通过策展人删除超过一个小时的弹性搜索索引
Deleting elasticsearch indices which are older than an hour via curator
我在 elasticsearch 中有一些索引,其命名格式为 elk-console-YYYY-MM-DDtHH。例如:-
elk-console-2016-03-30t14
elk-console-2016-03-30t16
我想使用 curator 删除所有超过 1 小时的索引。所以我尝试执行以下命令:-
curator --host localhost delete indices --older-than 1 --time-unit hours --timestring '%Y-%m-%dt%H'
但它给了我以下输出:-
2016-04-22 16:27:36,049 INFO Job starting: delete indices
2016-04-22 16:27:36,058 INFO Pruning Kibana-related indices to prevent accidental deletion.
2016-04-22 16:27:36,058 WARNING No indices matched provided args: {'regex': None, 'index': (), 'suffix': None, 'newer_than': None, 'closed_only': False, 'prefix': None, 'time_unit': 'hours', 'timestring': u'%Y-%m-%dt%H', 'exclude': (), 'older_than': 1, 'all_indices': False}
No indices matched provided args: {'regex': None, 'index': (), 'suffix': None, 'newer_than': None, 'closed_only': False, 'prefix': None, 'time_unit': 'hours', 'timestring': u'%Y-%m-%dt%H', 'exclude': (), 'older_than': 1, 'all_indices': False}
我还尝试执行以下命令:-
curator --host localhost delete indices --older-than 1 --time-unit hours --timestring '%Y-%m-%dt%H' --prefix elk-console-
但仍然出现以下错误:-
2016-04-22 16:48:43,848 INFO Job starting: delete indices
2016-04-22 16:48:43,856 INFO Pruning Kibana-related indices to prevent accidental deletion.
2016-04-22 16:48:43,856 WARNING No indices matched provided args: {'regex': None, 'index': (), 'suffix': None, 'newer_than': None, 'closed_only': False, 'prefix': u'elk-console-', 'time_unit': 'hours', 'timestring': u'%Y-%m-%dt%H', 'exclude': (), 'older_than': 1, 'all_indices': False}
No indices matched provided args: {'regex': None, 'index': (), 'suffix': None, 'newer_than': None, 'closed_only': False, 'prefix': u'elk-console-', 'time_unit': 'hours', 'timestring': u'%Y-%m-%dt%H', 'exclude': (), 'older_than': 1, 'all_indices': False}
有人可以帮我解决一下我应该使用哪种 timestring 格式吗?
环境:-
- 策展人 3.5.1
- 弹性搜索 - 2.3.1
你快到了,你只是错过了 --prefix option
curator --host localhost delete indices --older-than 1 --time-unit hours --timestring %Y-%m-%dt%H --prefix elk-console
问题可能是索引名称模式反映了本地时间,但 Curator 以 UTC 进行计算。解决方案是更改软件以允许时区偏移。
正如 untergeek 所解释的 here
The problem is that it's treating the t as a special character, like a
. or a -. This is the first time I've encountered anyone using this
syntax, as most people have used hyphens or dots to separate things.
I may back port the fix to 3.x, but chances are good that I will not.
I'm adding the fix to the 4.x branch now.
我在 elasticsearch 中有一些索引,其命名格式为 elk-console-YYYY-MM-DDtHH。例如:-
elk-console-2016-03-30t14
elk-console-2016-03-30t16
我想使用 curator 删除所有超过 1 小时的索引。所以我尝试执行以下命令:-
curator --host localhost delete indices --older-than 1 --time-unit hours --timestring '%Y-%m-%dt%H'
但它给了我以下输出:-
2016-04-22 16:27:36,049 INFO Job starting: delete indices
2016-04-22 16:27:36,058 INFO Pruning Kibana-related indices to prevent accidental deletion.
2016-04-22 16:27:36,058 WARNING No indices matched provided args: {'regex': None, 'index': (), 'suffix': None, 'newer_than': None, 'closed_only': False, 'prefix': None, 'time_unit': 'hours', 'timestring': u'%Y-%m-%dt%H', 'exclude': (), 'older_than': 1, 'all_indices': False}
No indices matched provided args: {'regex': None, 'index': (), 'suffix': None, 'newer_than': None, 'closed_only': False, 'prefix': None, 'time_unit': 'hours', 'timestring': u'%Y-%m-%dt%H', 'exclude': (), 'older_than': 1, 'all_indices': False}
我还尝试执行以下命令:-
curator --host localhost delete indices --older-than 1 --time-unit hours --timestring '%Y-%m-%dt%H' --prefix elk-console-
但仍然出现以下错误:-
2016-04-22 16:48:43,848 INFO Job starting: delete indices
2016-04-22 16:48:43,856 INFO Pruning Kibana-related indices to prevent accidental deletion.
2016-04-22 16:48:43,856 WARNING No indices matched provided args: {'regex': None, 'index': (), 'suffix': None, 'newer_than': None, 'closed_only': False, 'prefix': u'elk-console-', 'time_unit': 'hours', 'timestring': u'%Y-%m-%dt%H', 'exclude': (), 'older_than': 1, 'all_indices': False}
No indices matched provided args: {'regex': None, 'index': (), 'suffix': None, 'newer_than': None, 'closed_only': False, 'prefix': u'elk-console-', 'time_unit': 'hours', 'timestring': u'%Y-%m-%dt%H', 'exclude': (), 'older_than': 1, 'all_indices': False}
有人可以帮我解决一下我应该使用哪种 timestring 格式吗?
环境:-
- 策展人 3.5.1
- 弹性搜索 - 2.3.1
你快到了,你只是错过了 --prefix option
curator --host localhost delete indices --older-than 1 --time-unit hours --timestring %Y-%m-%dt%H --prefix elk-console
问题可能是索引名称模式反映了本地时间,但 Curator 以 UTC 进行计算。解决方案是更改软件以允许时区偏移。
正如 untergeek 所解释的 here
The problem is that it's treating the
tas a special character, like a.or a-. This is the first time I've encountered anyone using this syntax, as most people have used hyphens or dots to separate things.I may back port the fix to 3.x, but chances are good that I will not. I'm adding the fix to the 4.x branch now.