http://127.0.0.1:9200/_cat/indices?v
-
-
#刪除ELK30天前的日志
-
-
DATE=`date -d "30 days ago" +%Y.%m.%d`
-
-
curl -s -XGET http://127.0.0.1:9200/_cat/indices?v| grep $DATE | awk -F '[ ]+' '{print $3}' >/tmp/elk.log
-
-
for elk in `cat /tmp/elk.log`
-
-
do
-
-
curl -XDELETE "http://127.0.0.1:9200/$elk"
-
-
done
二:加入到定時任務
-
# crontab -e -
-
#每天凌晨1點定時清理elk索引 -
-
00 01 * * * bash /server/scripts/elk.sh &>/dev/null
注意:保證crond服務是啟動的
[root@server scripts]# service crond status
crond (pid 1999) is running...
++++++腳本2未驗證++++++++++++++++++++++++++++++
腳本2
#/bin/bash
#es-index-clear
#只保留7天內的日志索引
LAST_DATA=`date -d "-7 days" "+%Y.%m.%d"`
#刪除上個月份所有的索引
curl -u elastic:xxxx(密碼) -XDELETE 'http://192.168.12.31:9200/*-'${LAST_DATA}'*'