i'm trying come best way purge logs logstash server more 2 weeks old.
for aren't aware, logstash stores it's logs inside of elasticsearch. have great stable elk stack (elasticsearch/logstash/kibana) work.
the typical way of deleting logstash index curl command one:
#curl --user admin -xdelete http://localhost:9200/logstash-2015.06.06 enter host password user 'admin': {"acknowledged":true} now i'm looking programmatic way of changing dates in logstash index automatically purge index that's greater 2 weeks old.
i'm thinking of using bash done.
i'd appreciate examples of how or advice may have!
thanks
thanks!! think can me going using auth?
this tried far:
[root@logs:~] #curator --help | grep -i auth --http_auth text use basic authentication ex: user:pass [root@logs:~] #curator delete indices --older-than 14 --time-unit days --timestring %y.%m.%d --regex '^logstash-' --http_auth admin:secretsauce error: no such option: --http_auth [root@logs:~] #curator delete indices --older-than 14 --time-unit days --timestring %y.%m.%d --regex '^logstash-' --http_auth admin:secretsauce error: no such option: --http_auth [root@logs:~] #curator delete indices --http_auth admin:secretsauce --older-than 14 --time-unit days --timestring %y.%m.%d --regex '^logstash-' error: no such option: --http_auth
use curator. delete indexes older 14 days can run command:
curator delete indices --older-than 14 --time-unit days --timestring %y.%m.%d --regex '^logstash-' 
Comments
Post a Comment