elasticsearch 清除数据几种方式

方式

1. api
   （1）根据@timestamp ，速度比较慢
   (2) 索引带的时间，速度相比较快
   2.官方的工具
   Curator Reference github-curator

根据索引的时间方式删数据

searchIndex="log"
elastic_url="http://127.0.0.1"
elastic_port=9200

date2stamp () {
    date --utc --date "$1" +%s
}

dateDiff (){
    dte1=$(date2stamp $1)
    dte2=$(date2stamp $2)
    diffSec=$(($dte2-$dte1))
    day_7=$(($diffSec/604800))
    if ((day_7 < 0)); then echo $day_7; else echo $day_7; fi
}

for index in $(curl -s "${elastic_url}:${elastic_port}/_cat/indices?v" |grep -E "*-20[0-9][0-9]\.[0-1][0-9]\.[0-3][0-9]" | awk '{print $3 }'); do
  date_es=$(echo ${index: -10} | sed 's/\./-/g')
  date_current=$(date +%Y-%m-%d)
  diff=$(dateDiff $date_es $date_current)
  if [ $diff -gt 1 ]; then
    echo $diff
    echo "/DELETE/${index}"
    curl -XDELETE "${elastic_url}:${elastic_port}/${index}?pretty"
  else
    echo ""
  fi
done

不错的参考

https://juejin.im/post/6844903472878321671