我们有些数据量小业务的日志是按照年保存的(index:logstash-chat-2017),但是有些数据量大的业务是按照天来保存的(index:logstash-bigchat-2017-03-02)。如果按照官方文档设置_delete_by_query,我们可不可以对以年为index:logstash-chat-2017的数据进行删除30天以前的数据?但是不影响30天以内的数据?求大神???
下面的命令可以删除7天以前的数据吗?
curl -u 用户名:密码 -H'Content-Type:application/json' -d'{
"query": {
"range": {
"@timestamp": {
"lt": "now-7d",
"format": "epoch_millis"
}
}
}
}
' -XPOST "http://127.0.0.1:9200/logstash ... ot%3B
下面的命令可以删除7天以前的数据吗?
curl -u 用户名:密码 -H'Content-Type:application/json' -d'{
"query": {
"range": {
"@timestamp": {
"lt": "now-7d",
"format": "epoch_millis"
}
}
}
}
' -XPOST "http://127.0.0.1:9200/logstash ... ot%3B
2 个回复
wyntergreg
赞同来自:
wuyinggui - elastic
赞同来自:
elasticsearch curator自动删除索引
pip install elasticsearch-curator
curator_cli --host 127.0.0.1 --port 9200 delete_indices --filter_list '[{"filtertype":"age","source":"creation_date","direction":"older","unit":"seconds","unit_count":13},{"filtertype":"pattern","kind":"prefix","value":"abc"}]'