上篇,ES配置生命周期策略(一)只是根據官網驗證了demo,
本篇給出實際工作中的使用,供參考
步驟是四步(前三步相同):
1、配置策略(policy)
PUT _ilm/policy/ehr_prod_log_policy { "policy": { "phases": { "hot": { "actions": { "rollover": { "max_size": "30gb" } } }, "delete": { "min_age": "30d", "actions": { "delete": {} } } } } }
兩個階段,hot和delete;
索引超過30G,則執滾動;
delete階段,超過30天執行刪除動作。
2、索引模版(template)
PUT _template/ehr_prod_log_template { "index_patterns": ["ehr-prod-log-rollover-*"], "settings": { "number_of_shards": 1, "number_of_replicas": 1, "index.lifecycle.name": "ehr_prod_log_policy", "index.lifecycle.rollover_alias": "ehr-prod-log-rollover" } }
kafka中topic名稱ehr-prod-log,這里對應定義別名“ehr-prod-log-rollover”,logstash配置會用到。
3、索引(index)
PUT ehr-prod-log-rollover-00000001 { "aliases": { "ehr-prod-log-rollover": { "is_write_index": true } } }
4、Logstash配置
output { elasticsearch { hosts => ["**"] index => "ehr-prod-log-rollover" user => "ehr-prod" password => "***" } }
實戰中,通過logstash將日志從kafka采集到es,index => "ehr-prod-log-rollover",這里使用別名,與之對應。
則在es中對應生成對應索引,ehr-prod-log-rollover-0000000n,而對外使用別名即可。