使用sh脚本删除
searchIndex=filebeat
elastic_url=192.168.98.136
elastic_port=9200
saveday=7date2stamp () {date --utc --date "$1" +%s
}dateDiff (){case $1 in-s) sec=1; shift;;-m) sec=60; shift;;-h) sec=3600; shift;;-d) sec=86400; shift;;*) sec=86400;;esacdte1=$(date2stamp $1)dte2=$(date2stamp $2)diffSec=$((dte2-dte1))if [ ${diffSec} -lt 0 ]; then abs=-1; else abs=1; fiecho $((diffSec/sec*abs))
}for index in $(curl -s "${elastic_url}:${elastic_port}/_cat/indices?v" | grep "${searchIndex}" | grep "_log-20[0-9][0-9]\.[0-1][0-9]\.[0-3][0-9]" | awk '{print$3}'); dodate=$(echo ${index##*-} | sed 's/\./-/g')cond=$(date +%Y-%m-%d)diff=$(dateDiff -d $date $cond)echo -n "${index}****diff**** (${diff})"if [ $diff -gt ${saveday} ]; thenecho "!!!DELETE ${index}"curl -XDELETE "${elastic_url}:${elastic_port}/${index}?pretty"elseecho ""fi
done
添加定时
crontab -e# 添加以下内容
00 03 * * * /usr/local/elk/elasticsearch-8.17.0/delete_es_by_day.sh > /dev/null 2>&1#验证是否已添加
crontab -l|tail -2
参考: elasticsearch按照日期定时删除索引
参考: removing-old-indices-in-elasticsearch