Code Snippet

Just another Code Snippet site

#2260

[How-To] ELK

OLIVIER COMBE | How-To | 2

Elasticsearch commands :

Create simple lifecycle policy with a retention of 30 days :

curl -XPUT http://${host}/_ilm/policy/delete-older-than-30-days -H 'Content-Type: application/json' -d '
{"policy":{"phases":{"hot":{"min_age":"0ms","actions":{"set_priority":{"priority":100}}},"delete":{"min_age":"30d","actions":{"delete":{}}}}}}
'

Create a simple template with Lifecycle policy:

curl -XPUT http://${host}/_template/template_TEMPLATE_NAME -H 'Content-Type: application/json' -d '
{"order":0,"index_patterns":["index-pattern-1-*", "index-pattern-2-*", "index-pattern-3-*"],"settings":{"index":{"lifecycle":{"name":"delete-older-than-30-days"},"blocks":{"read_only_allow_delete":"false"}}},"mappings":{},"aliases":{}}
'

Enable read/write on all indexes:

curl -XPUT http://${host}/_all/_settings?pretty -H 'Content-Type: application/json' -d '
{"index.blocks.read_only_allow_delete": false}
'

Create lifecycle policy with a retention of 10 days and a rollowver of 5 days :

curl -XPUT http://${host}/_ilm/policy/rollover-5-days-delelte-10-days -H 'Content-Type: application/json' -d '
{
  "policy": {
    "phases": {
      "hot": {
        "min_age": "0ms",
        "actions": {
          "rollover": {
            "max_age": "5d",
            "max_size": "5gb"
          },
          "set_priority": {
            "priority": 100
          }
        }
      },
      "warm": {
        "min_age": "5d",
        "actions": {
          "readonly": {},
          "set_priority": {
            "priority": 50
          }
        }
      },
      "delete": {
        "min_age": "10d",
        "actions": {
          "delete": {}
        }
      }
    }
  }
}
'






						
, , , , , 

			

			

				
				
			

		

			

				






	
			
2 thoughts on “[How-To] ELK

		
    
				
  • 
				
    
				
    
						OLIVIER COMBE says:		
    
		
		
    
			15/02/2021 at 13:17		
    

		
    CURATOR : 
    

    Add Yum repo : 
    

    [curator-5]
name=CentOS/RHEL 7 repository for Elasticsearch Curator 5.x packages
baseurl=https://packages.elastic.co/curator/5/centos/7
gpgcheck=1
gpgkey=https://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1

    

    Install
    

    yum install -y elasticsearch-curator

    

    List APM Indices : 
    

    curator_cli --host localhost show_indices --filter_list '[{"filtertype":"pattern","kind":"prefix","value":"apm-"}]'

    

    Delete any span indices older than 1 day:
    

    curator_cli --host localhost delete_indices --filter_list '[{"filtertype":"pattern","kind":"prefix","value":"apm-7.11.0-span-"}, {"filtertype":"age","source":"name","timestring":"%Y.%m.%d","unit":"days","unit_count":1,"direction":"older"}]'

    

		
    Reply
    
				
    
		
    • 
		
  • 
				
    
				
    
						OLIVIER COMBE says:		
    
		
		
    
			07/04/2022 at 09:51		
    

		
    Error “this cluster currently has [1000]/[1000] maximum shards open”
    

    curl -X PUT localhost:9200/_cluster/settings -H "Content-Type: application/json" -d '{ "persistent": { "cluster.max_shards_per_node": "3000" } }'

    

		
    Reply
    
				
    
		
    • 
		

	
	

		

		
Leave a Reply 
			

				
Your email address will not be published. Required fields are marked *