脚本形式
#!/bin/bash #查询索引 echo `curl -s -XGET http://172.21.91.64:9200/_cat/indices?v -w '\n'` #只保留30天内的日志索引(删除30天前一天的日志) retain_time=$(date -d "30 days ago" +%Y.%m.%d) echo ${retain_time} es_api="http://172.21.91.64:9200/*-${retain_time}" echo ${es_api} #删除30天前一天的索引(无密码) #curl -XDELETE ${es_api} #删除30天前一天的索引(带密码) curl --user elastic:a4NDeiXSFTwaUVBSBIJV -XDELETE ${es_api} -w '\n'
验证:
curl https://172.21.91.64:9200/*-2021.11.16
curl -s -XGET http://172.21.91.64:9200/_cat/indices?v # 查看已经存储的空间
控制台方式
PUT _ilm/policy/auditbeat { "policy" : { "phases" : { "hot" : { "min_age" : "0ms", "actions" : { "rollover" : { "max_size" : "50gb", "max_age" : "30d" } } }, "delete": { "min_age": "30d", "actions": { "delete": {} } } } } }
