方式
- api
(1)根据@timestamp ,速度比较慢
(2) 索引带的时间,速度相比较快
2.官方的工具
Curator Reference github-curator
根据索引的时间方式删数据
searchIndex="log"
elastic_url="http://127.0.0.1"
elastic_port=9200
date2stamp () {
date --utc --date "$1" +%s
}
dateDiff (){
dte1=$(date2stamp $1)
dte2=$(date2stamp $2)
diffSec=$(($dte2-$dte1))
day_7=$(($diffSec/604800))
if ((day_7 < 0)); then echo $day_7; else echo $day_7; fi
}
for index in $(curl -s "${elastic_url}:${elastic_port}/_cat/indices?v" |grep -E "*-20[0-9][0-9]\.[0-1][0-9]\.[0-3][0-9]" | awk '{print $3 }'); do
date_es=$(echo ${index: -10} | sed 's/\./-/g')
date_current=$(date +%Y-%m-%d)
diff=$(dateDiff $date_es $date_current)
if [ $diff -gt 1 ]; then
echo $diff
echo "/DELETE/${index}"
curl -XDELETE "${elastic_url}:${elastic_port}/${index}?pretty"
else
echo ""
fi
done
不错的参考
https://juejin.im/post/6844903472878321671
网友评论