0

I am looking for a way to remove old Logstash indexes using a script, my logstash indexs are named logstash-2016.02.29, logstash-2016.03.01 ... at the moment I use an extention in chrome called Sense to remove the indexes. see screen shot, or I can also use curl to remove the indexes, curl -XDELETE 'http://myIpAddress:9200/logstash-2016.02.29'

enter image description here

I would like to write a script that would run daily and remove logstash index older than 2 weeks from Elasticsearch. Is this possible and if so how can I do it using the date from the name of the index?

G

Gman
  • 2,433
  • 3
  • 26
  • 36
  • 1
    This answer might help: http://stackoverflow.com/questions/33430055/removing-old-indices-in-elasticsearch/33430132#33430132 (Curator tool) – Val Mar 21 '16 at 11:42
  • hey val, thanks that just looks like it might do the job. I will test it later and post my script plus the link to your suggestion. – Gman Mar 21 '16 at 12:03

1 Answers1

0

Just use the find command:

find . logstash* -mtime +14 -type f -delete

This searches in the current directory and below, for all files whose name starts with "logstash", that are older than 14 days, and then deletes them.

If the file times are totally unreliable, and you have to use the filenames, try something like this:

#!/bin/bash
testdate=$(date -d '14 days ago' '+%Y%m%d')
for f in ./logstash-[0-9][0-9][0-9][0-9].[0-9][0-9].[0-9][0-9]; do
    dt=$(basename "${f//.}")
    dt=${dt#logstash-}
    [ $dt -le $testdate ] && rm -f "$f"
done
miken32
  • 42,008
  • 16
  • 111
  • 154