elasticsearch-curator解决什么问题

自动化清理es索引

版本对应的es

https://www.elastic.co/guide/en/elasticsearch/client/curator/current/version-compatibility.html

安装

pip3 install elasticsearch-curator

使用

#获取所有索引
curator_cli --host 10.33.4.160 --port 9200 show_indices --verbos


#configuration配置文件
---
# Remember, leave a key empty if there is no value.  None will be a string,
# not a Python "NoneType"
client:
  hosts:
    - 10.33.4.160
  port: 9200
  url_prefix:
  use_ssl: False
  certificate:
  client_cert:
  client_key:
  ssl_no_validate: False
  http_auth:
  timeout: 30
  master_only: False

logging:
  loglevel: INFO
  logfile: /var/log/curator.log
  logformat: default
  blacklist: ['elasticsearch', 'urllib3']
  
#定时任务
0 14 * * * curator --config ~/.curator/curator.yml ~/.curator/action.yml & >/dev/null 2>&1

client:
  hosts:
    - 172.16.0.137
  port: 9200
  url_prefix:
  use_ssl: False
  certificate:
  client_cert:
  client_key:
  ssl_no_validate: False
  http_auth:
  timeout: 30
  master_only: False

logging:
  loglevel: INFO
  logfile: /export/logs/curator.log
  logformat: default
  blacklist: ['elasticsearch', 'urllib3']

actions:
  7:
    action: delete_indices
    description: "Delete indices older than 180 days (based on index name), for logstash- prefixed indices."
    options:
      timeout_override:
      continue_if_exception: False
      disable_action: False
    filters:
    - filtertype: pattern
      kind: prefix
      value: hdgg_nginx_access-
    - filtertype: age
      source: name
      direction: older
      unit: days
      unit_count: 90
      timestring: '%Y.%m.%d'


  14:
    action: delete_indices
    description: >-
      Close indices older than 30 days (based on index name), for syslog-
      prefixed indices.
    options:
      timeout_override:
      continue_if_exception: False
      disable_action: False
    filters:
    - filtertype: pattern
      kind: prefix
      value: cdn-log-
    - filtertype: age
      source: name
      direction: older
      timestring: '%Y.%m.%d'
      unit: days
      unit_count: 180
      

actions:
  1:
    action: close
    description: >-
      Close indices older than 30 days (based on index name), for syslog-
      prefixed indices.
    options:
      ignore_empty_list: True
      delete_aliases: False
#      disable_action: True
    filters:
    - filtertype: pattern
      kind: prefix
      value: auditlog-
    - filtertype: age
      source: name
      direction: older
      timestring: '%Y-%m-%d'
      unit: days
      unit_count: 15


  22:
    action: delete_indices
    description: "Delete indices older than 30 days (based on index name), for adx-stat- prefixed indices."
    options:
      timeout_override:
      continue_if_exception: False
      disable_action: False
    filters:
    - filtertype: pattern
      kind: prefix
      value: adx-stat-
    - filtertype: age
      source: name
      direction: older
      unit: days
      unit_count: 15
      timestring: '%Y.%m.%d'
      
#一次性执行

很直观的配置，每个参数的含义都很清楚。这里需要指出的是，如果不配置参数的话，留空，即可，不要画蛇添足的写None。

另外，logfile如果不填的话，默认是输出到stdout。推荐是存储到文件中。如上例。