Pruning Data From Elasticsearch
Elasticsearch provides tooling to prune index data through its Curator utility. For more information about the Curator utility, see Curator Reference.
The following is a sample invocation that you can configure through Cron to prune indexes based on timestamp in the index name.
/opt/elasticsearch-curator/curator_cli --host localhost delete_indices --filter_list ' { "filtertype": "age", "source": "name", "timestring": "%Y.%m.%d", "unit": "days", "unit_count": 10, "direction": "older” }'
Using name
as the source
tells Curator to look for a
timestring
within the index or snapshot name, and convert that into an epoch
timestamp (epoch implies UTC).
For finer-grained control over the indexes that will be pruned, you can also provide
multiple filters as an array of JSON objects to filter_list
. There is an implicit
logical AND
when chaining multiple filters.
--filter_list '[{"filtertype":"age","source":"creation_date","direction":"older","unit":"days","unit_count":13}, {"filtertype":"pattern","kind":"prefix","value":"logstash"}]'