Elasticsearch 日志集群定时删除旧数据
in Note with 0 comment
Elasticsearch 定时任务 日志集群
Elasticsearch 日志集群定时删除旧数据
in Note with 0 comment

Elasticsearch 定时任务 日志集群

日志集群数据是不可能一直存下去的,两个主要原因:数据盘容量不够;数据分片数有限制。所以日志集群数据要做定期删除旧数据。

三个步骤即可完成日志集群定时删除旧数据:

判断是否有 curator

which curator

没有就安装

安装 curator

下载地址:https://www.elastic.co/guide/en/elasticsearch/client/curator/current/yum-repository.html

这里推荐使用 Direct Package Download Link

选择所需的版本,这里选择 CentOS 7 的

wget https://packages.elastic.co/curator/5/centos/7/Packages/elasticsearch-curator-5.5.4-1.x86_64.rpm

下载完成后安装

yum install elasticsearch-curator-5.5.4-1.x86_64.rpm

配置 curator

配置文件放在 /etc/curator 下,没有的话,就创建

mkdir /etc/curator
cd /etc/curator

在该目录下创建两个文件,一个是Configuration File,另外一个是Action File

这里配置是Configuration File 命名为 curator.yml ; Action File 更多是业务相关的,这里命名为 delete-older-es-log.yml

curator.yml 内容如下:

---
# Remember, leave a key empty if there is no value.  None will be a string,
# not a Python "NoneType"
client:
  hosts:
    - 192.168.32.221
    - 192.168.32.222
    - 192.168.32.223
  port: 24702
  url_prefix:
  use_ssl: False
  certificate:
  client_cert:
  client_key:
  ssl_no_validate: False
  http_auth:
  timeout: 60
  master_only: False

logging:
  loglevel: INFO
  logfile:
  logformat: default
  blacklist: ['elasticsearch', 'urllib3']

delete-older-es-log.yml 内容如下:

---
# Remember, leave a key empty if there is no value.  None will be a string,
# not a Python "NoneType"
#
# Also remember that all examples have 'disable_action' set to True.  If you
# want to use this action as a template, be sure to set this to False after
# copying it.
actions:
  1:
    action: delete_indices
    description: "Delete old es log indices older than 30 days (based on index name)"
    options:
        ignore_empty_list: True
        timeout_override: 300
        continue_if_exception: False
    filters:
        -   filtertype: age
            source: name
            direction: older
            timestring: '%Y.%m.%d'
            unit: days
            unit_count: 30
            exclude:
        -   filtertype: pattern
            kind: prefix
            value: '^(es-log-|apm-).*$'
            exclude:

这样就会自动找到 es-log-apm- 的 index,超过30天的将会自动删除。

定时启动 curator

cd /etc/cron.daily
touch curator
vim curator

加入下面内容到curator,即可

#!/bin/sh
/usr/bin/curator --config /etc/curator/curator.yml /etc/curator/delete-older-es-log.yml

修改文件用户和权限,root用户和可执行

sudo chown root /etc/cron.daily/*
sudo chmod +x /etc/cron.daily/*

检查是否在定时执行列表里

run-parts --test /etc/cron.daily

发现curator确实在里面

/etc/cron.daily/curator
/etc/cron.daily/logrotate
/etc/cron.daily/man-db.cron

测试结果:

1529660302833-0c7e4609-79c0-47dc-86dd-690b4a4ca29d-image-resized.png

教程结束!👊

本文由 Chakhsu Lau 创作,采用 知识共享署名4.0 国际许可协议进行许可。
本站文章除注明转载/出处外,均为本站原创或翻译,转载前请务必署名。

Responses