Logstash的日志轮换脚本以清除大于两周的日志 [英] log rotation script for logstash to purge logs greater than two weeks old

问题描述

我正在尝试提出一种最佳方法，该方法是从两周以上的Logstash服务器中清除日志.

I'm trying to come up with the best way to purge the logs from a logstash server that are more than two weeks old.

对于那些不知道的人，Logstash将其日志存储在Elasticsearch中.在我工作的地方，我们有一个非常稳定的ELK堆栈(Elasticsearch/Logstash/Kibana).

For those that aren't aware, Logstash stores it's logs inside of Elasticsearch. We have a really great stable ELK stack (Elasticsearch/Logstash/Kibana) where I work.

删除logstash索引的典型方法是使用curl命令，如下所示:

The typical way of deleting a logstash index is with a curl command like this one:

#curl --user admin -XDELETE http://localhost:9200/logstash-2015.06.06
Enter host password for user 'admin':
{"acknowledged":true}

现在我正在寻找的是一种编程方式，可以更改logstash索引中的日期，以自动清除大于两个星期的任何索引.

Now what I'm looking for is a programmatic way of changing the dates in the logstash index to automatically purge any index that's greater than two weeks old.

我正在考虑使用bash来完成此操作.

I'm thinking of using bash to get this done.

我将不胜感激如何执行此操作的任何示例或您可能会有的建议！

I'd appreciate any examples of how to do this or advice you may have!

谢谢

谢谢！但是您认为您可以使用auth来帮助我解决这个问题吗?

Thanks!! But do you think you can help me get this going using auth?

这是我到目前为止尝试过的:

This is what I tried so far:

[root@logs:~] #curator --help | grep -i auth
  --http_auth TEXT   Use Basic Authentication ex: user:pass
[root@logs:~] #curator delete indices --older-than 14 --time-unit days --timestring %Y.%m.%d --regex '^logstash-' --http_auth admin:secretsauce
Error: no such option: --http_auth
[root@logs:~] #curator delete indices --older-than 14 --time-unit days --timestring %Y.%m.%d --regex '^logstash-' --http_auth admin:secretsauce
Error: no such option: --http_auth
[root@logs:~] #curator delete indices --http_auth admin:secretsauce --older-than 14 --time-unit days --timestring %Y.%m.%d --regex '^logstash-'
Error: no such option: --http_auth

推荐答案

使用 Curator .要删除超过14天的索引，您可以运行以下命令:

Use Curator. To delete indexes older than 14 days you can run this command:

curator delete indices --older-than 14 --time-unit days --timestring %Y.%m.%d --regex '^logstash-'

这篇关于Logstash的日志轮换脚本以清除大于两周的日志的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！