安装curator
------------------
rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch

vi /etc/yum.repos.d/curator.repo
[curator-5]
name=CentOS/RHEL 6 repository for Elasticsearch Curator 5.x packages
baseurl=https://packages.elastic.co/curator/5/centos/6
gpgcheck=1
gpgkey=https://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1

yum install elasticsearch-curator

 

action配置文件:只保存7天日志,删除7天前旧的日志。
----------------------------------------------------
cat delete_indices.yml
# Remember, leave a key empty if there is no value. None will be a string,
# not a Python "NoneType"
#
# Also remember that all examples have 'disable_action' set to True. If you
# want to use this action as a template, be sure to set this to False after
# copying it.
actions:
1:
action: delete_indices
description: >-
Delete indices older than 7 days (based on index name), for logstash-
prefixed indices. Ignore the error if the filter does not result in an
actionable list of indices (ignore_empty_list) and exit cleanly.
options:
ignore_empty_list: True
disable_action: False
filters:
- filtertype: pattern
kind: prefix
value: logstash-
exclude: False
- filtertype: age
source: name
direction: older
timestring: '%Y.%m.%d'
unit: days
unit_count: 7

 

执行命令:curator  --config config.yml delete_indices.yml 

 

curator_cli命令行
-------------------------
查看所有索引:curator_cli --config config.yml show_indices --verbose