Using Elasticsearch 5.1 and Curator version is 4.3 in Centos 7
I am having some indices in elasticsearch whose naming format is sample.data.YYYY_MM_DD , sample.file.YYYY_MM_DD
For example:-
sample.data.2019_07_22
sample.data.2019_07_23
sample.data.2019_07_25
sample.data.2019_07_26
sample.data.2019_07_28
sample.file.2019_07_21
sample.file.2019_07_25
sample.file.2019_07_26
sample.file.2019_07_29
I have used to run the action file by using the below command in Linux.
curator –config /root/config.yml /root/action_file.yml
I wanted to delete all indices except the recent index which is have created newer [ sample.data.2019_07_28, sample.file.2019_07_29 ]
This is the which i tried :-
---
actions:
1:
action: delete_indices
description: "Delete indices older than 3 days (based on index name), for workflow- prefixed indices. Ignore the error if the filter does not result in an actionable list of indices (ignore_empty_list) and exit cleanly."
filters:
-
exclude: ~
filtertype: pattern
kind: prefix
value: sample.*.
-
direction: older
exclude: ~
filtertype: age
source: name
timestring: "%Y%m%d"
unit: days
unit_count: 3
options:
continue_if_exception: false
disable_action: false
ignore_empty_list: true
timeout_override: ~
Its deleting overall indices even though i have used the below function also,
- filtertype: count
count: 4
Expected output be like :-
sample.data.2019_07_28
sample.file.2019_07_29
2
Answers
I think you should change your
timestring
fromtimestring: "%Y%m%d"
totimestring: "%Y_%m_%d"
. When I test with a dry run I get:Hope that helps.
I think you should upgrade to Curator 5.7, which fully supports Elasticsearch v5, and provides the count filter, which can sort indices by age and keep only n indices. Using the exclude flag, you can exclude the most recent index, and then use the regular age filter.