利用Curator清理Elasticsearch历史索引

curator 简介
Curator是一个用来管理Elasticsearch索引的工具，使用它可以管理需要删除或保留的索引数据。 当Elasticsearch作为ELK、EFK等日志收集方案的日志存储时，删除过期数据以释放存储空间显的格外重要，使用Curator可以删除旧的索引并优化系统。
curator官网地址：http://t.cn/RuwN0oM
Git地址：https://github.com/elastic/curator

安装1
pip3 install elasticsearch-curator

安装2
rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch

RHEL/CentOS 7: 
/etc/yum.repos.d/curator.repo 
[curator-5]
name=CentOS/RHEL 7 repository for Elasticsearch Curator 5.x packages
baseurl=https://packages.elastic.co/curator/5/centos/7
gpgcheck=1
gpgkey=https://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1

yum install elasticsearch-curator

[root@BETAWS27 ~]# crontab -l
# delete log_indice
41 3 * * * /usr/bin/curator --config /root/.curator/curator.yml /beta/curator/action.yml &> /beta/curator/logs/curator$(date +\%y\%m\%d-\%H\%M\%S).log


[root@BETAWS27 ~]# cat /root/.curator/curator.yml
---
# Remember, leave a key empty if there is no value.  None will be a string,
# not a Python "NoneType"
client:
  hosts:
    - es-cn-xxxxxxxxxx.elasticsearch.aliyuncs.com
  port: 9200
  url_prefix:
  use_ssl: False
  certificate:
  client_cert:
  client_key:
  ssl_no_validate: False
  username: xxxxxx
  password: xxxxxx
  timeout: 30
  master_only: False

logging:
  loglevel: INFO
  logfile:
  logformat: default
  blacklist: ['elasticsearch', 'urllib3']


[root@BETAWS27 ~]# cat /beta/curator/action.yml
---
actions:
  1:
    description: "Delete dataservice Log_Indices Older Than 2 Days"
    action: delete_indices
    options:
      ignore_empty_list: True
      timeout_override: 300
      continue_if_exception: False
      disable_action: false
    filters:
    - filtertype: pattern
      kind: regex
      value: '^beta-dataservice-20[0-9]{2}\.[0-9]{2}\.[0-9]{2}$'
    - filtertype: age
      source: name
      direction: older
      timestring: '%Y.%m.%d'
      unit: days
      unit_count: 2
  2:
    description: "Delete Log_Indices Older Than 2 Weeks"
    action: delete_indices
    options:
      ignore_empty_list: True
      timeout_override: 300
      continue_if_exception: False
      disable_action: false
    filters:
    - filtertype: pattern
      kind: regex
      value: '^beta-[a-z-]*-20[0-9]{2}\.[0-9]{2}$'
    - filtertype: age
      source: name
      direction: older
      timestring: '%Y.%W'
      unit: weeks
      unit_count: 2