml

定时执行

1crontab -e
20 0 * * * curator --config /opt/elasticsearch-curator/log/config.yml /opt/elasticsearch-curator/log/elk-7-action.yml

wq 保存定时任务

总结

curator适用于基于时间或者template其他方式创建的索引,不适合单一索引存储N久历史数据的操作的场景。