定时自动清理elasticsearch的索引

1.1 查看索引的方法

1.2 手动删除索引的方法

1.3 脚本清理索引

1.4 定时任务

1.1 查看索引的方法

说明：我这里是将elasticsearch、kibana、logstash装在一台机器上的

#在elasticsearch服务器上查看索引的方法

[root@node1~]# curl -s -XGET "http:// 192.168.10.138:9200/_cat/indices/?v"

health status index uuid pri rep docs.count docs.deleted store.size ri.store.size

yellow open 15_tomcat_18080_catalina_log-2019.01.03 Qzu1PAijSvSJ6rybjDKnjw 5 1 15673 0 7.5mb 7.5mb

yellow open 15_tomcat_18080_catalina_log-2019.01.01 FEncA358SGWGQEjpPQssKw 5 1 10184 0 2.9mb 2.9mb

yellow open 15_tomcat_18080_access_log-2019.01.02 -E-lGyX-Q1y8SfT90Vs5gg 5 1 28453 0 11.2mb 11.2mb

yellow open 15_tomcat_18080_access_log-2019.01.01 U8JpFg71SpS_VfriuTaK4g 5 1 9908 0 3.5mb 3.5mb

yellow open 15_tomcat_18080_access_log-2018.12.29 aavDE8WCR6SO-EebsfT5nw 5 1 16947 0 6.6mb 6.6mb

yellow open 15_tomcat_18080_catalina_log-2018.12.29 voIZxKYZQjCYZ4uVNMF8hA 5 1 26620 0 6.1mb 6.1mb

yellow open 15_tomcat_18080_access_log-2018.12.31 HjOALHc4Qjuy3mqxP4E76w 5 1 9921 0 3.7mb 3.7mb

yellow open 15_tomcat_18080_access_log-2018.12.30 VmO5vs0RTo6NWc7szPsjGA 5 1 10365 0 3.7mb 3.7mb

yellow open 15_tomcat_18080_access_log-2018.12.28 vIC-vjIhT_2mihMkjQXBJA 5 1 19937 0 7.7mb 7.7mb

yellow open 15_tomcat_18080_catalina_log-2018.12.30 pNRZJM2sTBSwzNqf8dCq3Q 5 1 8397 0 2.6mb 2.6mb

yellow open 15_tomcat_18080_catalina_log-2019.01.02 OZq6W0yOSg-IlU330o5WWg 5 1 37074 0 8.9mb 8.9mb

yellow open 15_tomcat_18080_catalina_log-2018.12.28 KynABrOzTA6qvpOX67616w 5 1 30547 0 7.2mb 7.2mb

yellow open 15_tomcat_18080_access_log-2019.01.03 cAqaJqxjRA2iS247FvmIEQ 5 1 10362 0 8.2mb 8.2mb

yellow open 15_tomcat_18080_catalina_log-2018.12.31 CbSWZYFCS4ugQMJJ7_ajww 5 1 9385 0 2.7mb 2.7mb

yellow open .kibana MJjn54fLSryzogaxoeOaZw 1 1 9 1 62.6kb 62.6kb

#将索引进行排序

[root@node-1~]# curl -s -XGET "http://192.168.10.138:9200/_cat/indices/?v"| grep -Ev "index|.kibana" |awk -F " " '{print $3}'|sort

15_tomcat_18080_access_log-2018.12.28

15_tomcat_18080_access_log-2018.12.29

15_tomcat_18080_access_log-2018.12.30

15_tomcat_18080_access_log-2018.12.31

15_tomcat_18080_access_log-2019.01.01

15_tomcat_18080_access_log-2019.01.02

15_tomcat_18080_access_log-2019.01.03

15_tomcat_18080_catalina_log-2018.12.28

15_tomcat_18080_catalina_log-2018.12.29

15_tomcat_18080_catalina_log-2018.12.30

15_tomcat_18080_catalina_log-2018.12.31

15_tomcat_18080_catalina_log-2019.01.01

15_tomcat_18080_catalina_log-2019.01.02

15_tomcat_18080_catalina_log-2019.01.03

1.2 手动删除索引的方法

#手动删除15_tomcat_18080_catalina_log-2018.12.28索引

curl -XDELETE "http:// 192.168.10.138:9200/15_tomcat_18080_catalina_log-2018.12.28"

#手动删除15_tomcat_18080_access_log-2018.12.28索引

curl -XDELETE "http:// 192.168.10.138:9200/15_tomcat_18080_access_log-2018.12.28"

1.3 脚本清理索引

#注意

01：该脚本需要添加到定时任务中去，让其定时自动清理索引

02：如果elasticsearch运行了一段时间后，那么是无法删除7天前的数据

03：该脚本是删除当前时间前的第7天的索引（不需要索引的名称有一定的规则）

04：所以需要在部署好elasticsearch后，就把脚本添加到定时任务中去。

[root@node-1 scripts]# cat delete_elk_indexs.sh

#!/bin/bash

#

# Define variables

RETVAL=0

Port=9200

Ip=192.168.1.135

Time1=$(date +%Y.%m.%d)

Time2=$(date +%Y.%m.%d -d "-7day")

# Determine the user to execute

if [ "$UID" -ne "$RETVAL" ];then

echo "Must be root to run scripts"

exit 1

fi

# Load local functions

[ -f /etc/init.d/functions ] && source /etc/init.d/functions

# Delete index 7 days ago

curl -XDELETE "http://$Ip:$Port/*${Time2}" >/dev/null 2>&1

RETVAL=$?

if [ "$RETVAL" -eq 0 ];then

action "delete elk 7 day ago index" /bin/true

else

action "delete elk 7 day ago index" /bin/false

fi

# Scripts return values

exit $RETVAL

#脚本执行结果

[root@ node-1 scripts]# sh delete_elk_indexs.sh

delete elk 7 day ago index [ OK ]

1.4 定时任务

[root@ node-1 scripts]# crontab -l|tail -2

# Crond delete elk 7 day ago index. USER:chenliang TIME:2019-01-03

00 12 * * * /bin/sh /server/scripts/delete_elk_indexs.sh >/dev/null 2>&1

定时自动清理elasticsearch的索引

1.1 查看索引的方法

1.2 手动删除索引的方法

1.3 脚本清理索引

1.4 定时任务

猜你喜欢